Q

Advice on IT security for users when the BYOD security policy fails

Security expert Nick Lewis suggests how each individual enterprise can deal with mobile security risk by instituting a BYOD security policy to fit its needs.

A study conducted by Ponemon Institute and sponsored by Websense indicates that 59% of respondents circumvent security

features on mobile devices used for work. What are your thoughts on the study? How do you control the risk posed by mobile devices when users disregard BYOD security?

Fifty-nine percent seems like a large percentage of respondents circumventing security features on mobile devices or even having security features enabled. But, comparing that to the percentage of respondents who would bypass security controls on their desktops to ensure their productivity is just as interesting. How does the risk compare between the two scenarios? My guess is a similar percentage would circumvent security features on the desktop (and often do) if it makes their lives easier.

Ask the expert!

Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)

Enterprises can control the risks posed by bring your own device (BYOD) products and shore up IT security for users in a number of ways, ranging from outright banning personal devices to allowing any device anytime. Most organizations' BYOD policy falls in the middle of this spectrum based on business need and risk tolerance. Ultimately, many decisions regarding BYOD security may come down to enterprise IT budgets.

A number of good documents exist on BYOD security, but each individual organization needs to formulate its own BYOD security policy prior to widespread mobile device implementation so it aligns with the organization's overall IT and business strategy. Some organizations have attempted to control BYOD by using network access controls where a dissolving agent checks a system's security health for up-to-date patches, antivirus signatures and other items, and then allows the system to connect to the network. At a minimum, this helps keep BYOD systems updated for patches and antimalware tools; security increases if more in-depth checks are used. Develop a BYOD security awareness campaign that explains why users need to implement certain settings. If they are using their own equipment, an enterprise may already be positioned to keep its users aware of why security controls are necessary.

This was first published in September 2012

Dig deeper on Handheld and Mobile Device Security Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close