As adoption of wearables becomes more mainstream in the Middle East, it brings added complexity to BYOD in an enterprise. One of the more interesting features of wearable tech is its ability to tether to, and control, smartphones over a remote connection. So even if wearables are denied access to enterprise networks, they may already be able to access it. Which means they can download and store company data. Many come with built-in cameras. This will understandably make IT departments worried.
According to recent studies by Aruba, the new generation of employees –#GenMobile – expect mobility at the workplace to be a given, so any blanket decision to ban such devices from the workplace will be highly unpopular. In fact, almost two-thirds of study respondents say they use mobile devices to help them manage their work and personal lives better.
If the decision is made to accept wearables into the organisation, it is unlikely that existing BYOD policies that govern the use of corporate data be enough - new policies will be required.
When tinkering with these policies, CIOs have to keep in mind the fact that there will be other IoT-based devices coming along that could be embedded into an employee’s clothing or even office kitchen appliances. The acronym “BYOD” will soon have to be replaced with “BYOX,” with the “X” symbolising “practically anything.”
Failure of First Generation of BYOD policies – Lessons to be learned
The first generation of BYOD devices received similar levels of access to the network, in a fairly uniform approach. This needs to stop. CIOs
should now turn their attention to the context of the use case, and the underlying communications network. This means putting in place solutions that can secure any mobile device that connects to corporate Wi-Fi; giving them complete visibility of the number, type and frequency of mobile devices assessing their network.
Today’s network should be capable of enforcing flexible security policies that are capable of analysing – and acting on - the context of how an employee uses the mobile device. For instance, an employee using a smartwatch at a coffee shop to access corporate data may not be granted the same level of access as one who uses a PC during office hours. Depending on the context, different policies should be applied to make sure that the right balance between flexibility and security is met.
By incorporating these new levels of network visibility, companies will also be able to identify specific applications and who is using them. After these apps are identified and visualised, access controls and policies should be applied to prioritise the performance of business-critical apps over personal ones. By analysing and controlling access management systems, it is possible to get as granular as disabling a device’s camera in restricted locations.
Key security considerations for BYOD
People talk about BYOD or 'choose-your-own-device' - but it could really end up being BYOD 'bring-your-own-disaster' if you haven't thought about the fallout of that going wrong. There are a number of security habits companies need to adopt to adequately protect themselves against a breach:
By all means, organisations in the Middle East should embrace #GenMobile’s penchant for openness, innovation and collaboration, using any device they wish. But only when they can understand and plan for the security risks these behaviors bring along.