Micro Focus is now part of OpenText. Learn more >

You are here

You are here

Why your BYOD security policy needs to go beyond the device

public://pictures/Ronda Swaney.gif
Ronda Swaney IT Writer, Freelance
 

The concept of bring your own device (BYOD) focuses on devices, but should devices be at the heart of your BYOD security policy? Not if you want to keep your enterprise secure. Today, user access and app use eclipse devices.

Why the sudden shift from device security to app security? One major factor is that users are unpredictable. Devices can be lost or stolen. Employees quit or lose their jobs. If your security policies focus only on devices, any of these events can create security holes. Consider these highlights from the 2016 Hewlett Packard Enterprise Cyber Risk Report:

  • 86 percent of web apps have issues involving authentication, access control, and confidentiality.
  • 80 percent of mobile apps unintentionally reveal potential weaknesses to malicious hackers.
  • 71 percent of mobile and web apps store data insecurely.

Another catalyst for this shift in security focus is the explosion of app creation and use inside the enterprise. Gartner says that demand for enterprise mobile apps will outstrip available development capacity five to one. “Employees in today’s digital workplace use an average of three different devices in their daily routine, which will increase to five or six devices as technologies such as wearable devices and the Internet of Things (IoT) eventually become mainstream," Gartner says. "Many of these employees are given the autonomy to choose the devices, apps and even the processes with which to complete a task. This is placing an increasing amount of pressure on IT to develop a larger variety of mobile apps in shorter time frames." 

A recent Bluebox Security study revealed that truly secure mobile apps are "few and far between." To protect corporate revenue and brand, enterprises must create mobile apps that can defend themselves, the report says. Devices matter, but app-focused security may be the more reliable focal point. Here are three best practices:

1. Manage access via encrypted apps

In an enterprise, employees aren't the only people who access your networks. Vendors, partners, and guests may all need access at some point. For this reason, it's crucial to set up strong permissions policies and limit what systems and information can be accessed from a mobile device. Require users to access corporate servers through company-created apps that use encrypted connections. Use systems that can tell you the "who, what, and when" of connections to your network. Trigger alerts for large downloads and file transfers. However, alerts won't help if your IT team doesn't have the time to view them or lacks the skills to interpret the data.

2. Test and audit security policies regularly

Apps upgrade. Devices evolve. Technologies change. This constant flux means set-it-and-forget-it security policies expose your enterprise to risk. Just as you test apps and upgrades before releasing them to production, you must do the same with your security policies. Regularly look for holes and back doors that can be exploited. If you're not looking for these security gaps, hackers will. Mobile app testing solutions provide a holistic view of your apps — from functionality to security.

3. Upgrade your network infrastructure

Security policies and access limits won't matter much if your infrastructure can't manage the demands of workforce mobility. Do you know the number of devices that will be accessing your network? Do you have the coverage and capacity to manage access for that number of devices? Can you network scale to meet the infrastructure demands of round-the-clock use that your mobile employees expect?

Adoption of best practices can help you manage your BYOD policies with confidence, safe in the knowledge that your enterprise is secure. Learn how to provide resources that can minimize security risk to your business in an expanding BYOD environment by reading the recent Cyber Security Research Report.

Keep learning

Read more articles about: SecurityInformation Security