Indeed, the COVID-19 pandemic is changing the way business around the globe operate; however, it’s not as drastic for some companies and it is for others. In fact, research from Bitglass found that 85% of organizations already enable bring your own device (BYOD) environments for both employees and partners. Though these types of environments were typically not designed to support an organizations entire workforce, it certainly made the transition easier as the coronavirus forced work from home to shift from a luxury to a necessity seemingly overnight.
Mission Critical magazine recently had the opportunity to virtually discuss the benefits and challenges of BYOD environments with Anurag Kahol, CTO of Bitglass. Here’s what he had to say.
Mission Critical: What are some of the benefits of bring your own device (BYOD) environments?
Kahol: The public cloud continues to see enterprise adoption, and, as a result, workforces are able to better collaborate and increase overall efficiency. Additionally, BYOD environments grant employees the freedom to work from their personal devices from anywhere in the world with internet access. This makes sharing information easier than ever before and can also lead to increased levels of employee satisfaction and reduced overhead costs for organizations.
Mission Critical: What security and employee challenges would make an organization hesitate to embrace BYOD?
Kahol: Recent Bitglass research sought to uncover the state of BYOD security across modern enterprises. The study found that 61% of organizations are worried about data leakage, 53% are concerned with unauthorized data access, and 51% feel threatened by malware infecting unmanaged devices.
No threat is too small to overlook when an organization is allowing the use of personal devices. BYOD environments alter enterprise threat landscapes and require different approaches to security, since tools designed to protect managed devices are not entirely capable of securing personal devices. In fact, Verizon’s Mobile Security Index 2020 Report found that 39% of organizations suffered a security compromise involving a mobile device.
Mission Critical: What challenges will companies face if they try to transition their entire workforce to BYOD without an existing plan?
Kahol: Companies that don’t have a proper BYOD plan and predominantly maintain an on-site workforce will expose themselves to significant security risks. They may encourage employees to access the corporate network and cloud resources from managed devices that have software agents installed, such as mobile device management (MDM). Some companies may also encourage their entire employee base to work completely through VPNs and/or virtual desktops. However, all of these approaches create a number of latency issues that make them difficult to deploy and can hamper employee productivity. VPNs also violate the core principle of zero-trust by granting users full access to company networks rather than to the specific resources therein.
Mission Critical: Can you expand on why agent-based solutions are inadequate for BYOD security?
Kahol: With agent-based solutions, like MDM or mobile application management (MAM), each worker will be required to have software installed on his or her device — transferring visibility and control of the device to the business. Not only does this violate employee privacy, but it is incredibly difficult to deploy and maintain, hampers user experience, and does not integrate with third-party or cloud apps.
Mission Critical: What technologies ease the transition to BYOD? And, additionally, what technologies protect employee privacy in these environments?
Kahol: To ease the transition to BYOD without the headaches of MDM, the need for VPNs, or backhauling traffic to the network, organizations can look to use rapidly deployable agentless solutions. These solutions work on employees’ personal devices and secure the use of any application without monitoring personal employee traffic, helping ensure that the workforce’s privacy is respected while maintaining security of corporate data.
Mission Critical: How can organizations maintain security of corporate data on devices?
Kahol: Despite the rise of mobile-based threats, organizations can still enable BYOD and reap the benefits of mobility, efficiency, and employee satisfaction. As shown by current times, this style of work is here to stay, and organizations will continue to turn to agentless solutions to provide comprehensive, real-time security that is needed for BYOD. In fact, agentless BYOD solutions enable organizations to control the flow of corporate data to employees’ unmanaged devices, selectively wipe corporate data, grant data loss prevention (DLP) capabilities on any device, and defend against zero-day malware.