Welcome!

Cloud Security Authors: Pat Romanski, Zakia Bouachraoui, Elizabeth White, Yeshim Deniz, Liz McMillan

Related Topics: @CloudExpo, Cloud Security, @DXWorldExpo

@CloudExpo: Blog Feed Post

The BYOD Problem | @CloudExpo #Cloud #Mobile #Security

Trends clearly highlight the need for enhanced data and application security in enterprise mobility and cloud computing

Everyone wants their device of choice right there next to them 24/7.  To an employer, however, that smart device is nothing more than a dagger posed to rip apart every shred of corporate security. This reality of modern business was highlighted by the Information Security Community on LinkedIn through their 2016 Spotlight Report on "Bring Your Own Device" (BYOD). The key trends influencing enterprise BYOD and mobile security line up as follows:

  • Increased employee mobility (63%), satisfaction (56%) and productivity (55%) dominate as the top drivers of BYOD. These employee related drivers are considered more important than reduced costs (47%).
  • Security (39%) and employee privacy (12%) are the biggest inhibitors of BYOD adoption.
  • 20% of surveyed organizations have suffered a mobile security breach, primarily driven by malware and malicious WiFi.
  • Security threats to BYOD impose heavy burdens on organizations' IT resources (35%) and help desk workloads (27%).
  • Despite increasing mobile security threats, data breaches and new regulations, only 30% of organizations are increasing security budgets for BYOD in the next 12 months and 37% have no plans to change their security budgets.

These trends clearly highlight the need for enhanced data and application security in enterprise mobility and cloud computing. They also reinforce the burden of securing data, applications, and devices that is being placed on the employer. Looking solely from the employer's point of view, the report also summarized the mobility security concerns as follows:

  • 72% - Data leakage/loss
  • 56% - Unauthorized access to company data and systems
  • 54% - Downloading of unsafe apps or content
  • 52% - Malware
  • 50% - Lost or stolen devices
  • 49% - Vulnerability exploitation
  • 48% - Lack of control on endpoint security
  • 39% - Infrequent software updates
  • 38% - Compliance

These findings indicate that enterprise mobility is a very dangerous threat vector that can be ruinous to any business. Unmanaged or ungoverned use of devices can lead to loss of customers, loss of sales, and costly legal and financial fines. This truth led IBM to offer the following Ten Rules for BYOD:

1. Create your policy before procuring technology: To effectively use mobile device management (MDM) technology for employee owned devices Policy must precede technology. Also note that these policies will have broad corporate-wide implications for IT, HR, legal, and security.

2. Find the devices that are accessing corporate resources: Companies must completely understand the current landscape of mobile device usage. Doing this will require using a tool that can communicate continuously with your network environment and detect all connected devices connected.

3. BYOD Enrollment for employees should be simple: Complexity tends to breed non-compliance. To address this issue, the BYOD program should use technology that allows for a simple, low touch way for users to enroll. The process should also concurrently configure the newly enrolled device.

4. Configure your devices over-the-air: To optimize efficiency for both IT and business users, devices should be configured over-the-air. Policies to restrict access to certain applications should also be in-place.

5. Help your users help themselves: A robust self-service platform that lets users perform the following functions should be made available:

  • PIN and password resets
  • Geo-locate a lost device from a web portal
  • Remote wiping of sensitive corporate data

6. Keep personal information private: A well-crafted BYOD program keeps personal employee data away from others. Communicate the privacy policy to employees and make it clear what data cannot collect from their mobile devices

7. Keep personal information separate from corporate data: Corporate apps, documents, and other materials must be protected if the employee decides to leave the organization. Personal email, apps, and photos, however, should be left untouched.

8. Manage data usage: The organization should be able to track in network and roaming data usage on devices, generating warnings should a user goes over their data usage or stipend limit.

9. Continually monitor devices for noncompliance: Devices should be continuously monitored for certain scenarios, and automated policies should be in place. A few common issues are:

  • "Jailbreaking" or "rooting" a phone
  • Use of unapproved applications (like Angry Birds) that don't rise to the level that requires an automatic wipe of the device
  • Providing a simple way to be alerted when a new OS is ready for installation and making it a self-service function

10. Enjoy the return on investment (ROI) from BYOD: Although BYOD shifts responsibility for purchasing devices to employees, it's worth considering the big picture and long-term costs for your organization.

BYOD is now a corporate fact of life. If your environment includes traditional desktops and mobile devices, your organization may also need to consider working with a partner that has the specialized IT skills to migrate, integrate and maintain all types of IT network endpoints. IBM Mobile Virtualization Services should be considered as that partner in order to ease mobile user and application migration issues. Available services include:

This post was brought to you by IBM Global Technology Services. For more content like this, visit ITBizAdvisor.com.

Cloud Musings

(Thank you. If you enjoyed this article, get free updates by email or RSS - © Copyright Kevin L. Jackson 2017)

Read the original blog entry...

More Stories By Kevin Jackson

Kevin Jackson, founder of the GovCloud Network, is an independent technology and business consultant specializing in mission critical solutions. He has served in various senior management positions including VP & GM Cloud Services NJVC, Worldwide Sales Executive for IBM and VP Program Management Office at JP Morgan Chase. His formal education includes MSEE (Computer Engineering), MA National Security & Strategic Studies and a BS Aerospace Engineering. Jackson graduated from the United States Naval Academy in 1979 and retired from the US Navy earning specialties in Space Systems Engineering, Airborne Logistics and Airborne Command and Control. He also served with the National Reconnaissance Office, Operational Support Office, providing tactical support to Navy and Marine Corps forces worldwide. Kevin is the founder and author of “Cloud Musings”, a widely followed blog that focuses on the use of cloud computing by the Federal government. He is also the editor and founder of “Government Cloud Computing” electronic magazine, published at Ulitzer.com. To set up an appointment CLICK HERE

IoT & Smart Cities Stories
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time t...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
Machine Learning helps make complex systems more efficient. By applying advanced Machine Learning techniques such as Cognitive Fingerprinting, wind project operators can utilize these tools to learn from collected data, detect regular patterns, and optimize their own operations. In his session at 18th Cloud Expo, Stuart Gillen, Director of Business Development at SparkCognition, discussed how research has demonstrated the value of Machine Learning in delivering next generation analytics to impr...
The challenges of aggregating data from consumer-oriented devices, such as wearable technologies and smart thermostats, are fairly well-understood. However, there are a new set of challenges for IoT devices that generate megabytes or gigabytes of data per second. Certainly, the infrastructure will have to change, as those volumes of data will likely overwhelm the available bandwidth for aggregating the data into a central repository. Ochandarena discusses a whole new way to think about your next...
The hierarchical architecture that distributes "compute" within the network specially at the edge can enable new services by harnessing emerging technologies. But Edge-Compute comes at increased cost that needs to be managed and potentially augmented by creative architecture solutions as there will always a catching-up with the capacity demands. Processing power in smartphones has enhanced YoY and there is increasingly spare compute capacity that can be potentially pooled. Uber has successfully ...
Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in development and launches of disruptive technologies to create new market opportunities as well as enhance enterprise product portfolios with emerging technologies. His most recent venture was Octoblu, a cross-protocol Internet of Things (IoT) mesh network platform, acquired by Citrix. Prior to co-founding Octoblu, Chris was founder of Nodester, an open-source Node.JS PaaS which was acquired by AppFog and ...
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the limits, as demands around hybrid options continue to grow.
JETRO showcased Japan Digital Transformation Pavilion at SYS-CON's 21st International Cloud Expo® at the Santa Clara Convention Center in Santa Clara, CA. The Japan External Trade Organization (JETRO) is a non-profit organization that provides business support services to companies expanding to Japan. With the support of JETRO's dedicated staff, clients can incorporate their business; receive visa, immigration, and HR support; find dedicated office space; identify local government subsidies; get...