BYOD users must keep security in mind

April 15, 2015

A growing number of enterprises are taking advantage of the “bring your own device” strategy, or BYOD. By encouraging employees to use personal devices for work-related purposes, enterprises are cutting costs and increasing workplace flexibility. However, the tactic carries with it several different security responsibilities. And according to recent studies, there is still plenty of room for improvement in the business world.

BYOD survey highlights ambivalence toward security
Aruba Networks, an enterprise equipment supplier, recently conducted a survey of nearly 12,000 professionals from 23 countries and found a widespread lack of awareness for BYOD security best practices, according to ZDNet.

Approximately 87 percent of respondents said they assume that their IT departments will protect them from cyber threats. About 31 percent of respondents said that they had lost data because of mobile device misuse.

The survey also found that about 60 percent of respondents regularly share work and personal devices with others. Approximately 20 percent said they don’t have password protection on their smartphones or tablets and 22 percent said they don’t have security measures in place so they can share more easily.

While these sentiments can put a company at serious risk of a BYOD-based data breach, business leaders should not come down too hard on their employees.

“In a contemporary connected world, firms need to nurture creativity, while at the same time minimize the risk of data and information loss,” Ben Gibson, the chief marketing officer of Aruba Networks, told the news outlet. “As a result, employers need to take an adaptive trust approach to connectivity and data security, identifying individual worker preferences that factor multiple layers of contextual information in order to build secure infrastructures around them.”

Citrix executive discusses importance of BYOD oversight
CIO reported that when many businesses transition to a BYOD model, a number of users bypass the security framework of their IT department. Kurt Roemer, the chief security strategist for Citrix, said that it is imperative to secure all devices in a company network, including personal ones.

He advises all BYOD users to require client-side certificates for administrators and certain applications. He also recommends encrypting all network traffic and applications and using a strong logging and audit policy.

“Mobile back-ends must have security as part of the profile, specifying the application security, the network security and security for critical services like [domain name system] to be automatically configured,” Roemer told the news outlet.