There are two ways to introduce mobility into your workforce: planned or unplanned. But regardless of the approach your organisation is taking, there is one certainty –mobility is happening in your company and it is here to stay.
That’s according to Dean Curlew, sales manager at information security specialist Trustwave.
“Whether IT and business managers love mobility or hate it is besides the point. Users know, understand and appreciate their personal mobile devices and are using them to enhance convenience and productivity in the workplace, with or without your consent,” he says.
Describing the advent of mobility as an inexorable force, Curlew says smart managers know that, like almost anything, planned and managed approaches mitigate risks, including to organisational security, while maximising potential benefits.
“Business transformation through mobility is an inevitability – but BYOD is still an elephant in the room,” he notes.
Continuing, Curlew points to a 451 Research study which shows that while 75% of organisations allow employee-owned devices on the network, but just 9% are fully aware of how, when and whose devices are accessing their networks throughout the workday.
The upshot? “When organisations can't answer these basic questions, it becomes nearly impossible to enforce policies and control how user-owned devices interact with sensitive data.”
Mind the gap
If your company falls into the 75%, you have a very definite security problem; indeed, all but that minority 9% probably have similarly severe challenges to face up to.
Curlew says there is a ‘knowledge gap’ into which a large number of mobile device management (MDM) products have exploded. “Many an IT manager has looked high and low for a 'magic bullet' point product that could ease their mobile headaches. But that silver bullet just isn’t there.”
The bad news, he contends, is that BYOD and mobile in general are trends from which no single product and no amount of fairy dust is going to protect the network.
“MDM may be useful for the device, but when it comes to protecting the network in the new era of BYOD, it's going to take good old fashioned defense-in-depth and the work necessary to tie together a fabric of protections that can identify and control mobile device activity on the network.”
Done right, Curlew says this integrated set of technologies can help foster what Trustwave calls the 'self-sealing network'.
“That’s essentially an environment that can intelligently keep malware and malicious code from spreading to the network, while keeping sensitive data from leaking out of the network.”
Integration of security technologies
The elements that go into creating a self-sealing network include technologies like network access control, secure Web gateways, data loss prevention and SIEM (Security Information and Event Management); these are all familiar and recognised useful components for any effective security strategy.
But it's the integration of these vital technologies and application of them to mobile devices that Curlew says is the most valuable step towards supporting secure BYOD.
“The seamless integration for these key technologies is in fact the silver bullet to better, more secure and complete management of mobile devices in the enterprise.
When this is achieved, IT and business managers get a simple, single pane of glass that offers central audit and enforcement for all mobile users and activities,” he states.
Achieving that isn’t easy, but it is something that Trustwave has invested considerably in doing. With its support, those companies that take a rigorous, complete and planned approach to the security of their BYOD environments position themselves to reap the rewards while avoiding the risks.