By Michael Markulec, President & CEO, Lumeta Corporation
The mobile era is fantastic from the standpoint of "freedom to work wherever" and "immediate connection to corporate network" – freeing us from the confines of our office space viaSmartphones, laptops and iPad type computing devices.Now our offices, as we all know, are with us all the time – not only due to intellectual property provided by the companies, but also due to "Bring Your Own Device" (BYOD) policy that allows us to connect our own devices to corporate offices anywhere and anytime. This freedom comes with its own price - great for productivity but disastrous for security. It carries severe consequences if the BYOD is configured with very little or no password protection and antivirus, or with less restrictive access control policies.
For example, an unattended iPad left by a doctor leaves a plethora of patient information available for anyone to read. This can result in serious HIPPA consequences or massive data breach issues. A lost and unlocked mobile phone of a CEO is like an information hive for a thief who can read personal and work related emails, text messages and more. Mobility without password protection is much worse than confinement to an office space.
Given that we have created an environment that allows users the ability to access corporate networks at will, a portable device connected to corporate network can expose it entirely to internet. Do most corporations want that? I don't think so. It is time for corporations to think through their access control policies and tighten the belt around policies for mobile connection. What an employee can access from his corporate office versus what he can access from his BYOD needs to be revised.
Lastly, BYOD are not just business devices. Co-workers bring in Smartphones, laptops, iPhones, and iPads and multitask on them, reading personal emails, browsing websites, playing games, downloading videos or pictures, or simply plugging it to corporate network for syncing data.For example, Dave was playing "angry" games in the elevator, then comes to his office and plugs in his phone. The phone was infected with a trojan virus and boom, the corporate network is slow, or even down. His phone did not have antivirus installed and became a nightmare for the network administrators.
With all the bells and whistles that BYOD comes with, it is equally important that in this mobile era, we begin to conduct vulnerability assessment, putting intelligent access control policies in place to ensure that the porous network created by mobility doesn’t start to erode the network stability.