BYOS – Adding a new dimension to Enterprise IT Security

BYOS – Adding a new dimension to Enterprise IT Security

As folks in the Enterprise IT security fraternity,  we know that Bring Your Own Device allows employees the freedom to purchase their own devices like tablets or smart phones which they can use to interact and collaborate with others, approve or seek approvals in the Enterprise software work flow, and access organizations’ resources.  New principles in Data Leakage Prevention and policies around Enterprise Security Compliance had to be implemented.  Even now, many organizations are coming around to the BYOD concept, while few large organizations have been able to make the transformation.Now, further to the fact that the enterprise barriers have been broken down, some effective collaborative software and some smarter devices are on their way. This has given birth to a new concept called ‘Bring your own software’ ( BYOS).  With better high speed networks and cloud platforms providing universal access – the benefits are galore – elasticity, cost effectiveness and collaborative success are some of them.  However this provides a different type of challenge to the Enterprise Security teams.

 

BYOS Components

What are these BYOS components?  File sharing – like Google Drive or DropBox;  Cloud collaborative software like Apple iDOCS or Google Docs or Microsoft 365 to start with.  Most of them offer primitive defence against the traditional hack.  Mostly used by small enterprises, the cloud service provider provides the needed lines of defense against possible threats.Large Enterprises which follow PCI-DSS or HIPAA or ISO27001 type of security compliance may have challenges in fitting this new concept into their traditional rules of security governance.Vendors like DropBox or Google or Microsoft have tried to fix vulnerabilities on a regular basis. However, beyond these software, appear specific enterprise mobile applications, which have created a E2B (Employee to business) environment, and here, the traditional mobile security does come into play.  A report by TechNavio Research indicates that Enterprise mobile security software shall grow at 18.84% in the years 2013-18, and BYOS and BYOD will drive this demand.With more mobile applications coming into the ambit of Enterprise Mobile Security, the investment by Enterprises driven by compliance is inevitable.   Now, since most of the software that are hosted on the cloud, the worry is how to protect the data on the cloud.   Gartner says that up to 80% of IT security professionals will not be happy with the contract safe guards offered by Cloud Service Providers – who are the key service providers for BYOS users.


Responsibility lies with the user

In this context, the main responsibility of the securing both data integrity and data access rests on the organization and ultimately the user.  It is the usual difficult choice – ease of collaboration vs Enterprise security.   But the time has come for at least some of the organization to try BYOS out.What are the three things that can be done to enable BYOS in an Enterprise?

  • Choose your ‘allowed software list’ clearly in line with your organization policies – even when you give options – please mention version number.
  • Ensure that these software is updated for all vulnerabilities through proper patch updates.
  • Ensure random, and periodic audits done on the software users on – integrity, confidentiality and security of enterprise data and software compliance.

For further details of impact of Enterprise mobile security on BYOS – email [email protected]om

 

References:

http://www.computerweekly.com/news/2240202904/Cloud-contracts-poor-on-security-says-Gartner

http://www.pr.com/press-release/583545

Next blog:: BYOD: Corporate Liability and Cope