Is BYOS the real problem in mobility?
In regard to BYOS, the security organization is often in the position of chasing the technology. Employees circumvent the IT organization and download third-party apps because they believe that the applications and services are cheaper and will allow them to work more efficiently. Plus, it’s trivial to download an app. One way to establish more control is to determine the activity that needs to be prevented, and then monitor and enforce the behavior rather than trying to prevent the technology. Policy decisions must be made before technology decisions and administrative controls should reflect what you are trying to accomplish within the organization. IT/Security can use mobile device management to track what is being downloaded and identify the most popular apps.
While it’s trivial to download an app, a significant issue with BYOS is the Terms and Conditions that people are required to accept in order to download an application. No one cares about them or reads them, they just click to accept. Some of them make very strong assertions relating to the use of the data. Legal is too busy to be expected to review the T&C of all the applications that employees are downloading. Another issue is the expense of the application. The downloading of apps raises the issue of who is going to pay for the corporate applications on BYOD phones. One option is to allow a small subset of applications in a company store. However, this option requires an investment of time and energy to determine what applications will be placed in the company store, review the applications and keep up to date with existing and new applications.
Blacklisting applications is suggested as a way to block bad applications. This option, however, requires time and effort to stay on top of the blacklisting. Security pros would like a more integrated, automated process of blocking access rather than manual review and see the potential for an app filtering service that would be similar to URL filtering. |