With the launch of the iPad 3 today the trend of bring-your-own-device (BYOD), such as smartphones and tablets, to work shows no sign of abating. Hailed by many as a boon to worker productivity and a cost savings for organizations, what are the implications of BYOD for IT security teams?
A recent Gartner report shows tablet sales on a pace to reach over 300 million units in 2015 with Apple expected to command more than 50% market share in tablets until 2014. Android-based tablets are next in line and expected to gain significant ground by 2015. As for smartphones, new research from the Pew Internet and American Life Project indicates that more than half of all mobile phones in the U.S. are smartphones. Given this data and the slew of announcements at Mobile World Congress last week, one thing is certain; iOS, Android or other, we are rapidly adopting tablets and smartphones as our “go-to” computing devices.
The impact on the corporate network is significant. The “2011 Consumerization of IT Study” conducted by IDC and sponsored by Unisys found that 40% of IT decision makers say that workers access corporate information from employee-owned devices, but in stark contrast more than 80% of employees indicated they access corporate networks this way. To protect their corporate assets organizations need to close this gap.
If we take a closer look at Apple-based systems, relative to mobile malware threats out today, iOS is relatively unscathed. Apple’s “walled garden” approach has helped. However, as an IT security administrator, protecting systems that may not belong to you is a huge challenge, some of which cannot be addressed by one simple security solution. But there are a few things you can do to harden your teams and policies to help maintain control of your network.
First, make sure your executives have the latest devices as upgrading the entire platform is easier and less risky than a piecemeal approach of upgrading individuals’ software – particularly when they’re high productivity, high-demand employees.
Second, be mindful that even though iOS has been relatively immune to attacks, as the number of users increases so do the odds that high-value data will reside on iPads and be put in transit into other network devices where threats are borne. While not technology based, enforced policies that regulate what data can be transmitted to BYOD devices can help.
Third, in situations when you can’t control the tablet or smartphone, it may be useful to lock down your organization’s network or computers (laptops, desktops, servers) with capabilities like application control. Consider approved applications that can be used by employees to remotely access their desktop computers back in the office from their iPad or other tablet while travelling. While you may not be able to limit the installation of application on the device, you can prevent it from running on corporate-owned computers.
As we welcome the next evolution of the iPad and a host of competing devices with open arms, we must also open our eyes to the security gaps BYOD presents and take a proactive approach to bridging these gaps.![]()
![]()
A recent Gartner report shows tablet sales on a pace to reach over 300 million units in 2015 with Apple expected to command more than 50% market share in tablets until 2014. Android-based tablets are next in line and expected to gain significant ground by 2015. As for smartphones, new research from the Pew Internet and American Life Project indicates that more than half of all mobile phones in the U.S. are smartphones. Given this data and the slew of announcements at Mobile World Congress last week, one thing is certain; iOS, Android or other, we are rapidly adopting tablets and smartphones as our “go-to” computing devices.
The impact on the corporate network is significant. The “2011 Consumerization of IT Study” conducted by IDC and sponsored by Unisys found that 40% of IT decision makers say that workers access corporate information from employee-owned devices, but in stark contrast more than 80% of employees indicated they access corporate networks this way. To protect their corporate assets organizations need to close this gap.
If we take a closer look at Apple-based systems, relative to mobile malware threats out today, iOS is relatively unscathed. Apple’s “walled garden” approach has helped. However, as an IT security administrator, protecting systems that may not belong to you is a huge challenge, some of which cannot be addressed by one simple security solution. But there are a few things you can do to harden your teams and policies to help maintain control of your network.
First, make sure your executives have the latest devices as upgrading the entire platform is easier and less risky than a piecemeal approach of upgrading individuals’ software – particularly when they’re high productivity, high-demand employees.
Second, be mindful that even though iOS has been relatively immune to attacks, as the number of users increases so do the odds that high-value data will reside on iPads and be put in transit into other network devices where threats are borne. While not technology based, enforced policies that regulate what data can be transmitted to BYOD devices can help.
Third, in situations when you can’t control the tablet or smartphone, it may be useful to lock down your organization’s network or computers (laptops, desktops, servers) with capabilities like application control. Consider approved applications that can be used by employees to remotely access their desktop computers back in the office from their iPad or other tablet while travelling. While you may not be able to limit the installation of application on the device, you can prevent it from running on corporate-owned computers.
As we welcome the next evolution of the iPad and a host of competing devices with open arms, we must also open our eyes to the security gaps BYOD presents and take a proactive approach to bridging these gaps.
©2011 blog.sourcefire.com. Content provided by Sourcefire, Inc., please do not reproduce without permission.![]()
