One of the most visible aspects of today’s corporate IT environment is the increasing adoption of mobile devices. According to a recent Gartner survey, smartphones are the highest favored devices for employees to use for work, bypassing even laptops. There are over 1 billion smartphone users worldwide and it is expected that this year there will be 1.3 billion more tablets and smartphones sold.
Added to this, an increasing number of organizations are implementing Bring-Your-Own-Device (BYOD) policies. Employees like using devices of their choice. They feel it provides familiarity, more flexibility and allows them to do their jobs better. It removes the need to learn another, possibly different device or application. In fact about 30% of those surveyed said they would still use personal devices even if their employer was able to monitor their device on the corporate network.
Companies save money by adopting BYOD policies but they should also manage the risks. This is especially challenging since the IT department does not control these devices. These risks include:
- IT administrators can lose visibility into which devices are accessing corporate system and data. Also, they cannot gather forensic information in case of data breaches from these devices.
- Unsafe or unsecure applications that can potentially compromise the security of corporate networks may be present on employee owned devices.
- These devices are often used on unsecure networks (like public WiFi hotspots) opening the door to malware infections or data leakage.
- Personal mobile devices are sometimes “jail broken” or “rooted’ by the owners to provide enhanced features and functionality. Unfortunately this opens up more potential risks, beyond the obvious override of the device security, malware can be embedded within the software used to root the phone, or within applications that are installed from unknown or unreliable sources.
- Personal mobile devices may have unauthorized access to the corporate network or contain sensitive data even after the employee leaves the company or if the device is stolen.
- Wide use of social applications on these devices makes the users more vulnerable to attacks.
To mitigate these risks, IT administrators must make mobile security a part of their overall network security strategy. They should ensure that corporate network policies extend to employee owned devices. They should also implement mechanisms to secure, regulate and monitor access to corporate resources and data from these devices.
At Barracuda, we believe that mobile security should be incorporated into all aspects of security rather than implemented as an afterthought. To this end, Barracuda Web Security solutions provide agents to secure laptops and mobile devices, Barracuda NextGen Firewalls and VPN solutions provide policy driven secure remote access from mobile devices, and SignNow provides secure mobile document signing. We continue to enhance our solutions and have some exciting developments in this area. Stay tuned!