Part 1 – The Dark Side of BYOD
Responding to challenges is what IT experts always do. All the mentioned threats can be “treated” with smart IT security measures. Specific measures that allow us to significantly reduce the risk of using mobile devices for working purposes are as follows:
- Creation of (and adherence to) a security policy
- Remote device management (allowing the device to be locked and data erased) for lost/stolen devices
- Two-factor authentication
- Data encryption on the device
- Email session encryption, encryption of traffic for specific apps
- Mobile VPN
- Dedicated specifically configured device
The above-mentioned measures are solid practices that should be implemented by all companies that take their data confidentiality seriously. However, typically, the only barrier between the evildoer and corporate data is the lock screen—not the most secure application. It is often made even less secure by the users themselves who rely on weak passwords that could be easily learned by spying, checking fingerprints, or guessing digits. If you consider operating system vulnerabilities, field test mode, debugging mode, access to the drive via USB, etc., it is clear that this barrier can be easily overcome.
Can you avoid this? You can and you must! One of the possible solutions is implementing a customized lock screen on employees’ smartphones. Standard measures employed in user devices are not meant to provide enterprise-level security. That is why many companies implement their own solutions.
Auriga successfully participated in a number of such projects. In particular, we developed an innovative Android-based mobile application Orbie Lock Screen. This application uses a smart mechanism to lock the smartphone’s screen. Another solution developed by Auriga’s engineers is the voice-unlock application, which allows users to record a key phrase that serves as a password and unlocks the mobile device. The features of this application include accurate speech activation and voice recognition.
These applications are simple and effective, but they are no more than the first barrier in the way of the evildoer. For more reliable data protection, more sophisticated solutions are used. For years, Auriga has been providing services to a US-based vendor of software solutions that provides “complete protection” of intellectual property and other mission-critical data vital to operating the modern global enterprise. Within the frame of this partnership, our engineers participated in the development of the Enterprise Information Protection Product. This solution allows users to not only monitor the status of the device but also detect multiple data-manipulation events.
Right now, nobody knows if Gartner’s forecast will hold true. Shall we witness a world without offices in which mobile employees work from wherever they feel comfortable, knowing that their corporate data is well protected or not? Maybe IDC is right, and BYOD will be replaced with something else entirely because of the variety of threats to which devices are exposed. However, one thing is true: With the correct “treatment,” this approach has a future. We can develop solutions that will make this future a reality.