|
Jul 02
2012
|
BYOD not going away. It’s driven by a huge mismatchPosted by John Ginovsky in Making Sense Of It All   |
|
The latest round of bring-your-own-device surveys come to the same conclusions: Employees tend to have better techno-gadgets than their employers; employees prefer using them to do their jobs; the gadgets present terrible security risks to employers; and companies need to mount robust security measures for their own protection.
A Forrester Research study of 5,000 technology end users in the United States and Europe, found that workers spend an average of $1,253 annually of their own money for computers to do their jobs. However, only 12% of companies encourage those workers to do this, while the rest actively discourage it.
Why would a worker feel the need to spend so much out of pocket? Forrester says it’s because:
• Windows XP is 11 years old and still in use on more than 50% of corporate desktops and laptops.
• Most tools and practices currently used for endpoint management and security were developed in the early 2000s.
• Locked-down PCs lock out new sources of productivity.
“The mismatch between employee needs and IT’s position is obvious, but few organizations are adequately prepared to change course,” Forrester’s report says.
Several things need to be done, according to various analysts. Organizational security needs to be addressed; internal systems need to be rewired to accommodate the increasingly mobile nature of the workforce; and everybody, management and workers, need higher awareness of security procedures.
An inevitable requirement
Gartner’s worldwide survey of technology users finds that 90% of enterprises have already deployed mobile devices, mainly smartphones but with tablets coming on strong.
“Healthy growth in smartphone and media tablet shipments over the next five years will enable a much higher level of IT consumerization than is currently possible,” says Chae-Gi Lee, research director at Gartner. “Enterprises should recognize this and look to ‘mobile enable’ their IT infrastructure for employees to meet the growing demand for mobile device use in the enterprise IT environment.”
Referring directly to BYOD, Gartner recommends focusing on mobile data protection, network access control, and mobile device management tools. “These technology factors are essential to establish a standard mobile platform for enterprises,” says the Gartner report.
Furthermore, “Gartner believes that BYOD is an inevitable requirement and recommends that a mobility strategy team should be established as part of the IT department for data management and control. In addition, enterprises should create a BYOD policy for balancing cost control and reimbursement.”
Don’t forget the switch
Dimension Data’s study finds that the BYOD, or consumerization, trend goes beyond the endpoint devices—or rather, between. “There’s often a disproportionate focus on endpoints such as laptops, tablets, smartphones or virtual machines. However, organizations cannot ignore the basic routing and switching equipment at the core of the network,” says Raoul Tecala, business development director at Dimension Data.
“Without adequate planning, organizations can expect traffic jams and performance bottlenecks. It’s like building a number of new onramps onto a motorway and not adding new lanes to carry the additional traffic,” he says.
Of course, several vendors have entered this niche. Here are just a couple of recent ones:
• Runzheimer International offers a BYOD service that promises to allow employees to use their own gadgets at work if they agree to remain compliant with company standards.
• Kony Solutions offers a suite of services to allow businesses to enhance and extend their mobile application development and management capabilities across business-to-employee, business-to-business, and business-to-consumer environments.
ABA’s Corporation for American Banking endorses Trustwave for IT security systems in banks. The company recently unveiled several new and enhanced security solutions to help banks and other business protect against the growing number of stealthy and sophisticated cyber security attacks.
In particular, Trustwave offers Network Access Control to prevent the propagation of malware-based attacks by recognizing, isolating, and removing malware-infected devices from the network.
“Our NAC technology has the ability to fingerprint BYOD-type devices including smartphones, tablets, and personal laptops,” Trustwave’s Mark Polimus told Tech Topics. “Currently, we’re able to interrogate laptops to a greater extent and are working on providing a similar level of support to the latest wave of BYOD device types. Long and short, we can tell you what BYOD devices are connected to your network and do some level of limiting access.”
BYOD security checklist
Earlier this year, Trustwave issued a half dozen common sense security points for any corporate BYOD security strategy:
• Educate employees—The best intrusion detection systems are neither security experts nor expensive technology, but employees.
• Identify users—Focus on achieving a state where every user-initiated action is identifiable and tagged to a specific person.
• Homogenize hardware and software—Reduce fragmentation through standardization.
• Register assets—A complete inventory or registry of valid assets can provide the insight needed to identify malware or a malicious attack.
• Unify activity logs—Combining the physical world with the digital affords organizations with new ways to combine activities and logs to identify security events more quickly.
• Visualize events—Log reviews alone are no longer sufficient. Visualizing methods to identify security events within the organization better narrows security gaps.
Why would a worker feel the need to spend so much out of pocket? Forrester says it’s because:
• Windows XP is 11 years old and still in use on more than 50% of corporate desktops and laptops.
• Most tools and practices currently used for endpoint management and security were developed in the early 2000s.
• Locked-down PCs lock out new sources of productivity.
“The mismatch between employee needs and IT’s position is obvious, but few organizations are adequately prepared to change course,” Forrester’s report says.
Several things need to be done, according to various analysts. Organizational security needs to be addressed; internal systems need to be rewired to accommodate the increasingly mobile nature of the workforce; and everybody, management and workers, need higher awareness of security procedures.
An inevitable requirement
Gartner’s worldwide survey of technology users finds that 90% of enterprises have already deployed mobile devices, mainly smartphones but with tablets coming on strong.
“Healthy growth in smartphone and media tablet shipments over the next five years will enable a much higher level of IT consumerization than is currently possible,” says Chae-Gi Lee, research director at Gartner. “Enterprises should recognize this and look to ‘mobile enable’ their IT infrastructure for employees to meet the growing demand for mobile device use in the enterprise IT environment.”
Referring directly to BYOD, Gartner recommends focusing on mobile data protection, network access control, and mobile device management tools. “These technology factors are essential to establish a standard mobile platform for enterprises,” says the Gartner report.
Furthermore, “Gartner believes that BYOD is an inevitable requirement and recommends that a mobility strategy team should be established as part of the IT department for data management and control. In addition, enterprises should create a BYOD policy for balancing cost control and reimbursement.”
Don’t forget the switch
Dimension Data’s study finds that the BYOD, or consumerization, trend goes beyond the endpoint devices—or rather, between. “There’s often a disproportionate focus on endpoints such as laptops, tablets, smartphones or virtual machines. However, organizations cannot ignore the basic routing and switching equipment at the core of the network,” says Raoul Tecala, business development director at Dimension Data.
“Without adequate planning, organizations can expect traffic jams and performance bottlenecks. It’s like building a number of new onramps onto a motorway and not adding new lanes to carry the additional traffic,” he says.
Of course, several vendors have entered this niche. Here are just a couple of recent ones:
• Runzheimer International offers a BYOD service that promises to allow employees to use their own gadgets at work if they agree to remain compliant with company standards.
• Kony Solutions offers a suite of services to allow businesses to enhance and extend their mobile application development and management capabilities across business-to-employee, business-to-business, and business-to-consumer environments.
ABA’s Corporation for American Banking endorses Trustwave for IT security systems in banks. The company recently unveiled several new and enhanced security solutions to help banks and other business protect against the growing number of stealthy and sophisticated cyber security attacks.
In particular, Trustwave offers Network Access Control to prevent the propagation of malware-based attacks by recognizing, isolating, and removing malware-infected devices from the network.
“Our NAC technology has the ability to fingerprint BYOD-type devices including smartphones, tablets, and personal laptops,” Trustwave’s Mark Polimus told Tech Topics. “Currently, we’re able to interrogate laptops to a greater extent and are working on providing a similar level of support to the latest wave of BYOD device types. Long and short, we can tell you what BYOD devices are connected to your network and do some level of limiting access.”
BYOD security checklist
Earlier this year, Trustwave issued a half dozen common sense security points for any corporate BYOD security strategy:
• Educate employees—The best intrusion detection systems are neither security experts nor expensive technology, but employees.
• Identify users—Focus on achieving a state where every user-initiated action is identifiable and tagged to a specific person.
• Homogenize hardware and software—Reduce fragmentation through standardization.
• Register assets—A complete inventory or registry of valid assets can provide the insight needed to identify malware or a malicious attack.
• Unify activity logs—Combining the physical world with the digital affords organizations with new ways to combine activities and logs to identify security events more quickly.
• Visualize events—Log reviews alone are no longer sufficient. Visualizing methods to identify security events within the organization better narrows security gaps.
Related articles
Unauthorized BYOD use increasing
Unauthorized BYOD use increasing
Sources used for this report include:
Prohibition Of Employee-Owned Technology Is Driving IT Underground
Gartner Survey Shows BYOD Is Top Concern for Enterprise Mobile Security
If Not Upgraded, Networks Could Buckle Under New Technology Trends
Trustwave Report Reveals Global Data Breach and Security Trends
Kony Announces the Industry’s Most Comprehensive Portfolio for Building and Managing Mobile Applications for Employees, Partners and Consumers
New “Bring Your Own Device” (BYOD) Service Bridges Gap Between Employee Privacy and Employer Mobile Device Management
Prohibition Of Employee-Owned Technology Is Driving IT Underground
Gartner Survey Shows BYOD Is Top Concern for Enterprise Mobile Security
If Not Upgraded, Networks Could Buckle Under New Technology Trends
Trustwave Report Reveals Global Data Breach and Security Trends
Kony Announces the Industry’s Most Comprehensive Portfolio for Building and Managing Mobile Applications for Employees, Partners and Consumers
New “Bring Your Own Device” (BYOD) Service Bridges Gap Between Employee Privacy and Employer Mobile Device Management
| About the Author | |
TrackBack URI for this entry
Subscribe to this comment's feed
