Thursday, May 3, 2012

Why BYOD Security Matters


I was reading a story by Ian Paul on PCWorld on the Android Trojan NotCompatible. You can read it here. There is one reason this Trojan was written, to exploit BYOD (Bring Your Own Device). As Ian states, ”…it is not a threat if you use common sense..”. Every IT security expert can now sleep easy knowing their end users always behave this way, oh wait…they don’t.



Why did I bring up BYOD? BYOD is a hot trend that solves a lot of issues for IT directors and end users, and creates a lot of additional issues for companies that embrace BYOD without addressing the security requirements. What are the base level security measures needed for networked equipment? The devices need to be checked for viruses, malicious code, software exploits, and user rights.

This is hard enough to do if you have control of every device on your network, patch all the operating systems, keep the virus definitions up to date, keep all the other software patched (Adobe Acrobat, Office, Flash, Java, Etc.), control the users access to data and potential sites with malicious code, and stopping the end user from being the security hole by writing down passwords or sharing them.

Once you start allowing your end users to connect their personal devices to your business network, you have lost most of that ability. Without implementing proper security to handle these “un-managed” devices, you may lose control of your network and vital customer and business data.

Is BYOD bad? No, it is inevitable. So just like security measures had to be taken to make Wireless networks secure, measures need to be taken to make you employee’s devices safe to connect to your network. Don’t shortcut the process, horse and then cart. Security and then BYOD.