BYOD Security: And Now For The Good News!

This article, written by Azurati’s Ronan Lavelle, was originally published in Business Computing World.

While there is a lot of research about the sudden growth of mobile business usage, much of it being driven by the explosion in ‘Bring Your Own Device’ (BYOD), a trend that while understandable from the user’s perspective, is giving IT departments the world over the shivers.

Protecting the organisation from security breaches – which are often caused inadvertently by the users – has long been a big challenge and it has suddenly taken on a whole new dimension with employees and contractors introducing their own tablets and smartphones into the workplace, in effect blurring the lines between personal and business computing devices.

So it is hardly surprising that IT directors and managers in many organisations – both large and small – are hesitating before taking the plunge into truly embracing the concept of the mobile enterprise.  However, the genie is well and truly out of the bottle, so like it or not, enterprises are going to have to face this problem head on and sooner rather than later.

Also, another way to look at the exponential growing of business mobile usage is whether it could actually be good news, helping to make better use of existing applications and services in which organisations have already invested, yet are not making maximum use of, because they are traditionally hard to access on mobile devices.

That all changes with the latest wave of mobile applications or services that have been adapted or developed to deal with the BYOD wave.  A good example of this is Microsoft SharePoint, which has until recently been cumbersome to access on mobile devices, yet has
represented a massive investment for organisations the world over.  New products have removed this barrier, making SharePoint simple and secure to access, thus helping CIOs and IT directors to recoup better return-on-investment and improve user engagement.

Of course, that does not negate the security challenge, so before enterprises can truly exploit BYOD to their own advantage, what needs to happen?  Mobile security is a hugely complex and oft-debated topic, and there is also the challenge of balancing accessibility and flexibility against strong security measures.  Make security too tough and employees will encounter usability problems.

So what does work?  At Azurati, during our own research and development process over the past few years, we’ve invested a lot of time and effort working out what constitutes mobile security best practice and have had that independently validated.  So, here are our top pieces of advice in what to look for in a secure BYOD app.

  1. Authentication-CIOs need to realise that an employee using a mobile device to access corporate systems is essentially an external user, as far as authenticating securely across the firewall is concerned.  Make sure that your mobile applications vendor is able to support (or recommend) the authentication regime that works best for your organisation, whether that is using federated profiles, token-based authentication, 2-factor or forms-based authentication, for example.
  2. Encryption– it is advisable to minimise the amount of content or data stored on the mobile device, but if it has to be so, ensure that it is properly encrypted.  256-bit SSL encryption should be the standard to aim for.
  3. Zero footprint– let’s face facts, people are always going to leave their devices lying around.  So, inisist on ‘zero footprint’: in other words, no corporate data or content is left on a smartphone or tablet.
  4. Single sign-on – something that vendors often struggle to achieve, but something that enterprises should be demanding.  For instance, if SharePoint users have single sign-on to multiple SharePoint sites, then they only need to remember one user-name and password to access their mobile SharePoint world.
  5. Don’t go native– some of the world’s leading analysts have begun to query the sense of native apps. If you choose mobile web apps, then they can still act like a native app to keep users happy, but they support ‘zero footprint’ (so no sensitive data is left on the device) and also make it a lot easier to manage user and administration rights (which is vital for efficient security strategies).
    Purchasing, deploying and ensuring that users have downloaded the latest software version are all challenges that CIOs will face with native apps in the enterprise.   Some mobile web applications are able to incorporate device features previously only available through native apps, like accessing the device’s GPS functions, camera, alerts and notifications and placing an application badge/icon on the device home screen.

If IT departments can get their workforce using applications like SharePoint better on mobile devices, then the mobile security headache could actually be a saving grace.  Of course, that depends on having extremely robust security measures, without limiting access or usability, but the technology and techniques are all there: it’s just a question of
researching the best fit for the organisation in question.

Ronan Lavelle is the CEO of Azurati, a software company specialising in secure cross-platform mobile applications for enterprise users.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: