Securing Organizations in a BYOD World

It seems like the number of companies embracing bring-your-own-device (BYOD) policies is growing every day, with some countries seeing double digit percent growth in the number of mobile devices each year . Some people estimate  that the amount of active mobile devices (including cellular phones) will exceed the population of the earth by 2014. But solutions to security problems posed by these devices are still lagging behind.

Internationally, BYOD is growing faster in nations like China, Brazil, Russia and India, and slower in places like Germany and France—but be that as it may, industry experts expect that 85 percent of companies will eventually have some sort of BYOD model in place. With that kind of growth, those nagging security issues will quickly come to the forefront of every IT person’s mind. Although a high-speed internet connection may be all most employees want, how can an organization monitor access and the flow of business information? Who is just connecting to social media during lunch, who is using a tablet for a majority of their work and why does a company even need to worry about it? One aspect that all companies need to address with BYOD is that of network access control and monitoring. Today’s economy is driven by knowledge, and usage information is immensely valuable to an organization of any size.

There are various things to consider when looking at security in a mobile world. One major issue is what kind of network users are on when accessing data. Wireless internet at coffee shops, restaurants and libraries can be heaven for someone with malicious intent. The unsecured nature of these networks makes it much easier for someone to obtain data from a mobile device. From internal security breaches and external attacks to compliance and auditing, it’s a hard world to be in:

  • Mobile devices and the data they carry are much more vulnerable to theft or loss.

  • IT has little to no visibility into a mobile device or its security measures.

  • Data accessed on a mobile device is difficult to track at best.

  • Mobile devices are much more susceptible to malware, as users bypass inbound filters.

  • Employers must respect employee privacy, but corporate data must stay secure.


All of these issues may seem small—and they may be when approached alone. But an organization can have thousands of employees with their own mobile devices. A once-in-a-lifetime event for one person can mean dozens or hundreds of events per day for a company; it’s vital that an organization’s security be prepared for anything.

Once you have mobile device management in place, the issue then becomes security management. IT potentially has to deal with thousands upon thousands of security events from inside and outside the company that pile up faster than they can be dealt with. BYOD makes it harder to keep track of devices and data, so understanding your environment from a security standpoint is vital.

Sumitomo Mitsui Banking Corporation (SMBC) was looking for a solution to exactly address this problem in its own environment. “We needed a way to analyze it automatically, take a look at it and bring down the number of events into a small series of actionable alerts we could respond to in a timely manner,” said Ely Pinto, Solutions Architect for JRI America/SMBC.

SMBC is one of the largest banking organizations in Japan and has global reach, making it vital that the information on its servers stay secure. With the worldwide growth of BYOD, it is more important than ever that an organization have a comprehensive strategy to stay on top of security and compliance.

Banking is a heavily-regulated industry, and one in which a data breach can have devastating consequences for both the bank and all of its customers. With more employees now bringing mobile devices to work, complying with those regulations is becoming much more difficult. Employers are working with their employees to try to bring about a secure BYOD environment. The situation is getting better, but some security teams have difficulty keeping up with threats—which has led industry experts to see a long road ahead.



With help from NetIQ, SMBC is starting to solve some of these problems. “We worked with NetIQ to put together an ecosystem of different security products that would together give us better insight into what was happening in our environment,” says Pinto.

By teaming with NetIQ, SMBC was able to streamline its security events log into something manageable and to better deal with actual security threats, rather than just reacting to things that were out of place. Dealing with real problems rather than perceived ones has led SMBC to a much more secure environment.

Almost all organizations have begun to implement some sort of BYOD policy as part of a more complex IT landscape. But with that increasingly complex environment comes more sophisticated threats. Watch this video and see how Sumitomo Mitsui Banking Corporation met this challenge, then visit netiq.com to learn about how we can help you secure your BYOD environment.

Labels:

Identity & Access Mgmt
Anonymous