BYOD 2.0 – A New Era in Mobile Security
Although the jury is still out on whether BYOD is truly a cost saving strategy for organizations, it’s clear that BYOD is not going away. The younger generation is expecting to use their own devices and is comfortable with sharing information. Mobile apps, originally designed for consumer use, are making their way into mainstream business and the responsibility for the mobility platform typically falls under IT, InfoSec or a collaboration between the InfoSec-Privacy-Legal departments. While still in its infancy, the concept of a Chief Mobility Officer may gain traction as a way of managing the intricacies of BYOD.
In the meantime, security leaders are left with the challenge of playing catch-up and aligning the risk with flexible-use controls. In addition to employing various types of controls such as Citrix, VDI, MDM and containers, organizations are also looking at mobile repositories for vulnerabilities. What’s important, however, is to have confidence in the controls that are deployed. Best practices for gaining confidence in controls include:
- Establishing a governance framework
- Having an awareness of the threat vectors
- Assessing and understanding the risks associated with enabling the business to adopt and use mobile applications
Recognizing that an uncompromised user experience and simplified operations are critical, security executives can drive readiness within the organization for mobile security by:
- Identifying champions within IT, Legal, HR, business units and privacy groups
- Provide technical support
- Move toward a self-service model, including the use of wiki and splash pages
|