Mobile
News
2/21/2012
12:59 PM
50%
50%

3 Bring Your Own Device Risks For SMBs

Small and midsize businesses can reap real rewards from letting employees bring their own devices to work, but must also manage the dangers.

10 iPad Annoyances, Solved
10 iPad Annoyances, Solved
(click image for larger view and for slideshow)
The bring-your-own-device (BYOD) approach can work wonders for bootstrapped businesses looking to make the most of mobility. But failing to properly recognize the corresponding risks can quickly wipe out potential gains.

The latest data highlighting the multitude of mobile devices IT pros at small and midsize business (SMB) must manage in a BYOD environment comes from startup Mobilisafe. The company's beta program mapped some 45 million mobile connections to SMB networks during a three-month period. Not surprisingly, some 80% of SMB staffers are using a smartphone or tablet. Perhaps more telling for IT: A new device model connects to the corporate network, on average, for every 6.6 employees.

"Embracing BYOD is one of the key initiatives that can really drive employee productivity and happiness, and the trend is past the point of fighting it," said Mobilisafe CEO Giri Sreenivas. "Focusing on discovering and defining remediation to its corresponding risks to corporate data and resources will help SMBs achieve the right balance for their organization between employee choice and corporate data protection."

In a combination of phone and email interviews, Sreenivas talked through three key risks SMBs need to recognize if they embrace BYOD: Device diversity, outdated firmware, and leaky network authentication and data. Device diversity is just that: The constantly morphing menu of operating systems and even larger array of hardware means IT can't focus on securing a single platform. Meanwhile, Mobilisafe's data showed that employees aren't good about keeping current on their own: 56% of Apple iOS users were running out-of-date firmware. Finally, and perhaps most frightening from a security standpoint, well over a third of the devices with network access and/or corporate data went inactive for more than a month. That means personal devices that are later lost or upgraded, for example, retain potentially sensitive data long after they should.

While Sreenivas ultimately advocates BYOD shops invest in one of the growing number of mobile security platforms like Mobilisafe's--doing so in his job description, after all--he notes that any SMB can begin to reduce risks simply through education and prioritization.

InformationWeek: What's the best way to deal with device diversity in a BYOD office?

Sreenivas: The first step is to acknowledge that it's happening and understand the scope of it. From there, it's important to distill what you care about most when it comes to protecting your data and resources with personal devices. You can't focus too much on what extra things you can do on a few select devices, but instead what you can do across the board so your message and remediation steps are consistent with all your employees and their devices.

IW: You mentioned that the telecom carriers and device manufacturers aren't particularly great at messaging firmware and security updates. What can SMBs do about that?

Communicating to employees the importance of keeping their devices up to date by explaining risks to personal and corporate data is a good first step. Employees have to feel invested for BYOD to work in SMBs. This can improve employee vigilance about paying attention to any communication they may receive about updates. SMBs [need] visibility into firmware versions and available updates, and [to message] their employees on how to update their devices [accordingly].

IW:You found 39% of authenticated devices were inactive for at least 30 days. What do SMBs need to understand about this, and how can they prevent leaking data?

Such a high percentage of stale devices means that SMBs are unaware of devices that could leak corporate data and user credentials. These devices could have been re-sold, lost, or stolen. SMBs should stay on top of this by deploying a solution that provides visibility into devices that no longer sync with company resources to ensure they are appropriately wiped of company data and credentials. They should also ensure and that these devices' associations with enterprise resources like Exchange are removed on the back end.

Heightened concern that users could inadvertently expose or leak--or purposely steal--an organization's sensitive data has spurred debate over the proper technology and training to protect the crown jewels. An Insider Threat Reality Check, a special retrospective of recent news coverage, takes a look at how organizations are handling the threat--and what users are really up to. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tonys3kur3
50%
50%
tonys3kur3,
User Rank: Apprentice
3/9/2012 | 4:11:32 AM
re: 3 Bring Your Own Device Risks For SMBs
While some organization like financial institutions may be able to get away with simply banning consumer devices, BYOD is a fact of life for many IT admins. That doesn't have to be a bad thing, though. As this article I read recently (http://www.pcworld.com/article... points out, guarding consumer devices in a BYOD environment is just like any other security--understand the risks, and put appropriate controls in place to mitigate them.
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.