3 Bring Your Own Device Risks For SMBs - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile
News
2/21/2012
12:59 PM
50%
50%

3 Bring Your Own Device Risks For SMBs

Small and midsize businesses can reap real rewards from letting employees bring their own devices to work, but must also manage the dangers.

10 iPad Annoyances, Solved
10 iPad Annoyances, Solved
(click image for larger view and for slideshow)
The bring-your-own-device (BYOD) approach can work wonders for bootstrapped businesses looking to make the most of mobility. But failing to properly recognize the corresponding risks can quickly wipe out potential gains.

The latest data highlighting the multitude of mobile devices IT pros at small and midsize business (SMB) must manage in a BYOD environment comes from startup Mobilisafe. The company's beta program mapped some 45 million mobile connections to SMB networks during a three-month period. Not surprisingly, some 80% of SMB staffers are using a smartphone or tablet. Perhaps more telling for IT: A new device model connects to the corporate network, on average, for every 6.6 employees.

"Embracing BYOD is one of the key initiatives that can really drive employee productivity and happiness, and the trend is past the point of fighting it," said Mobilisafe CEO Giri Sreenivas. "Focusing on discovering and defining remediation to its corresponding risks to corporate data and resources will help SMBs achieve the right balance for their organization between employee choice and corporate data protection."

In a combination of phone and email interviews, Sreenivas talked through three key risks SMBs need to recognize if they embrace BYOD: Device diversity, outdated firmware, and leaky network authentication and data. Device diversity is just that: The constantly morphing menu of operating systems and even larger array of hardware means IT can't focus on securing a single platform. Meanwhile, Mobilisafe's data showed that employees aren't good about keeping current on their own: 56% of Apple iOS users were running out-of-date firmware. Finally, and perhaps most frightening from a security standpoint, well over a third of the devices with network access and/or corporate data went inactive for more than a month. That means personal devices that are later lost or upgraded, for example, retain potentially sensitive data long after they should.

While Sreenivas ultimately advocates BYOD shops invest in one of the growing number of mobile security platforms like Mobilisafe's--doing so in his job description, after all--he notes that any SMB can begin to reduce risks simply through education and prioritization.

InformationWeek: What's the best way to deal with device diversity in a BYOD office?

Sreenivas: The first step is to acknowledge that it's happening and understand the scope of it. From there, it's important to distill what you care about most when it comes to protecting your data and resources with personal devices. You can't focus too much on what extra things you can do on a few select devices, but instead what you can do across the board so your message and remediation steps are consistent with all your employees and their devices.

IW: You mentioned that the telecom carriers and device manufacturers aren't particularly great at messaging firmware and security updates. What can SMBs do about that?

Communicating to employees the importance of keeping their devices up to date by explaining risks to personal and corporate data is a good first step. Employees have to feel invested for BYOD to work in SMBs. This can improve employee vigilance about paying attention to any communication they may receive about updates. SMBs [need] visibility into firmware versions and available updates, and [to message] their employees on how to update their devices [accordingly].

IW:You found 39% of authenticated devices were inactive for at least 30 days. What do SMBs need to understand about this, and how can they prevent leaking data?

Such a high percentage of stale devices means that SMBs are unaware of devices that could leak corporate data and user credentials. These devices could have been re-sold, lost, or stolen. SMBs should stay on top of this by deploying a solution that provides visibility into devices that no longer sync with company resources to ensure they are appropriately wiped of company data and credentials. They should also ensure and that these devices' associations with enterprise resources like Exchange are removed on the back end.

Heightened concern that users could inadvertently expose or leak--or purposely steal--an organization's sensitive data has spurred debate over the proper technology and training to protect the crown jewels. An Insider Threat Reality Check, a special retrospective of recent news coverage, takes a look at how organizations are handling the threat--and what users are really up to. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
News
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Commentary
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Video
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll