| |||||||||
| |||||||||
Current Filter: Network>>>>>Feature> Security after BYOD Editorial Type: Feature Date: 07-2015 Views: 2204 Key Topics: Networking Security BYOD BYOE Endpoint Security Key Companies: ISACA Key Products: Key Industries: | |||
| With BYOD now established, Robert E Stroud, past president of global IT security association ISACA explains that we now need to logically plan how to manage it A 2013 study conducted by IDG Research Services found that 85 per cent of organisations support BYOD for their employees, and this number has increased significantly since then. There has been mixed coverage about employers' agreement to BYOD, which is perceived to increase end-user satisfaction. However, claims that it saves money on technology provisioning making it more likely to be encouraged by employers may need some clarification. That said, Gartner predicts that by 2017 half of organisations will require that employees supply their own devices for work purposes, and it will be interesting to see how that is received. Increased acceptance and adoption is only a small part of the transformation. We are entering into a post-BYOD era. Employees want to work on any device, at any time, from anywhere, so really it's becoming BYOE or bring your own everything. If you think BYOD is complex now, just give it a few years - the landscape will be very different. We need to approach this in a disciplined fashion and stop scrambling for a last-minute approach.
POST-BYOD SECURITY POLICY So how do IT professionals approach security against the backdrop of the post-BYOD landscape? Recognise that security policy goals haven't necessarily changed. The policy may need to change, but the core intent is true regardless of the technology. Consider a security policy that permits only approved users with access to corporate resources. This policy is valid regardless of the technology being used, but how it is enforced may need to vary. It's important to emphasise this because sometimes organisations create policy that is bound tightly to specific technology, for example mobile policy. I recommend reviewing existing policy for those items that can't be delivered. Also, consider BYOE and other changes, such as cloud transformation and application container proliferation, and how they could interact with BYOE in unexpected ways.
IMPROVING SECURITY VIA BYOD/BYOE? Moreover, BYOE can shift focus away from managing the endpoint and toward other areas. For example, authenticating users, authorising their access and logging what they do, might become more important as endpoints become less trusted and especially because users originate from multiple endpoints. I recommend that you plan ahead because the reality is that BYOE is here and more devices with more adaptable and ubiquitous usage are arriving. This means you need to revisit policy and controls - and this could benefit the organisation when organised as part of a systematic approach to managing your security program. | ||
Like this article? Click here to get the Newsletter and Magazine Free! | |||
Email The Editor! OR Forward Article | Go Top | ||
PREVIOUS | NEXT |