Given the current hype around the rise of wearable technology, it would seem that in the very near future we could be adding them to the long list of non-company devices people are bringing into their organisations. Increasingly we are seeing that employees want to use their own mobiles, tablets, PCs and applications in their work life. As this phenomenon clearly goes way beyond devices alone, it is evident that the acronym BYOD is no longer sufficient to cover all things brought into the office. Perhaps, then, we should change this acronym to BYO* – bring your own anything and everything.
Yet whilst BYO* helps meet employee demands for more flexible working and increased mobility, it also raises concerns for enterprises in areas such as IT governance, compliance, mobile device management, and security. This is because not only does BYO* mean end-users have access to company information, but they also have the ability to store this information on their own device.
In addition, as BYO* increases the complexity of an organisation’s IT infrastructure, it also reduces the visibility the IT department has into end-users and their endpoints – essentially the weakest points in the IT security chain.
To address the security concerns that accompany BYO*, organisations need a solution that provides real-time visibility of the entire infrastructure and all endpoints, including which devices are connected to the network and which services they are using. When looking to implementing BYO* into an organisation, IT decision makers are increasingly looking to IT analytics tools to analyse all network connections and application executions to ensure full and clear visibility at the end user’s level.
Giving security teams the advantage
It is little wonder that security is a top priority for IT teams. Every day we hear of data breaches and cyber-attacks on high-profile companies and, worryingly, the common feature of these high-profile attacks is that they are discovered months after launching. Consequently, businesses are beginning to realise that the traditional solutions they have in place, including signature-based antivirus software, firewalls, and endpoint detection software, may no longer be enough to identify and prevent malicious attacks before it is too late. A company may have an ‘above-average’ security system in place but that does not necessarily guarantee safety. Cyber-attacks today are more sophisticated, more specific and more targeted than in the past.
It’s critical, therefore, that an organisation must focus its attention on the detection of threats rather than solely relying on current defence measures. CIOs need to discover types of anomalies and intrusions much sooner, especially in a BYO* culture.
IT analytics solutions that focus on endpoint activity, providing context and situational awareness around the behaviour of an organisation’s end-users, will provide information invaluable in the discovery of emergent threats, and the prevention of incidents spreading throughout that organisation.
Creating a successful BYO* policy
Since the advent of BYO*, a whole new set of security policies and processes have been added to address mobility and mobile devices. While the framework may be the same, the variety of devices, where they can access information from, and the information available to them has changed.
The widespread adoption of BYO* has been hindered somewhat by the increased complexity it can cause, and the lack of insight required to support it.
A BYO* policy, then, needs to be enforced, requiring a collaborative effort between end-users, IT teams and an organisation’s management. Once agreed upon, organisations need to think beyond implementation of this policy for it to be successful which means taking on the responsibility of educating its end-users and implementing effective device management and support.
The implementation of an IT analytics solution can also help ensure the BYO* policy is a success. Gathering and analysing data in real time from the perspective of the end-user will quickly and easily show information not only on that end-user, but also the device the end-user is using, and the processes running on that device. Correlating this with information on network services, resources and other factors will deliver the most complete IT security analysis available.
A truly successful BYO* policy will require the support that an IT analytics solution can provide, enabling the organisation to strengthen its existing security measures and improve its business processes without putting additional strain on its IT department.
Blurred lines of professional and personal
The compelling driver for the adoption of BYO* is to improve the experience and productivity of employees and the business as a whole. As the benefits of BYO* become increasingly more recognised in organisations, the need for businesses to implement a solution to manage the separation of personal and business use in their BYO* initiatives becomes critical.
The perspective that IT analytics can provide on the use of individual devices – for what, and by whom – will allow IT departments to see the divide between personal and business, and enable them to proactively reduce IT risks, and ensure that security and policies are robustly enforced.
By Poul Nielsen, Director of Strategy, Nexthink
Bio : Poul has responsibility for corporate, product, partner and field marketing worldwide. His mission is to develop and communicate Nexthink’s brand and to lead marketing operations in support of the company’s goals. Poul works closely with product marketing to align strategy and with sales for lead generation activities.Poul has over 20 years of executive management experience at TriActive, Altiris, Computing Edge, Computer Associates, and Digital with strong background in routes-to-market strategy for hyper-growth. During his time at Altiris, Poul served as VP of Product Strategy and Marketing and developed the concept of IT Lifecycle Management for PCs. From 2000 to 2005, Altiris grew revenues from $8M to over $250M with leading partners HP, Dell, IBM and Microsoft.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.