DUBAI, United Arab Emirates, 19th May, 2013: The prevailing movement that is becoming popular in the Middle East, labelled ‘Consumerization of IT' or Bring Your Own Device (BYOD), will continue to shift the way employees interact with enterprise applications and information, which raises considerable security challenges to any organization. These devices may include an array of tablets, including Apple® and Android™ smartphones, “Wintel” laptops, and devices we have yet to see. For some organizations, such as universities, the array of user devices may be unlimited, and therefore their grasp on securing data may be tenuous for quite some time. Other organizations will be in a better position to leverage policy to control the acceptable devices allowed and to ensure they have the ability to investigate these devices as needed.
Paul Wright, manager of professional services and investigation team, Middle East, India and Africa at AccessData says that employee productivity and flexibility, reduced operational costs, ease of employee provisioning, and organizational agility ensure that BYOD is here to stay. However, to make BYOD viable, organizations rely on two key ingredients: authentication and policy. Authentication ensures that the right individuals and devices are allowed access to the appropriate resources. Policy ideally defines what is allowed from a usage perspective, establishes the organization's right to investigate employee-owned work devices, and outlines any security applications that are required to be installed on the employee devices.
Much of the industry conversation revolves around an organization's ability to monitor and examine employee-owned devices. Due to legal questions and privacy requirements, many organizations still do not have BYOD policies, as described above. However, whether an organization has successfully implemented a concrete policy or not, the fact is the most critical elements in securing your enterprise against BYOD threats is enterprise visibility and remote remediation capabilities. If you can't see what's happening on the computers, servers and shares across your enterprise, as well as within network communications, you can't effectively defend yourself against any threat, let alone those originating from employee-owned devices.
BYOD programs increase risk and compound the challenges organizations struggle with every day. Unfortunately, many of the threats that increase with the introduction of a BYOD program are often not preventable.
Theft or Loss of Sensitive Data
How do you prevent personally identifiable information from being copied onto uncontrolled devices? What stops a user from utilizing their phone camera to snap an image of sensitive content?
Breaches of Acceptable Use Policy
Can users of BYOD devices access internet sites that violate acceptable use policies designed to limit risk? For example, BYOD users may be more likely than corporate users to fall victim to a phishing attack, resulting from a visit to a malicious website.
Introducing employee-owned devices to the enterprise exponentially increases the opportunities for malware exploits. Many of these exploits are new and undefined, which means they are not caught by traditional, signature-based tools. So how do we increase our ability to detect?
Malware, in particular, is a growing concern, as the exploits targeting BYOD are increasing in frequency. It was discovered that “Find and Call” was actually a dangerous address book harvester, freely available on the protected Apple App Store. Then there's the Android “Marketplace,” based on the Google open source operating system, which more or less invites malware development. Furthermore, BYOD includes windows-based computers not owned and controlled by the enterprise but used by the employee primarily for work. Can we rely on users to update their anti-virus, anti-malware and patch levels? Hardly.
While the ability to forensically examine, monitor and remotely secure BYOD devices is critical, the most effective approach to addressing the increased risk presented by the BYOD trend is to keep eyes on the enterprise. Proactive host and network monitoring, and integrated analysis of that data allows organizations to detect and remediate data leakage and malware, even when its missed by IDS, DLP and other traditional preventative tools.
Inside the enterprise, proactive steps that look for policy violations, vulnerabilities and irregularities should include:
•Regularly scheduled audits of servers and computers across the enterprise to identify confidential or classified data.
•Enterprise scans to identify malicious code that antivirus and IDS may have missed.
•Network traffic capture and forensic analysis.
Depending on the BYOD model, organizations may implement a mobility management solution that focuses on applications, information, policy, devices, and so on. However, despite the approach to handling BYOD devices, there remains a real need to ensure that employees are complying with BYOD policies, that there is protection against data leakage, that inappropriate or inadvertent network access is not happening, and that corporate assets remain free of malware. This is not possible without complete and proactive enterprise visibility.