By Sanjay Gupta, Vice President, Fusion Middleware Business, Oracle India
For many organizations BYOD is still a daunting prospect. The idea of allowing employees to use their personal devices at work is revolutionary and as with any revolutionary idea, it will take some time to become accepted fully. A recent Oracle survey of senior security decision makers revealed that a majority (38%) cited device security as one of the top worries they have when it comes to the trend.
The issue is that all too often devices, and device security, are being used as a scapegoat for regressive and counterproductive IT policies. It also misses the point: Employees are already using their own devices at work, regardless of their businesses’ official policies on BYOD.
Conquering the BYOD Security Challenge
Organizations today have a clear choice: Address the security challenge of BYOD now and start enjoying the benefits, or keep delaying it until such a time when it may be too late.
For businesses that choose the former, the key to success lies in worrying less about the device. Device-centric approaches to security (such as Mobile Device Management) can only solve the problems businesses have today, they do not provide a scalable, flexible way of securing the enterprise for the new world of mobility we are entering.
Instead, a true BYOD strategy is based on a mix of the right company culture and a robust, enterprise-wide take on security. Culturally, business executives need to be able to have complete confidence in their IT department and the technology framework they have in place to secure employee devices. Employees, meanwhile, need to rest assured that their device cannot compromise the enterprise and that, conversely, their own private data cannot be viewed by anyone in the business.
In business trust is never given freely, it is always earned. In the case of BYOD it clearly must be earned through a robust security framework. The good news for businesses is that BYOD security does not need to be a leap into the unknown and nor does it need to involve investing in new, unproven niche security ‘solutions.’ Instead it can be built on that stalwart of enterprise security: Identity management.
Identity management allows organizations to simplify identity lifecycle management and secure access from any device for all enterprise resources—within and beyond the firewall. Identity management allows organizations to easily extend the enterprise security layer to wherever the employee needs it to be. Businesses will thereby be able to trust BYOD devices every bit as much as corporately-owned ones due to the fact that the same robust authentication, sign-on, and authorization processes are used.
If businesses and employees are to truly trust the use of personal devices in the workplace however, there needs to be a strict separation between personal and private data. Mobile Device Management (MDM) is great for securing information and hardware on a device, but it lacks finesse, securing everything and anything. This poses problems. What, for example, happens when an employee loses his device, or leaves the company? With MDM everything on the device—including personal data—would be wiped.
Due to this, Mobile Application Management (MAM) is fast gaining currency. MAM delivers a secure container for application security and control that separates, protects, and wipes corporate applications and data. Crucially, it secures corporate data only and the employees’ personal data and applications are completely separate and unaffected by what goes on inside the enterprise container. This means that they can trust in the fact that none of their data will be wiped by the business and that the business cannot accidently see what they are doing with the device in their private lives.
The key to securing the enterprise is to embrace a more holistic attitude to security that focuses on applications and identity. With this approach businesses can rest assured they are protected, regardless of what devices are being used.