BYOD: Keep your ‘eyes on the enterprise’

Bring your own device (BYOD) will continue to shift the way employees interact with enterprise applications and information, which raises considerable security challenges to any organisation. We already know that these devices include tablets, including iOS and Android smartphones, “Wintel” laptops, but there are many devices we are yet to see.

For some organisations, such as universities, the array of user devices may be unlimited, and therefore their grasp on securing data may be prone to challenges as a standard. Other organisations will be in a better position to leverage security policy to control the acceptable devices allowed and to ensure they have the ability to investigate these devices as needed.

Employee productivity and flexibility, reduced operational costs, ease of employee provisioning, and organisational agility ensure that BYOD is here to stay. However, to make BYOD viable, organisations rely on two key ingredients: authentication and policy. Authentication ensures that the right individuals and devices are allowed access to the appropriate resources. Policy ideally defines what is allowed from a usage perspective, establishes the organisation’s right to investigate employee-owned work devices, and outlines any security applications that are required to be installed on the employee devices.

Much of the industry conversation revolves around an organisation’s ability to monitor and examine employee-owned devices. Due to legal questions and privacy requirements, many organisations still do not have BYOD policies, as described above.

However, whether an organisation has successfully implemented a concrete policy or not, the fact is the most critical elements in securing your enterprise against BYOD threats is enterprise visibility and remote remediation capabilities. If you can’t see what’s happening on the computers, servers and shares across your enterprise, as well as within network communications, you can’t effectively defend yourself against any threat, let alone those originating from employee-owned devices.

BYOD programs increase risk and compound the challenges organisations struggle with every day. Unfortunately, many of the threats that increase with the introduction of a BYOD program are often not preventable.

Theft or loss of sensitive data

How do you prevent personally identifiable information from being copied onto uncontrolled devices? What stops a user from utilising their phone camera to snap an image of sensitive content?

Breaches of acceptable use policy

Can users of BYOD devices access internet sites that violate acceptable use policies designed to limit risk? For example, BYOD users may be more likely than corporate users to fall victim to a phishing attack, resulting from a visit to a malicious website.


Introducing employee-owned devices to the enterprise exponentially increases the opportunities for malware exploits. Many of these exploits are new and undefined, which means they are not caught by traditional, signature-based tools. So how do we increase our ability to detect?

Malware, in particular, is a growing concern, as the exploits targeting BYOD are increasing in frequency. It was discovered that “Find and Call” was actually a dangerous address book harvester, freely available on the protected Apple App Store. Then there’s the Android “Marketplace”, based on the Google open source operating system, which more or less invites malware development.

Furthermore, BYOD includes Windows-based computers that are not owned and controlled by the enterprise but used by the employee primarily for work. Can we rely on users to update their anti-virus, anti-malware and patch levels? Hardly.

While the ability to forensically examine, monitor and remotely secure BYOD devices is critical, the most effective approach to addressing the increased risk presented by the BYOD trend is to keep eyes on the enterprise. Proactive host and network monitoring, and integrated analysis of that data allows organisations to detect and remediate data leakage and malware, even when its missed by IDS, DLP and other traditional preventative tools.

Inside the enterprise, proactive steps that look for policy violations, vulnerabilities and irregularities should include:

  • Regularly scheduled audits of servers and computers across the enterprise to identify confidential or classified data.

  • Enterprise scans to identify malicious code that antivirus and IDS may have missed.

  • Network traffic capture and forensic analysis.

Depending on the BYOD model, organisations may implement a mobility management solution that focuses on applications, information, policy, devices, and so on.

However, despite the approach to handling BYOD devices, there remains a real need to ensure that employees are complying with BYOD policies, that there is protection against data leakage, that inappropriate or inadvertent network access is not happening, and that corporate assets remain free of malware. This is not possible without complete and proactive enterprise visibility.

Terry Steer is regional manager at AccessData ANZ.

Join the CSO newsletter!

Error: Please check your email address.

Tags BYOD security

More about AccessDataANZ Banking GroupAppleDLPGoogle

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Terry Steer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place