By JP Blaho
The increased availability of powerful ultrabooks, smartphones, and tablets is blurring work and home life for many users. And most users don’t want to maintain two sets of contacts, calendars, and files, or lug around two devices when one would do.
Many companies are adopting a Bring Your Own Device (BYOD) approach where workers can use their own devices to access company resources such as email, files, applications, and databases.
To put the BYOD movement into perspective, consider that a recent industry study found that 44 percent of firms had a BYOD policy in place in early 2012, and that number increased to 94 percent in 2013. There are several reasons for this rapid embracement of BYOD. Workers get an improved user experience, and the flexibility of being able to use one device for personal and work chores helps make workers more productive since they can conduct business anywhere at any time. In turn, this increased worker productivity helps companies gain a competitive advantage.
However, as BYOD becomes more commonplace, companies must address new security challenges. A significant problem is that IT loses control of a device’s configuration and its security settings, which can leave a device and the corporate network open to threats. Yet, users will continue to push for access to corporate resources and data using these devices. As a result, companies will continue to struggle with mobile governance, which Gartner defines as the management of the people, policy, and process issues.
3 BYOD Models You Need to Know
BYOD changes the risk environment for companies. Similar to what they have done to support teleworkers and other mobile users, organizations must deal with malicious software that can steal data or give unauthorized users access to company resources and companies must grapple with data privacy, protection, and loss through device theft or failure.
Complicating matters is that the way BYOD users access data has also changed. In fact, organizations often must support three BYOD access methods, all of which have different security and data protection challenges.
One way to provide access is to develop native apps for BYOD workers. There are several security issues to consider with this approach. User authentication and access control are essential because the user will have full access (via the BYOD device) to the data associated with that application. If a device is compromised, this can give hackers unrestricted access to that data. So organizations will need a way to monitor for unusual activity (such as the downloading of entire databases). Additionally, data access via a BYOD native app is stored on the mobile device, thus requiring tools to recover data if it gets deleted or corrupted and a way to wipe the data if a device is lost or stolen.
Some companies avoid full-blown native apps and instead use apps or a BYOD device’s browser to point users to mobile-friendly portals and websites. This lets employees and customers easily access and read information. Here again, user authentication, access control, and monitoring for unusual activity are important.
Alternatively, a company could provide a BYOD user with access to corporate servers and data through virtual desktop technology. An advantage with this approach is that data resides on company servers and is easier to protect. But user identification and authentication processes must be robust since the BYOD user will have broader access to company resources. Threat management, intrusion detection, identity control, and content awareness are essential to ensure data and systems are protected in case a hacker compromises a BYOD device and uses it to gain access to company systems.
SunGard as Your Technology Partner
BYOD raises familiar security threats, but requires new ways to safeguard systems and protect data. While organizations can try to address the BYOD security on their own, the 24×7 nature of BYOD usage, variety of devices and access methods, and increased mobility of BYOD users can easily overwhelm IT departments that are already being asked to do more with fewer resources.
That’s where SunGard can help. SunGard offers a variety of managed security services that help organizations secure their BYOD operations.
To start, organizations can provide BYOD users with secure access to company resources using SunGard Managed Firewall and VPN Services. These services deny access to unauthorized users, give authorized users seamless access to servers and applications, and protect data traveling over the Internet through encryption.
To ensure that only authorized users access company resources, organizations can use SunGard’s Identity and Access Management Service. The service lets an organization configure and manage user access and authorization easily and securely. The service is based on industry-leading authentication and authorization technologies including managed digital certificates, access services, and two-factor authentication. The service also delivers managed content and malicious site filtering, as well as virus detection and malicious code scanning of e-mail, ftp, and web traffic.
Even with these safeguards in place, providing BYOD users with access can open an organization up to risks if hackers compromise the BYOD device or an authorized user goes rogue. This is an area where another SunGard Managed Security Service can help.
SunGard’s Managed Unified Threat Management (UTM), or Managed Intrusion Detection and Prevention (IDS/IPS), Services provides intelligent sensing of malicious activities coming from inside or outside a company network; real-time identification and prevention of actual hostile attacks including DDOS attacks, SQL injections, Trojans, IP spoofing, and advanced persistent threats (APT); and the Managed IDS/IPS Services can be configured to block events before they impact systems or networks.
The threat management and intrusion detection services can be complemented by using SunGard Log and Threat Management Services. Log Management provides on-demand collection, storage, reporting, and analysis of log data for Windows event logs, syslogs and flat files in order to identify suspicious activity. Threat Management provides broad scanning capabilities, including comprehensive analysis for an infrastructure and business-critical applications. The services also assists in compliance with a broad range of regulatory requirements, including SSAE 16 Type II audits and PCI DSS 2.0, HIPAA, SOX, GLBA, CoBIT regulations.
All of the SunGard Managed Security Services are based on industry-certified best practices and offer 24×7 protection. The services are run by experienced managed security analysts who are experts in keeping information protected. Many possess the Certified Information Security Systems Professional (CISSP) designation, and they are continually trained in the identification and mitigation of Internet-based security threats.
Additionally, SunGard’s Managed Security Services are vendor-neutral and fully managed. They can be customized to meet an organization’s unique business needs.
Taken together, the SunGard Managed Security Services offer organizations a way to embrace BYOD, while ensuring its systems and data are protected.