With the launch of the iPad 3 the trend of
bring-your-own-device (BYOD), such as smartphones and tablets, to work shows no
sign of abating. Hailed by many as a boon to worker productivity and a cost
savings for organisations, what arc the implications of BYOD for IT security
teams?
Martin
Roesch
A recent Gartner report shows tablet sales
on a pace to reach over 300 million units in 2015 with Apple expected to
command more than 50-percent market share in tablets until 2014. Android-based
tablets are next in line and expected to gain significant ground by 2015. As
for smartphones, new research from the Pew Internet and American Life Project
indicates that more than half of all mobile phones In the U.S. arc smartphones.
The
iPad 3
Given this data and the slew of
announcements at Mobile World Congress last week, one thing is certain; iOS.
Android or other, we are rapidly adopting tablets and smartphones as our
”go-to" computing devices.
The impact on the corporate network is
significant. The "2011 Consumerization of IT Study" conducted by IDC
and sponsored by Unisys found that 40-percent of IT decision makers say that
workers access corporate information from employee-owned devices, but in stark
contract more than 80-percent of employees, indicated they access corporate
networks this way. To protect their corporate assets organizations need to
close this gap.
If we take a closer look at Apple-based
systems, relative to mobile malware threats out today, iOS is relatively
unscathed. Apple's "walled garden" approach has helped. However, as an
IT security administrator, protecting systems that may not belong to you is a
huge challenge, some of which cannot be addressed by one simple security
solution. But there are a few things you can do to harden your teams and
policies to help maintain control of your network.
While
not technology based, enforced policies that requlate what data can be
transmitted to BYOD devices can help.
First, make sure your executives have the
latest devices as upgrading the entire platform is easier and less risky than a
piecemeal approach of upgrading individuals' software - particularly when
they're high productivity, high-demand employees.
Second, be mindful that even though iOS has
been relatively immune to attacks, as the number of users increases so do the
odds that high-value data will reside on iPads and be put in transit into other
network devices where threats are borne. While not technology based, enforced
policies that requlate what data can be transmitted to BYOD devices can help.
Third, in situations when you can't control
the tablet or smartphone, it may be useful to lock down your organization’s
network or computers (laptops, desktops, servers) with capabilities like
application control. Consider approved applications that can be used by
employees to remotely access their desktop computers back in the office from
their iPad or other tablet while travelling. While you may not be able to limit
the installation of application on the device, you can prevent it from running
on corporate-owned computers.
The
next evolution of the iPad?
As we welcome the next evolution of the
iPad and a host of competing devices with open arms, we must also open our eyes
to the security gaps BYOD presents and take a proactive approach to bridging
these gaps.
