Employees are clamoring to bring their own devices to work. However, before IT security teams allow BYOD users to access business data or use Wi-Fi networks, they must consider the security implications. BYOD trends not only introduce new risks, they can also provide an avenue for users to circumvent existing security measures. Therefore, IT security teams must develop a strategy to prevent:
- Data breaches caused by lost or stolen mobile devices
- Data leaks from mobile users
- Access to phishing and malicious sites from mobile devices
- Reduced employee productivity due to lack of web filtering controls
Lost and Stolen Phones
Organizations’ top mobile security challenge, bar none, is lost and stolen phones. To address this challenge, organizations can keep sensitive data off of mobile devices by hosting mobile apps in a secure data center or they can remotely wipe lost devices. While IT security teams have several options to mitigate the threat of lost and stolen devices, other BYOD security risks are not as easy to solve.
Data Leaks from Mobile Users
PCs and laptops are relatively easy to lock down. With data loss prevention (DLP) software, organizations can block users from saving data to USB drives or from printing confidential files. Organizations have fewer options to prevent data loss on mobile devices. And even with the few tools that do exist, many users will balk if their employer tries to monitor their mobile usage when they are at home.
Phishing and Access to Inappropriate Websites
For two decades, organizations have maximized employee productivity and reduced risk by blocking malicious and undesirable websites. However, the combined trends of BYOD and SSL encryption make it challenging for organizations to control mobile users—and even desktop users. These challenges are due to several reasons, such as the lack of IT management tools to control browser or certificate settings for different mobile devices. In addition, the widespread use of certificate pinning in mobile apps makes it challenging for organizations to decrypt and inspect traffic.
As a result, many users can bypass web filtering controls simply by bringing their phones and tablets to work. Plus, IT administrators may end up disabling security measures for both mobile and desktop users when mobile users complain they cannot access specific websites.
What Organizations Can Do to Regain Control
To protect corporate data and control BYOD access, IT security teams can consider virtual mobile infrastructure (VMI). With VMI, mobile users access apps hosted remotely in a data center or in the cloud, rather than on their phone or tablet.
VMI helps mitigates risks due to lost and stolen phones and data leaks from malicious insiders. With VMI, organizations can easily monitor and control which websites mobile users visit.
Plus, as an added bonus, VMI helps thwart mobile malware. Mobile malware cannot exfiltrate sensitive data because sensitive data is never downloaded to the device. Anti-screen capture technology blocks malware from intercepting VMI images. So if mobile malware like XcodeGhost and YiSpecter become more widespread, VMI will keep malware risks at bay.