Look for a Middle Ground in BYOD Security: Blue Coat GM and VP

The sudden rise of mobile devices to support bandwidth-hungry applications is raiding corporate networks. As CIOs struggle to manage the storm of personal devices users carry within enterprise networks, they must take a harder look at safeguarding their IT. Shweta Rao spoke to Albert Kuo, GM and VP -- field operations for Asia Pacific at Blue Coat Systems, to find out more about the security challenges that BYOD has brought with its arrival.

Is BYOD really security's problem child today?

Different Web applications have different network usage patterns. Most of us monitor applications that enter our enterprise network to understanding bandwidth usage. But most of these are critical apps, compared to others like Facebook and YouTube. A lot of IT heads just add more bandwidth to manage the crunch. But, at Blue Coat, we have coined a term called 'selfish application' that explains today's situation better. A selfish application typically downloads a lot of data in frequent intervals and does it at a very high speed--putting the priorities of the rest of the network's needs at bay. Now, the issue today is that most applications are selfish, and the amount of data downloaded by a lot of people running the same apps on their personal devices is high. This is accentuated with the use of SaaS applications. So, yes, BYOD is a very big problem child and it might be a good time for CIOs to begin managing their WAN bandwidths.

How is Asia Pacific doing in terms of addressing BYOD's demands?

Indian employees too, like the rest of the world, look to the Web to fulfill the everyday demands of productivity. And, IT typically cannot monitor access or use of these applications. As I have told earlier, this will most certainly hog disproportionate amount of corporate bandwidth and slow down other critical applications. In India, BYOD and complex social networking apps majorly impact bandwidth budgets and delivery quality. Blue Coat is currently helping many Indian enterprises bring in visibility and control over the shadow IT infrastructures that are present within the corporate network. Our product PacketShaper highlights the shadow infrastructures which most CIOs are unaware of. Indian IT teams are slowly forgetting the days when only the big guys had mobile devices at work. Or even days when a "BlackBerry-only" policy was followed. And while these teams are coming to terms with the security issues, mobility is eating up their IT budget. New devices, data plans, apps, and software--they're all coming down at a go and it's very confusing. Although BYOD meant no investment in hardware devices, it didn't show up with major cost cuts. In fact, it brought along issues like supporting different devices on different platforms. That is when a robust, well-structured BYOD policy comes to the rescue. And I'm afraid it will take some more time for the enterprise BYOD policies to mature.

How then do CIOs begin to address BYOD's challenges?

One of the most important things to do is to begin early. I suggest CIOs begin involving their teams in discussions instead of waiting to plan out a complete BYOD strategy. Social media must be treated as a means to further an enterprise's business agenda and to help adopt more advanced technologies on a wider scale. But as users mix business and personal lives on mobile devices, the most common approach is to look for a middle ground in security--not too restrictive, not too open. A multi-tier approach that involves encryption, remote wiping and educating employees to report loss of personal devices is advisable. It's more cost-effective to efficiently protect data that's on personal devices than the devices themselves.

Could you tell us a detailed manner to approach BYOD in an enterprise?

CIOs, with their teams, must understand each device type that would connect with the network and the basics of various protocols that follow. A testing tool that captures and relays the difference in the way an application performs over different platforms is essential. BYOD will deviate from tightly controlled PCs and server infrastructure with common versions OS and applications. Hence, a granular level of monitoring the resources mobile devices can access is mandatory. A network access control can help filter if mobile devices have updated anti-virus and software versions. It's time enterprises own up and perform a security assessment, and find the risks before the attackers do.

Join the CSO newsletter!

Error: Please check your email address.

Tags consumer electronicssecuritysmartphonesBlue Coat Systems

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Shweta Rao

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place