SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
BYOD security in remote work era still riddled with issues
Fri, 10th Jul 2020
FYI, this story is more than a year old

Bring your own device (BYOD) programs have existed for years -and with the massive uptake in remote working, it seems that BYOD security is once again in the spotlight.

Bitglass' 2020 BYOD Report suggests that BYOD and personal device security in organisations still leave much to be desired, even as more organisations adopt flexible BYOD arrangements.

According to the report, 66% of polled respondents say that employees at their organisation are permitted to use personal devices for work, while many other organisations enable BYOD for contractors, partners, and suppliers.

Furthermore, respondents are aware of security risks such as data leakage, which is a top concern for 63% of respondents. Users downloading unsafe apps or content also ranked highly (57%), followed by lost or stolen devices (55%), unauthorised access to data and systems is also a concern (53%), and risk of malware infections (52%).

Other risks include the inability to control endpoint security, the logistics of device management, ensuring software is up to date, and compliance.

Despite being aware of the risks associated with BYOD, organisations are still leaving major gaps in their efforts to secure corporate data.

According to the report, 51% of organisations have no visibility into file sharing apps, 30% have no visibility or control over mobile enterprise messaging tools, and 9% use cloud-based anti-malware solutions.

However, BYOD also presents privacy issues, which may be why security policies are floundering somewhat.

Organisations need physical access to corporate-owned devices and managed endpoints, but it's a different story when a BYOD device is owned by an employee.

Respondents say that they need the following things when provisioning a managed mobile device: Physical access (59%), a device PIN (52%), root access (36%), a user's cloud backup password (21), and other (12%).

Many organisations report they have visibility into the following applications on BYOD: email (74%), calendar (57%), contacts (57%), messaging (50%), file sharing (49%), cloud backup (34%), document editing (31%), virtual desktop (24%), and other (12%).

Bitglass CTO Anurag Kahol explains, “The top two reasons enterprises hesitate to enable BYOD relate to company security and employee privacy. However, the reality is that today's work environment requires the flexibility and remote access that the use of personal devices enables.

Kahol suggests that organisations implement comprehensive cloud-based security platforms that secure all interactions between users, devices, apps, and web destinations.

The report suggests that organisations use data loss prevention (DLP) to protect data at rest and in transit, even across personal endpoints. They should also used agentless advanced threat protection to block threats.

Organisations could also consider selective wipes for removing company data from employees' personal devices without affecting their own personal data.