Posts

bring your own device (BYOD)

Bring Your Own Device (BYOD) Security Pitfalls

bring your own device

The Bring Your Own Device (BYOD) movement is gaining a strong foothold in the US with 72% of organizations already implementing BYOD or planning to do so. In the workplace, BYOD presents an attractive business model to be followed, allowing for greater flexibility and increased productivity among employees. However, there are several security risks that need to be addressed. With personal devices like smart phones and tablets handling corporate data, there is now an enormous burden placed on companies to find a balance between preventing outside intrusion and respecting the privacy of their employees.

SMBs and enterprises alike are responsible for maintaining data security standards and this task can get easily complicated with the introduction of BYOD. To take control of your company’s BYOD policies, consider these associated challenges:

1. BYOD allows personal and business data to intertwine and mix

A big challenge for companies is managing both personal and corporate data on the same device of each employee. This is because the likelihood of employees having the same level of security protecting a company’s internal networks on their personal devices is pretty low. That brings into question potential cyber threats arising from unsecured networks. Logging into a secured company network is one thing but logging into an unsecured public network can be disastrous for both the company and the employee. Furthermore, malicious malware may further corrupt an entire company’s system should an employee accidentally install it onto their device.

2. BYOD increases the risk of data and information leakage

When an organization has a BYOD policy in place, it can open multiple backdoors for hackers to access confidential data, thereby increasing the overall risk of cyber threats against the entire organization. Mobile phones and tablets are more risky than PCs and laptops since they require constant (even daily) updating to patch security bugs. While BOYD has its benefits, companies must realize that personal devices present a weak link to security within the workplace and need special attention.

3. BYOD introduces human error/physical obstruction possibilities

Even if employee devices have password controls, remote lock features, or encryption enabled, there is always the possibility of an employee device being misplaced or stolen. Careless employees might be an IT administrator’s worst nightmare as there is not much they can do to retrieve the device once it has been stolen. One simple but effective measure to prevent outsiders from gaining access to the device is by using a PIN code. However, with hackers becoming increasingly clever at cracking down PIN codes, added protection like a wiping solution may be necessary to eliminate the possibilities of data theft.

4. BYOD makes it harder to keep track of vulnerabilities and updates

Not all mobile devices are created equal. They have different capabilities and operating systems that run different programs and with different levels of security. As more personal devices are added under a BYOD policy, it will become more difficult to keep track of the vulnerabilities and updates of each device. This is because employees are utilizing different applications on their devices and, without proper encryption or other security measures, the risks expand. Worst still, if it is an older device, a different set of unknown or undocumented vulnerabilities may arise, making it all the more dangerous. Security experts may suggest investing in a mobile device management (MDM) platform, but that will require employees to install an agent on their personal devices, which many employees are likely to oppose.

Even before setting up a BYOD policy, a company should research the current security options that are available for them. Single Sign-On (SSO) for example is an effective method for preventing hackers from logging into employee devices. If an organization has one centralized platform to handle identity management, then it becomes easier to handle web application access across the different devices in the network, as employees will log in to this platform only once to have their credentials authenticated and approved. While it is important for thorough BYOD policies and procedures to be put in place to secure employee devices, it’s also vital to educate employees on these basic security practices for protecting their personal devices so security becomes a company-wide effort.

Integrated DB Server Management Tool: ISign+

Penta Security Systems’ ISign+ is an authentication security solution. It integrates an authentication server, database server, management console, and policy server into one appliance.

Other existing authentication security solutions that include Single Sign-On (SSO) require separate installation and deployment of the servers listed above. The strong point of ISign+ is the shortened deployment period and cost. This is done mainly by integrating everything into one appliance. The technology of ISign+ can be implemented to a cloud environment easily. Not only are related servers, but also the authentication security interface can be implemented to the cloud, maximizing enterprise resources.

However, Penta Security System provides ICF Intelligent Service (CIS) that upgrades and patches the software in real-time by monitoring services. Penta Security explained, “The software can maintain the latest version and the service can be free from all the ATP, web, and DDoS attacks that have become much more sophisticated.” All information about the environment and status of SSO agents, installed in each business server, is saved and managed in the built-in DB. As a result, response to an error is immediate in case of a failure touj a related server.

authentication security solutions are needed.

Also, the tremendous amount of data exchanged between applications during the deployment of an SSO solution is executed by the Data Sync Manager, thereby eliminating the need for internal developers. ISign+ complies with SAML2.0, the international standard, so that it supports mobile and almost all business environments, including Google Apps and Salesforce.com.

A need for authentication security solutions

The Open Web Application Security Project (OWASP) announced its top 10 web application vulnerabilities, with missing function level access control, broken authentication and session management among them. The invalid authentication and session management system has recently emerged as one of the hottest security issues.

ISign+ provides strengthened authentication through secure token and session encryption, with verified encryption modules developed by Penta Security R&D center. Therefore, ISign+ can respond to these threats effectively.