Welcome to the new world of technology, where personal devices deliver a superior experience to business systems.
It should come as no surprise, then, that consumers are increasingly intent on using their personal devices for work. After all, this trend helped spawn the term “bring your own device” (BYOD). Done right, BYOD can improve both productivity and job satisfaction, but done incorrectly, it can frustrate employees and lead to security vulnerabilities.
FREE Download: How To Perform A SaaS Application Inventory In 5 Simple Steps
BYOD has quickly become the “new normal” for business, but most have adopted an anything-goes approach with little governance. Despite statistics that show high levels of BYOD adoption, many businesses still haven’t completely figured out how to capitalize on BYOD without exposing themselves to undue risk.
Complicating matters further, BYOD is a moving target. Today’s fringe technology may be essential tomorrow. The iPhone, once derided as not enterprise ready, is now firmly entrenched in business. And BlackBerry, once the enterprise standard, now has a market share lower than the lowly “other” category in industry reports.
Similarly, wearable devices may not seem like they have a place in business today, but that may change tomorrow. Google Glass, for example, is maligned by some, while others suggest that it will be transformative. The truth is, we don’t yet know which devices will find their way onto corporate networks. We do know, however, that people are embracing new technologies at an amazing rate.
The Problem with Current BYOD Solutions
Mobile device management (MDM) is an obvious choice for corporate-owned devices.You simply install an agent that allows data deletion if the device is lost or stolen. But MDM is often resisted with user-owned devices:
– Users don’t want to give IT the ability to delete personal files or photos.
– Even with containerization, giving up control is especially unappealing to users who see BYOD as a form of revolt against IT policies.
– Many employees don’t want to enable their employer to track them.
– Gartner claims that 20 percent of BYOD initiatives will fail because of management measures that are too restrictive.
The fundamental flaw of MDM is a focus on the most disposable, least secure part: the device.
Forward-Looking BYOD Solutions
One way to balance security with personal device usage is to focus on applications rather than the device. An application-centric approach centers on enabling and managing access to services and data through an access application rather than running the applications natively on the device.
Focusing on applications has several advantages. Moving the credentialing process off the device increases security. It lets you put everything users need in one place—a portal to all critical business apps, including cloud apps. It supports single sign-on, reducing authentication hassles. It allows administrators to define and manage access easily. And, organizations can take advantage of the cost savings from user-purchased devices. In short, mobile application access allows you to capture the advantages of BYOD while minimizing the risks.
Things to Look for in Your Mobile Application Access Solution
As you evaluate solutions, consider what your organization really needs. Ensure that any option you choose:
– Allows you to extend security policies to future devices so that you can increase access and productivity without increasing risk.
– Is convenient and actually makes users’ lives easier (otherwise, they won’t use it).
– Allows users to keep their personal devices personal.
– Enables access to legacy web applications without the need for a native mobile application.
Consumer devices will continue to evolve. Your business must find a way to take advantage of the technology employees want to use—without opening your organization up to additional risks.
By Travis Greene, Identity and Access Solutions Strategist, NetIQ
About NetIQ
NetIQ is a global enterprise software company that meets the demands of today’s IT environment with broad, proven solutions for identity and access management, security and data center management. With four regional headquarters the company is there for its customers anytime, anywhere.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.