The sudden rise of mobile devices to support bandwidth-hungry applications is raiding corporate networks. As CIOs struggle to manage the storm of personal devices users carry within enterprise networks, they must take a harder look at safeguarding their IT. Shweta Rao spoke to Albert Kuo, GM and VP -- field operations for Asia Pacific at Blue Coat Systems, to find out more about the security challenges that BYOD has brought with its arrival.
Is BYOD really security's problem child today?
Different Web applications have different network usage patterns. Most of us monitor applications that enter our enterprise network to understanding bandwidth usage. But most of these are critical apps, compared to others like Facebook and YouTube. A lot of IT heads just add more bandwidth to manage the crunch. But, at Blue Coat, we have coined a term called 'selfish application' that explains today's situation better. A selfish application typically downloads a lot of data in frequent intervals and does it at a very high speed--putting the priorities of the rest of the network's needs at bay. Now, the issue today is that most applications are selfish, and the amount of data downloaded by a lot of people running the same apps on their personal devices is high. This is accentuated with the use of SaaS applications. So, yes, BYOD is a very big problem child and it might be a good time for CIOs to begin managing their WAN bandwidths.
How is Asia Pacific doing in terms of addressing BYOD's demands?
Indian employees too, like the rest of the world, look to the Web to fulfill the everyday demands of productivity. And, IT typically cannot monitor access or use of these applications. As I have told earlier, this will most certainly hog disproportionate amount of corporate bandwidth and slow down other critical applications. In India, BYOD and complex social networking apps majorly impact bandwidth budgets and delivery quality. Blue Coat is currently helping many Indian enterprises bring in visibility and control over the shadow IT infrastructures that are present within the corporate network. Our product PacketShaper highlights the shadow infrastructures which most CIOs are unaware of. Indian IT teams are slowly forgetting the days when only the big guys had mobile devices at work. Or even days when a "BlackBerry-only" policy was followed. And while these teams are coming to terms with the security issues, mobility is eating up their IT budget. New devices, data plans, apps, and software--they're all coming down at a go and it's very confusing. Although BYOD meant no investment in hardware devices, it didn't show up with major cost cuts. In fact, it brought along issues like supporting different devices on different platforms. That is when a robust, well-structured BYOD policy comes to the rescue. And I'm afraid it will take some more time for the enterprise BYOD policies to mature.
How then do CIOs begin to address BYOD's challenges?
One of the most important things to do is to begin early. I suggest CIOs begin involving their teams in discussions instead of waiting to plan out a complete BYOD strategy. Social media must be treated as a means to further an enterprise's business agenda and to help adopt more advanced technologies on a wider scale. But as users mix business and personal lives on mobile devices, the most common approach is to look for a middle ground in security--not too restrictive, not too open. A multi-tier approach that involves encryption, remote wiping and educating employees to report loss of personal devices is advisable. It's more cost-effective to efficiently protect data that's on personal devices than the devices themselves.
Could you tell us a detailed manner to approach BYOD in an enterprise?
CIOs, with their teams, must understand each device type that would connect with the network and the basics of various protocols that follow. A testing tool that captures and relays the difference in the way an application performs over different platforms is essential. BYOD will deviate from tightly controlled PCs and server infrastructure with common versions OS and applications. Hence, a granular level of monitoring the resources mobile devices can access is mandatory. A network access control can help filter if mobile devices have updated anti-virus and software versions. It's time enterprises own up and perform a security assessment, and find the risks before the attackers do.