The Value Proposition of Bring Your Own Device (BYOD) Security

Introduction

A major component of cloud computing strategy is the support of service-connected devices in a variety of scenarios, including entertainment (e.g. the Apple App Store and Netflix) and productivity (e.g. Microsoft Office 365). The intersection between elastic cloud computing services and widely available, sophisticated smartphones and tablets is the origin of the bring-your-own-device (BYOD) trend.

While there is an ostensible cost savings to be had in capital expenditure, and businesses can realize productivity in making it as convenient as possible for employees to always be connected, BYOD is mostly just a response to an external reality: as smartphones become more capable, consumers use them for almost all computing tasks aside from heavy content creation. BYOD allows employees to increase their decision making velocity by offering an anytime/anywhere scenario, and enables them to keep up with the latest technology like SMS, Facebook, and Twitter.

Is there any doubt that cloud computing is having a real impact on the bottom-line of major companies in the technology industry? Check out what’s happening with some of the big names in IT:

  • Amazon—absolutely killing it in cloud services; employs more than 80,000 people now
  • Dell and HP—getting killed; commodity hardware is a service opportunity now. Most businesses would rather acquire computing capacity as an operational expense rather than a capital expense. Cloud computing lets them do that.
  • Google—on track to be the biggest market capitalization ever. Google is all about service-connected devices: look at Android, web search, and the app store.
  • Microsoft—yet another record quarter, partly based on their server OS and on their system management software

BYOD Productivity Scenarios

The same technologies that enabled the success of Angry Birds and the Netflix video streaming service are being used to enable around-the-clock mobile productivity for the workforce. Some of these areas include:

  • Collaboration and federation—just as Netflix uses the Amazon cloud to efficiently scale-up and scale-down with demand, Microsoft Office 365 allows companies to grow without having to buy their own Exchange email services. Other examples of these subscription-based, configurable computing services include Salesforce.com and QuickBooks Online.
  • Mobile data access—with smartphones and tablets widely available, now you have always-connected mobile devices with high-resolution screens.
  • Developer tools—scalable web services, such as SharePoint and Salesforce.com, natively support a variety of client browser configurations. In other words, regardless of what kind of smartphone or tablet you’re using, the top-tier web applications have figured out how to make their offerings both extensible to 3rd party developers and seamless to end users. This level of multi-device browser support is unprecedented.
  • Cloud data—user conditioning, including the expectation of low-friction data access and rapid decision making.

Governments are also recognizing the need to support BYOD securely. The US Executive Branch, including both the White House and the National Security Agency (for example, see the NSA Brief “Mobile Device Management: Capability Gaps for High-Security Use Cases” – PDF file), has made significant investments in responding to this trend.

Risks and Mitigations

There’s a balance to be struck, and it’s unlikely to be the same for any two businesses. On one hand, you have to support the latest communication, collaboration, and information exchange modalities if you want to attract and keep the best people and stay ahead of your competitors. On the other hand, there is a fiduciary obligation to deploy security control systems that protect critical assets.

Some of the risks associated with BYOD include advanced persistent threats, insider threats, and data loss. But by applying authorization and encryption, these risks can be mitigated.

  • Advanced persistent threats—including unsafe email attachments, worm-like viruses that propagate over the network, and related threats to your web browsers. Ensuring that the latest technologies are being used, such as anti-malware software, can help mitigate these attacks.
  • Insider threats—including security breaches and data theft. To help prevent this, every mobile devices should require a unique password and PIN to unlock it.
  • Data loss—mobile devices can be lost or stolen, there’s no way around that. But if data is encrypted at rest and in transit, then the threat of data ending up in the wrong hands is reduced. For more information about protecting your devices from data loss, see the blog post How to Protect Your Data with Attribute-Based Authorization.

For companies with valuable intellectual property to protect, and in particular those that do business overseas, the value proposition for BYOD security is significant and can mean the difference between survival and extinction. State-sponsored hackers in many parts of the world are targeting enterprise content including government documents, clothing designs, and blueprints, and stealing those data in an attempt to short-circuit competitive costs and get ahead. In recent months, the U.S. government has had to defend itself against the resumption of hacking efforts by a cyber-unit of China’s People’s Liberation Army, which has targeted companies like Coca Cola and Lockheed Martin.

At JW Secure, we believe that authorization should be based on the current state of the device, as well as on the identity of the user. To keep your data safe and secure, we developed a product called StongNet, which allows only sensitive content to be accessed by known, trustworthy users and devices. We don’t just ensure that the user is authenticated, but we also ensure that the device is secure and the data on the device is encrypted. For more about the StrongNet mobile device security solution, click here.

Covering the Security Basics

My latest book, The Four Pillars of Endpoint Security: Safeguarding Your Network in the Age of Cloud Computing and the Bring-Your-Own-Device Trend, explains in detail how to secure your mobile devices for corporate data access.
The four pillars include:

  • Endpoint hardening—protect the endpoint (e.g. smartphone or tablet) from attack by ensuring that network assets are using the latest technologies to defend against threats.
  • Endpoint resiliency—make the endpoint self-healing by ensuring that health information on devices and applications is continuously gathered and monitored. That way failed devices or applications can be automatically repaired, thus allowing operations to continue.
  • Network prioritization—guard network bandwidth by ensuring that your infrastructure can always meet application bandwidth needs. This consideration applies not only at well-known peak demand times, but also when there are unexpected surges on network loads and distributed external and internal attacks.
  • Network resiliency—make the network self-healing and allow for seamless automatic recovery. Techniques in this area ideally afford reconfiguring the network in real-time as performance degrades.

By combining the four pillars of endpoint security with the four basic security tenets—identity, authentication, access control, and authorization—you can safely and securely adopt the BYOD trend to ensure happy employees and satisfied customers!

Leave a Reply