BYOD Could Mean Bring Your Own Disaster

By Special Guest
Ammar Enaya, Regional Director, HPE Aruba, Middle East & Turkey
August 22, 2016

As adoption of wearables becomes more mainstream in the Middle East, it brings added complexity to BYOD in an enterprise. One of the more interesting features of wearable tech is its ability to tether to, and control, smartphones over a remote connection. So even if wearables are denied access to enterprise networks, they may already be able to access it. Which means they can download and store company data. Many come with built-in cameras. This will understandably make IT departments worried.

According to recent studies by Aruba, the new generation of employees –#GenMobile – expect mobility at the workplace to be a given, so any blanket decision to ban such devices from the workplace will be highly unpopular. In fact, almost two-thirds of study respondents say they use mobile devices to help them manage their work and personal lives better. 

If the decision is made to accept wearables into the organisation, it is unlikely that existing BYOD policies that govern the use of corporate data be enough - new policies will be required.

When tinkering with these policies, CIOs have to keep in mind the fact that there will be other IoT-based devices coming along that could be embedded into an employee’s clothing or even office kitchen appliances. The acronym “BYOD” will soon have to be replaced with “BYOX,” with the “X” symbolising “practically anything.” 

Failure of First Generation of BYOD policies – Lessons to be learned

The first generation of BYOD devices received similar levels of access to the network, in a fairly uniform approach. This needs to stop. CIOs

Ammar Enaya

should now turn their attention to the context of the use case, and the underlying communications network. This means putting in place solutions that can secure any mobile device that connects to corporate Wi-Fi; giving them complete visibility of the number, type and frequency of mobile devices assessing their network.

Today’s network should be capable of enforcing flexible security policies that are capable of analysing – and acting on - the context of how an employee uses the mobile device. For instance, an employee using a smartwatch at a coffee shop to access corporate data may not be granted the same level of access as one who uses a PC during office hours. Depending on the context, different policies should be applied to make sure that the right balance between flexibility and security is met.

By incorporating these new levels of network visibility, companies will also be able to identify specific applications and who is using them. After these apps are identified and visualised, access controls and policies should be applied to prioritise the performance of business-critical apps over personal ones. By analysing and controlling access management systems, it is possible to get as granular as disabling a device’s camera in restricted locations.

Key security considerations for BYOD

People talk about BYOD or 'choose-your-own-device' - but it could really end up being BYOD 'bring-your-own-disaster' if you haven't thought about the fallout of that going wrong. There are a number of security habits companies need to adopt to adequately protect themselves against a breach:

  1. Regulate Wi-Fi traffic with intelligent policy firewalls that can keep track of app usage. This ensures that different apps are classified according to its security rating based on the role of the employee within the organisation. These apps would be allowed to be used on select mobile devices by select users, only if they satisfy live security monitoring by the policy firewall and cloud-powered content filtering.
  2. Make sure that all communications over the air are encrypted and sent over secure channels. This requires a smart combination of encryption and VPN-on-demand technologies that prevent information from being snooped on, and – even in the event that the information falls into the wrong hands – is rendered gibberish.
  3. Focus on the interactions between users, apps and data. The perimeter has shifted from the idea of building a wall around your enterprise and fortifying your organisation with a firewall. The Internet of Theft (IOT) and Bring your own Disaster (BYOD) have become prevalent in the organisation, considering that business users and consumers nowadays demand access to data and business insights anywhere and in a commoditised form.
  4. Managing the security of BYOD, IoT, BYOX, whatever you’d like to call it, requires a secure yet flexible wireless network within the workplace. Companies should deploy flexible security policies that are capable of analysing – and acting on - the context of how an individual employee is using a mobile device, and where they are accessing information from.

By all means, organisations in the Middle East should embrace #GenMobile’s penchant for openness, innovation and collaboration, using any device they wish. But only when they can understand and plan for the security risks these behaviors bring along.

Edited by Alicia Young

Related Articles

Mist Applies AI to Improve Wi-Fi

By: Paula Bernier    11/9/2017

Mist has created an AI-driven wireless platform that puts the user and his or mobile device at the heart of the wireless network. Combining machine le…

Read More

International Tech Innovation Growing, Says Consumer Technology Association

By: Doug Mohney    11/8/2017

The Consumer Technology Association (CTA) is best known for the world's largest trade event, but the organization's reach is growing far beyond the CE…

Read More

Broadcom Makes Unsolicited $130B Bid for Qualcomm

By: Paula Bernier    11/6/2017

In what could result in the biggest tech deal in history, semiconductor company Broadcom has made an offer to buy Qualcomm for a whopping $130 billion…

Read More

How Google's 'Moonshot' Could Benefit Industrial Markets

By: Kayla Matthews    10/30/2017

The term "moonshot" encapsulates the spirit of technological achievement: an accomplishment so ambitious, so improbable, that it's equivalent to sendi…

Read More

After Cisco/Broadsoft, Who's Next for M&A?

By: Doug Mohney    10/27/2017

Cisco's trail of acquisition tears over the decades includes the Flip video camera, Cerent, Scientific Atlantic, Linksys, and a couple of others. The …

Read More