Is Embracing Enterprise Mobility the Best Way to Reduce Security Risks?

Simon Barton

Research conducted by Enterprise Mobility Exchange shows that 82% of companies allow their employees access to enterprise applications and content through their personal devices. BYOD is increasingly becoming the norm. Yet for a number of companies, the risks attached to it are a serious concern.

Doug Cahill, Senior Analyst, ESG, has more than 25 years industry experience within endpoint security and I sat down with him to learn more about the impact of BYOD on company security. From speaking to Cahill, it’s clear that he sees enterprise mobility as a positive step-forward for companies. “The more a company embraces mobility, the more they reduce the [security] risk. It’s quite ironic,” he says.

For Cahill, there are, however, a number of challenges associated with BYOD and mobile security. He states: “One [challenge] is that threats don’t just come from corporate managed devices, we’ve got the BYOD dynamic, that’s compounded by the prevalent use of Cloud applications – so now users can access anything, anywhere at anytime, and, on any device.”

The ability for employees to be ‘online’ at any given moment allows international offices to work in sync – and, according to a study by Pixmania, increased the working day by two hours – with workers sending and replying to emails at home. By adopting mobility, companies get more out of their employees, and can reduce costs through improved system independence and a decreased demand for corporate owned devices. These advantages, however, can be tainted by security issues.

Cahill accentuates that while there are threats specific to mobile devices – like mobile banking and Trojans – it’s ‘the combination of vectors’ that makes endpoint security an important issue for the enterprise. He states: “I’ve got an unmanaged device that’s operating outside the corporate firewall and I’m accessing Cloud applications – and that combination creates a new vector, where the mobile device can get infected when it’s accessing a cloud application via an insecure connection and then that can get into the corporate network and its Malware can spread.”

The lure of increased productivity and reduced costs makes BYOD an attractive strategy. And for companies to negate the related security risks there are certain controls which should be implemented as a bare minimum. Cahill says: “EMM and MDM are foundational security controls, which each organisation should be applying.” He expands on this by saying: “Another important solution is network access controls.” These solutions allow organizations to authenticate the devices which are connecting with their corporate networks, while also giving them more control on what users can access.

According to Cahill, enterprise mobility is also having an impact on the concept of IT in the enterprise. Once centrally controlled, it’s become increasingly affected by consumerization. “The IT business model needs to shift to one of enabler, where it helps mobility to discover new opportunities for the business,” states Cahill. Future competitive advantages depend on a company’s approach to mobility. Cahill says: “Any organisation that is trying to restrict use to the Cloud risks slowing down the whole company and putting themselves at a competitive disadvantage.”

From speaking to Cahill it’s clear that mobile security has become imperative for the enterprise. Those companies which encourage BYOD must take the necessary precautions to guard against the potential threats which it can bring. Dismissing BYOD, however, could mean reduced competitive advantages and problems down the line.

Doug Cahill in a Senior Analyst at ESG. He covers cybersecurity at ESG, drawing upon more than 25 years of industry experience across a broad range of cloud, host, and network-based products and markets.