5 things you no longer need to do for mobile security

A couple of years ago companies were dismissive of BYOD, but now they are adopting policies and next-gen technologies to help manage BYOD.

A couple of years ago companies were dismissive of BYOD, but as they've realized that the horse left the stable, they are adopting policies and next generation technologies to help manage BYOD. They also recognize that successful mobile security requires a cooperative partnership with employees, so are working with them to determine what policy works best for both parties, allowing BYOD to become part of the enterprise mobile security framework.

+ ALSO ON NETWORK WORLD 12 big BYOD predictions +

As mobile security matures, some of the burden on IT has been alleviated. Thanks to next generation technologies, there are several things enterprises no longer need to do in order to keep mobile data secure. Here are five:

* Invest developer and IT time wrapping apps -- Mobile security in the enterprise used to be synonymous with containerization. Traditional solutions included containers and app wrapping, which relied on software development kits (SDK) to modify and secure applications. These approaches required business development relationships to get access to the mobile application source code and forced developers and IT to invest time to use the SDK to secure the application initially, as well as every time the application was upgraded.

Needless to say, these were time-consuming cycles. However, next generation mobile security offers the ability to secure applications on-demand at the employee's request without the intervention of IT. Next generation mobile security vendors are offering on-the-fly app wrapping that doesn't modify the original app code, as well as the ability to attach dynamic app policies that give security professionals the controls they need. Now IT can confidently allow functional departments and employees to serve themselves, giving them immediate access to the applications they prefer, enabling productivity. Before, IT was a bottleneck having to constantly approve, wrap and maintain application security. Now, IT can allow the employees to use the apps they want, without sacrificing security.

* Use containerized apps and app ecosystems -- The removal of reliance on SDKs for securing apps has eliminated the need to create app ecosystems. Today, enterprises can simply utilize any application available in app stores for iOS and Android as well as internally developed applications. Businesses are no longer constrained to a handful of applications, which have agreed to work with particular mobile security vendors. Now they can move at the "speed of business" and access the millions of mobile apps available today, while preserving the native user experience of the app, staying up-to-date with new versions, and having instant access to emerging applications.

* Require MDM -- MDM doesn't apply in a BYOD world. Employees resist having an application installed on their personal devices that monitors personal as well as work related activity. Additionally, contractors and external vendors won't accept device profiles as they may be working for several different clients and can't share that information. However, by changing the focus from securing devices to securing the data, you eliminate the need to manage devices. Not only can personal and work related activities be cleanly separated, but greater visibility, security and control at the document level is now possible, all without managing the device.

* Infringe on privacy -- The No.1 concern of employees embracing BYOD is privacy. Employees fear their personal activities are being watched and that once they are locked into an MDM solution, their personal data -- contacts, family photos and more -- can be wiped at any time. In order to achieve compliance you need to win the trust of employees, and paying attention to their privacy concerns is key.

Privacy dashboards and dual personas allow companies to not only provide users with visibility into what IT is and is not tracking, but also ensure that only business data (not personal) will be wiped if a security situation arises. Some solutions even grant employees the freedom to un-enroll temporarily and reclaim their phone as a personal device. Whether on vacation, a date night, or just hanging out with friends for an hour, an employee can temporarily opt from accessing work related apps and data, without compromising security.

* Manage devices and apps using multiple dashboards -- With the new era of mobility, IT no longer needs to use multiple dashboards to manage different devices - they can be viewed through a single pane of glass. Web based consoles now support centralized administration of both managed and unmanaged devices for IT convenience. It is now possible to integrate the device, application and user data management in one place instead of entering different portals to manage each one. By providing all three tenants of mobility management in a single pane, IT can make more informed decisions much quicker.

BYOD raises many issues for IT and the enterprise in general. However, there are ways to enable users to bring their own device, enhancing productivity without sacrificing security. Adopting a BYOD policy that is user-friendly and that secures corporate data will ensure that the goals of the enterprise and IT remain intact while ensuring user buy in - a necessary component of any security policy or program.

Join the CSO newsletter!

Error: Please check your email address.

Tags BYODconsumerization of ITsecuritymobile securityIT management

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Subbu Iyer, Director of Product Management, Bluebox Security

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts