For more information: http://www.escanav.com/english/content/company/news/escan_news.asp

1. How to Solve the BYOD’s Security Conundrum -ITNEXT
http://www.itnext.in/content/how-solve-byod’s-security-conundrum.html[9/23/2013 4:58:53 PM]
TECHNOLOGY HOW TO CAREERS RESOURCES INTERVIEWS NEXT CIO follow us
Applications | Green IT | Mobility | Open Source | Security | Storage | Cloud Computing | Analytics | Virtualisation | Collaboration
INTERVIEW
FORUM
UPDATES
INSIGHT
OPINIONS
INTERVIEWS
PRODUCT
EVENTS
EVENT GALLERIES
BIG Q
15-MINUTE MANAGER
RESOURCE
VIDEO
WEBINAR
to IT Next newsletter and
magazine
SUBSCRIBE
Current Past issues
MORE INFO
ABOUT US
About 9.9
Submit Press Releases
Write to Editor
Print Issue
Print Issue Archives
IT NEXT
ADVERTISE
COBOL on an Integration
Spree
Dang elaborates on the
innovation in traditional
COBOL and how it offers
cost savings to customers...
No longer is it about IT dictating the policies and prescriptions of the user and
enabling them to use technology. Now, it is the users who drive any trend related to
IT, with IT heads having to amend their policies based on user dictate. BYOD (bring
your own device) is clearly an indication of this trend, as individuals are focused on
driving innovation rather than enterprises.
Shantanu Ghosh, VP & MD, India Product Operations, Symantec, reiterates that for
big businesses, this change can be hard to deal with – from using standard-issue
laptops, smartphones and operating-systems often dictated by the preferences of
the IT department, today’s employees are demanding that they be allowed to use
devices of their choice. But if you’ve ever tried to transfer data between devices
that use different OSes, you can imagine the scale that enterprise IT is dealing with,
with thousands of devices on multiple formats and platforms entering the network
every day.
In fact, according to Symantec’s most recent State of Mobility Survey , 72 per cent
of Indian businesses have faced mobility incidents in the past 12 months, causing
revenue loss of 37 per cent, which illustrates the increasing threats. While six out of
10 Indian organisations consider themselves “innovators” in the area of mobility,
organisations faced 50 malware infections, 31 breaches through lost/stolen devices
and 34 exposures of information over the past year. In fact, 86 per cent had to
change policies as a result of mobility incidents, with 1 in 4 banning personal data
on corporate devices and 4 in 10 restricting mobile device usages through HR
enforcement. Against this backdrop, CISOs are embarking on the new task of
tackling this trend by way of understanding the risks, bringing in appropriate
policies and tools and best practices to ensure that the trend is leveraged
positively.
Ashish Thapar, Head -Global Consulting & Integration Services, Verizon Solutions,
advocates that CISOs have a very clear policy to identify the device as baseline
security gets critical.
Rendezvous with Risks in BYOD
Chief Security Officer, Cognizant, Satish Dash sees the risk of non-compliance to
organisational and client security requirements, increase in vulnerabilities and data
leakage and privacy concerns.
According to Jagdish Mahapatra, MD , India & SAARC, McAfee, BYOD is rooted in
the fact that the mobility of these devices introduces security management issues
around access control, data protection and compliance. Additionally, employee-
owned devices used for work introduces added IT complexity as it isn’t always clear
who owns the device, and furthermore, who owns what data on the device. “With the
introduction of these new, unsecured and possibly non-compliant devices easily
coming in and leaving with business sensitive information, a security and
compliance hole is forcing a re-think of how best to secure the organisation and its
business data,” says Mahapatra.
Mahapatra argues CISOs need to look at the BYOD policy from different angles
such as Data Loss Prevention, Authentication system, internal intrusion prevention
systems, internal firewalls, securing Wi-Fi , DC, Network Admission control etc. On
top of all this, the internal IT policy should be detailed and fool-proof to drive the
initiative and guide effectively and prevent failure of specific tools. The challenges
need to be addressed at a holistic level.
However, the key risks that Sunil Varkey, Chief Information Security Officer, Wipro
Technologies, finds, is security governance around Data Loss and Data Leakage
along with software licensing compliance, segregation of data etc..
“Intended or ignorant leakage of corporate sensitive data from BYOD device remains
the key challenge for any CISO,” says Varkey.
It is also observed that security risks also vary with each enterprise’s focus area.
For instance, Amit Pradhan, Chief Information Security Officer, Cipla, finds three
key risks associated with the BYOD trend.
a. Data transfer from corporate environment to personal environment
b. Data loss with employees leaving the organisation
c. Unauthorised access to corporate data by unauthorised user of the user device
(friend, colleague, etc.)
The accompanying challenges are, as Pradhan observed: “I believe the major
challenge a CISO faces today is managing the cost for managing security on
personal devices used in the BYOD culture. With a variety of operating systems like
Android, iOS, Blackberry, Windows, etc., significant investment goes into buying a
security solutions to control corporate data on these devices. Additionally, with
How to Solve the BYOD’s Security Conundrum
CISOs are working out a strategic plan to solve the BYOD risk puzzle using
best practices
13 SEPTEMBER 2013
FIND US ON TWITTER
Tweets about "#bigdata or #Analytics or #cloud"
FIND US ON FACEBOOK
Find us on Facebook
498 people like ITNext.
ITNext
Like
Facebook social plugin
ITNext
IOS 7 Screenshots (5
photos)
20 September at 09:49
RESOURCES
MORE
OPINION POLL
What percentage of On-Premise solutions will be
replaced by the Cloud Services in your organisation?
Poll result
<10% (50%)
20% (0%)
30% (25%)
Panda Antivirus Command Line
Panda Software | Freeware
Updated on 23 September 2010
SysAid Help Desk and Asset Management
SysAid Technologies | Freeware
Updated on 22 September 2010
Windows Malicious Software Removal Tool
Microsoft | Freeware
Updated on 21 January 2010
TOOLKIT WHITEPAPER REPORT
Close

2. How to Solve the BYOD’s Security Conundrum -ITNEXT
http://www.itnext.in/content/how-solve-byod’s-security-conundrum.html[9/23/2013 4:58:53 PM]
MEDIA KIT
uncertainty of when these devices connect to the corporate network, a CISO faces
the challenges of ensuring that these are patched properly and reviewed,” he adds.
“A challenging but important task for companies who utilise BYOD is to develop a
policy that defines exactly what sensitive company information needs to be
protected and which employees should have access to this information, and then to
educate all employees,” says Govind Rammurthy, MD & CEO, eScan.
Bring your own device (BYOD) to work may make employees happy but it often
translates into the IT department handling the headache of safeguarding sensitive
data, supporting multiple devices and making things click together. Personal devices
such as the Tablet, Smartphone, laptop, etc. are generally harder to secure than
organisation-issued devices, as using these devices can put the organisation’s
information and systems at a high risk of compromise. In most organisations, BYOD
cannot be used as it is not secured easily and effectively.
Also, as mobile devices undergo rapid transformation and new devices flood the
market at regular intervals, CIOs will have to keep pace with changes in devices
and their adoption, constantly changing and managing the permitted list of devices
and security policies around them to better answer BYOD. In many enterprises
today, mobile devices have become the weakest link in the security strategy.
Need to Counter: What are the Best Tools and Practices ?
As the security landscape gets more complex than ever before, CIOs need to
leverage sufficient security solutions to safeguard the information at each and every
level.
Atul Khatavkar, VP, IT Governance, Risk and Compliance, AGC Networks, strongly
recommends best practices around enterprise Policy/Guidelines/Handbooks that
clearly address BYOD issues raised above--End Point Security Tools, Data privacy
management tool and BYOD management tools.
Khatavkar further points out that the stronger adoption of BYOD is now leading
towards BYOD for social networking on the go. Therefore, it is important to set clear
guidelines on defamation, data protection and privacy. Additionally, encouraging
direct forms of communication will help in restricting access to data loss. There is a
strong need to educate the staff on organisational IT policies.
It is also important to keep data back -up strategies in place while being compliant
with security certifications such ISO 27001, SSAE 16, SAS 70, SOC 2, ISO 22301
etc..
“While mobile computing is being promoted to be able to have real time data and
information, organisations must ensure that devices are hardened and updated to
handle malware,” says Khatavkar. In parallel, an organisation can implement
policies like allowing different kinds of employees to access varying levels of
information from their device, risk based user profiling, limited extent of information
accessible to users, developing security awareness for BYOD Users, encouraging
employees to report violation or loss immediately, so that organisations can take
appropriate action to build a robust environment
Das recommends having a well-defined BYOD policy with compulsory device
enrollment in place, security awareness of end users, ensuring malware protection
to be enabled on all devices, ensuring having mobile device management (MDM)
tools which are standardised across devices and device level encryption.
Sunil Varkey points that a combination of MDM solutions with proper
containerisation with a mature process on defining, monitoring and controlling what
data and application can be accessed by BYOD along with strong user awareness
on the criticality of any data loss or leakage is the right ideal solution. “ BYOD
adoption should be in a phased manner related to application, user base and data
moving to BYOD and a strong policy should defined and published so that
expectations from BYOD will be clear to all constituents,” says Varkey.
Ghosh has suggested five key areas that every company should consider as they
establish their mobile strategies to ensure high productivity without increasing their
vulnerability:
Ensure secure access to apps: This means maintaining a strong focus on identify
management. Organisations must focus on developing strong password policies for
their employees’ mobile device use.
Protect your apps and data: With many organisations considering providing mobile
access to enterprise content, it places a lot of sensitive data on mobile devices.
Direct control of specific, critical apps and data (as opposed to device-based
control) is a very effective approach to apply the desired layers of protection exactly
where they are needed, without touching the remainder of the device.
Put in place effective device management: Devices that access business assets and
connect to company networks must be managed and secured according to
applicable company policies and industry regulations. Every company should
establish appropriate mobile policies, and those should be applied to all managed
devices, just as policies and configurations are applied to corporate PCs and
laptops. Solutions towards this include mobile device management applications,
such as remote locking and wiping of stolen or lost devices.
Implement comprehensive threat protection: The fact is that mobile devices are
rapidly becoming the new preferred target for bad guys. Different platforms have
different risk profiles, and it is important to understand where vulnerabilities exist
and to take appropriate action to secure business assets. Good threat protection
should protect from external attacks, rogue apps, unsafe browsing, theft, and even
poor battery use.
Supply secure file sharing: Although access, storage, and sharing of files are not
uniquely mobile challenges, multiple device ownership and the need to collaborate
make the cloud a driver for productivity, allowing for simple distribution and
synchronising of information across devices. Businesses should have full
administrative control over distribution of, and access to, business documents on
any network, especially in the cloud.
40% (25%)
50% (0%)
view older polls

3. How to Solve the BYOD’s Security Conundrum -ITNEXT
http://www.itnext.in/content/how-solve-byod’s-security-conundrum.html[9/23/2013 4:58:53 PM]
ABOUT US | CONTACT US | SUBSCRIBE | SITE MAP | TERMS OF USE | PRIVACY POLICY | ADVERTISE | MEDIA KIT | ABOUT TEAM
Also Visit: 9.9 Media | Industry 2.0 | Thinkdigit | Digit Channel Connect | Skoar! | London Speaker Bureau | The CTO Forum | The Growth Institute |
Consumermate | CFO India | iGovernment | EduTech | Convergence
Copyright © 2009-10 Nine Dot Nine Mediaworx Pvt. Ltd. All Rights Reserved
Your name: *
E-mail: *
Homepage:
Subject:
Comment: *
Math question: *
e) Employee education: Educating employees about the importance of placing
stronger passwords, and using reliable security software for their devices and
keeping the software updated is a must. Put in place processes that would
authenticate employees and their respective devices. This would avoid multiple
devices from being used by unauthorised people.
Related Articles
How to Assess Security Risks in a Scientific Fashion
Two way authentication tool leverages MS Exchange 2013 Server
How to Solve the BYOD’s Security Conundrum
Comments
There is no comment for this story, please post a comment.
Post new comment
The content of this field is kept private and will not be shown publicly.
8 + 11 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.
Input format