IT Today Catalog Auerbach Publications ITKnowledgebase IT Today Archives infosectoday.com Book Proposal Guidelines IT Today Catalog Auerbach Publications ITKnowledgebase IT Today Archives infosectoday.com Book Proposal Guidelines
Auerbach Publications

IT Performance Improvement

Management

Security

Networking and Telecommunications

Software Engineering

Project Management

Database


Share This Article



Free Subscription to IT Today





Powered by VerticalResponse

 
Asset Protection through Security Awareness by Tyler Justin Speed, ISBN 978-1-4398-0982-2
Managing an Information Security and Privacy Awareness and Training Program, Second Edition by Rebecca Herold, ISBN 978-1-4398-1545-8
Information Security Governance Simplified: From the Boardroom to the Keyboard by Todd Fitzgerald, ISBN 978-1-4398-1163-4
Practical Risk Management for the CIO
Mobile Device Security: A Comprehensive Guide to Securing Your Information in a Moving World by Stephen Fried, ISBN 978-1-4398-2016-2
The 7 Qualities of Highly Secure Software by Mano Paul, ISBN 978-1-4398-1446-8
Managing the Insider Threat: No Dark Corners by Nick Catrantzos, ISBN 978-1-4398-7292-5

BYOD: It's Time to Throw Out the Rule Book

By Grant Taylor, Head of UK Operations, Cryptzone

Employees have differing views when it comes to what they like. Not every one wants a Volkswagen Golf, and many company car schemes take this into consideration. As a concept it works fantastically. Instead of having a pool of company owned cars, employees are given an allowance to offset against their own vehicle. Genius!

A few years ago organizations extended this practice into other areas of the business; for example, an allowance to fund purchasing a laptop. The theory was that if the employee gets ownership of the device after three years, they're more likely to 'look after' it. The Consumerization of IT, or Bring your Own Device (BYOD) as its becoming more commonly known, as a concept was born and with it a can of worms was not only opened, but flung all over the place.

The Problem Is ...
Initially, while a genius idea, the issue of integrating different operating systems was just the tip of the problem iceberg - changing functionality, applications and connectivity all had to be addressed and standardized. Then came the discussion about what could, and couldn't be done with them. Initially email was the essential must have, which quickly moved on to the ability to access corporate information. Suddenly security became the elephant in the room.

It wasn't too long before organizations started to suffer breaches, and public humiliation, as these mobile missiles haemorrhaged sensitive corporate information. Some were lost, some were stolen and a few were sold legitimately on public auction sites! For the technology team, enabling their use was no longer the issue but securing the data they carried.

Move on a few years and today the situation we find ourselves is not dissimilar. On one side employees want to utilisze technology that fits with their lifestyle, although now they're happy to fund it themselves. In the 'other corner,' the technology team is tasked with sanctioning their use, but need to do so securely.

Saying no is simply not an option for either side.

Barriers - Up or Down?
The main issue is that for the majority of organizations, the technology team had barely got to grips with laptops when smartphones started storming the organization's enterprise. Without time to properly draw breath, the iPad came along and joined the offensive. Unfortunately, the formula of affordable price tag, with superb functionality, makes these new business tools too valuable to blank block. In far too many cases, IT is having to play catch up with some teams in danger of losing the game.

Rather than always trying to preempt the next advance, technology teams need to find ways to secure the defenses now that future proofs the organization for tomorrow's world.

Stand Firm and Secure
If we look at the basic problem, in both private and public sector organizations, people are able to consume information on their devices in their personal lives and found it to be beneficial. They simply want the same flexibility in their business lives and this means the ability to consume corporate information on the same devices.

The challenge for the technology team is to put controls in place that allows people to do that securely so that the data that they access is secure.

Well it's simple then, isn't it? Actually it hasn't been until now.

A Holistic View
Organizations could take a conjoined approach to their access strategy that enables granular access to people in a safe and secure fashion.

One method is to provision users on a role base, location base and on device based access. This method means each request is permitted or declined dependant on the user, his device, its location, and what information is being accessed.

For many organizations that's easier said than done. However, there are solutions on the market that deliver such granularity without introducing significant administrative and support overhead.

Additionally, another option would be to introduce Access on Demand. A relatively new twist, on a tried and tested concept, information is stored in a secure central location - not dissimilar to a public library. However, rather than being able to walk in and browse, users are sent a secure link that takes them to the exact location—file, page or record—where the information is stored. At this point, they can read, edit, or do anything else that they need to do but without the information leaving the central repository. To further strengthen this option, access could be secured with authentication; for example, a passcode sent to a device registered to the user that has to be entered before the file can be opened.

With this approach the user gets the flexible agile work experience they're so hungry for, regardless of the device they're using and for the organisation its information never leaves its control as it is not transferred to the end users device.

And There's More!

For those organizations looking to introduce secure collaboration, especially with a third party, this approach means organizations can provision external agencies safely, securely, and quickly, offering even greater flexibility.

At the end of the day, it is data that is king and must be protected at all costs. Rather than trying to secure every device known to man, and those that are being dreamt of, organizations can provision security that fits in today's mobile and agile world.

Rather than playing catch up, do you want to get ahead of the game so you're prepared for tomorrow's world?


About the Author

Grant Taylor is Head of UK operations for Cryptzone. The Cryptzone Group is a technology innovator of proactive controls to mitigate IT security risk in the key areas of Policy Compliance, Content Security, Secure Access and Endpoint Security. For more information visit www.cryptzone.com.

© Copyright 2012 Auerbach Publications