We have seen the development of Bring Your Own Device (BYOD) to work explode from the adoption of gadget-junkies, to what is now a common sight in the office. BYOD has allowed for more convenience and independence for workers, as well as become a new challenge for IT security. With BYOD here to stay, we are now seeing a new trend with even greater security challenges, Bring Your Own Application (BYOA).All of these wonderful devices that workers bring into the office are loaded with helpful work-related applications. Most companies allow for BYOD, especially if it keeps workers motivated and productive, while others see BYOD as a security risk and ban all personal devices and applications. In a 2012 survey, network security company Fortinet found that workers are not deterred by their employer’s BYOD discrimination policies, 30% of respondents admitted to using a banned device at work in order to do their job. Perhaps the extra productivity cancels out the insubordination?
The attractive nature of personal devices is that the owner can customize the functionality of the device to achieve tasks in a manner the suites them best. This often means finding ways to complete a project using personal applications not approved by the company. This can be a huge network security risk, because now you have third party software accessing company data. Even if an IT department has taken great measures to register and secure every personal device, this does not necessarily mean all the applications on the device are secure.
One solution is for the company to provide their employees with solid applications that will assist them with their job. Another solution is to put in place a channel of communication for employees to request applications that they are interested in. This will at least give the IT department knowledge of what they are dealing with, so they can install security measures to the network before handing over an application. Although this solution is not bulletproof; it fails to account for the independent and innovative nature of personal device users.
To complicate the security matter further, the application industry has become incredibly user friendly. There are often dozens or hundreds of applications that perform similar tasks. This means if your independent minded employee is stuck on a task, they could dig up a solution that might work in their situation, but could cause problems for you down the line. In the same Fortinet survey, 69% of respondents indicated they are interested in creating and using custom applications at work.
These customized applications are often made by piecing together multiple third party components, the apps are then used to access a company network without undergoing security screenings. Additionally, if application updates are not being managed by the IT department, even an app that has passed security measures once, may receive a new upgrade that can be a new security threat.
The BYOD and BYOA revolution is a growing network security challenge for every IT department. Tektonic is here to help. We can monitor the security of your network, as well as manage devices and applications. We can even put safeguards in place to give only approved applications access to your network. To get started, you can call us at (416) 256-9928 and we can give your network a free audit and point out vulnerabilities.