Today’s workforce believes in working their way and so the work done matters and not the place. The liberty to do the work their way is backed by BYOX phenomena and hence it has become the “Buzzronym” of the season. In this blog post Jaspreet Singh, Associate Director, IT Risk and Assurance highlights the evolution of BYOD (device) to BYOX where ‘X’ could be anything or everything.
In the current economic environment, companies are demanding that employees be more productive. Having a robust mobile program that allows personal devices to be used safely in a work capacity can raise employee productivity and be a significant competitive advantage; it can even yield higher recruiting acceptance rates. Bring your own device (BYOD), presents an attractive option to organizations.
Not long back IT department of companies provided their employees with all the necessary technological support in order to achieve high productivity and manageability. But the current era marks a change in the whole working paradigm of the companies. BYOD was just the first step of the evolution leading to BYOX where ‘X’ could be anything or everything. It could be BYOD (device), BYOA (App), BYOI (Identity), BYOT (Technology), BYOC (Cloud), etc. ‘D’ showed us the beginning, and now we have been welcomed to the onerous world of ‘X’.
BYOX is surely giving rise to IT consumerization. As the workforce is getting more comfortable in using their own devices, the demarcating line between work and personal activities is diminishing. While BYOX gives more convenience and support to employees, at the same time it makes the task of maintaining secured network and control difficult for the companies.
The BYOX trend makes clear that most enterprises will not be able to keep consumer technology off-premise. IT will have to spend and work to meld these technologies into operations. The trick will be to do so in ways that enable the organization to realize a counter-balancing payback. Let workers use their own tools, but make sure those tools stay safe and deliver benefits to the company’s bottom line.
As per the Ponemon Institute’s 2012 data breach report, 51% of surveyed organisations experienced data loss due to use of insecure mobile devices by their employees. By 2018, around 70% of employees will work on their own smart devices as per Gartner. In fact only 55% of employees reported to have their data wiped remotely in case of lost smartphones.
Now, if we see all the facts together, there exists scenario of data breach in the present time and this will increase manifolds with the massive upsurge in BYOX.
It was easy to control the web access in the network by configuring the firewall and blocking certain ports or protocols earlier. In the second generation when applications have established their wide presence, use of dynamic ports and registration servers have made blocking applications less effective. Employees will have access to their personal mails, network storage, IM, web chat, online brokerage and trading sites, etc. through BYOX but indirectly they will be connected to the organisation’s network. If any malicious software was accidently downloaded from these websites it can cause harm to the whole network and can create backdoor entries for the intruders.
Second Generation Applications like Tor, iOS and other anonymizers are built around the structure to bypass security considerations to support dynamic configurations.
The other risk associated is lack of visibility over devices connected to the network. The existence of unaccounted personal devices, application, identity, technology and cloud increases the challenge of monitoring and identification of information leakage. The ‘X’ factor will increase the number of logs generated. This again will create a challenge for log parsing, log indexing and log disposal. Other than this, with the increase in number of logs, log security will be more difficult.
The devices may contain confidential information of the company and credentials of the user. Losing such device may pose serious consequences (Financial, Legal, Reputational, etc.).
BYOD and MDM (Mobile Device Management) is used for securing, monitoring and managing the mobile devices since they are being used now days to access corporate data. Along, with the expansion of it’s threats and vulnerabilities have also increased due to which MDM has not capable enough to apply security controls. This demands the need of strong security framework for BYOX.
Employees bringing their own computing device have the ability to create their own wireless network. Once this network has been created the employee can log into corporate applications and monitoring such activity will be difficult. It can cause severe data theft.
The End Point Security is also a concern. Generally the devices used in the company are protected with encryption which might not be there in the personal devices. This vulnerability could be used by hackers to exploit the network and it will hamper the data integrity.
When the market is flooded with smartphones and tablet computers, different cloud services, etc. will require regular updating of policies to cater everything.
TACKLING THE ‘X’
While BYOX is providing convenience to the employees it also has its security implications some of them which can be addressed as follows.
- Companies should make amendments in the policies which clearly articulate the permitted use of technology and network.
- Network segmentation could also be used by using a separate network to transfer respective data. There could be separate networks for regular employees, guests, clients, vendors, administrator etc.
- For secure and efficient BYOX, application and system controls plays an important role. First step towards security could be to identify different applications running in organization’s network. . The next step is monitoring of the identified applications which includes traffic monitoring, activities, critical events etc.
- Standards and regulations like ISO 27001, PCI-DSS, and HIPAA etc. will help in examining risk and applying controls. Risks evaluation becomes easy with these standards and controlling gets structured.
BYOX is the need of the hour; the only catch is how fast any enterprise can implement it in a secured manner. The future of BYOX depends on how exactly people want to realize this: as a challenge (insecurity) or as an opportunity (adapting the Nnew technology) to ease the work.