The Information Security Specialists
Apr 12

Tackling BYOD Security

The rise in the adoption of ‘bring your own device’ (BYOD) means new security challenges and increased workload for IT departments.

The security of company-owned desktop and laptop computers is fairly well understood now, and most organisations have policies and best practice guidelines to control the risks. But that’s often not the case with user-owned devices: policy, user education and supporting different device types like iOS, BlackBerry and Android all need to be addressed.

Each of the major devices has its own strengths and weaknesses. BlackBerry has been used in the corporate environment for many years so it’s got most of the required enterprise security settings, and best practice security settings are well understood. iOS was initially seen as lacking some of the required features, but has improved over recent years. Some organisations though still have concerns over Apple’s tight control over their devices. Android is complex because it can run on a large range of devices so guidelines need to take account of both the OS version and also the device type.

It’s important that users and companies don’t underestimate the potential security risks of mobile devices. Some people assume that they don’t present the same risk as laptops because they are more locked down, or are appliances rather than general purpose computers. But mobile devices have their own security problems, as witnessed by the regular stories of attacks that can crack the password or install arbitrary software.

In many ways, the security of mobile devices is lagging behind traditional laptops. Not all devices support basic security features like encrypted storage (preferably full disk encryption), password policies, and VPN support; and it’s not always possible to enforce security settings to ensure all devices conform to a central security policy. And in those cases where these features are present in the latest version of Android, iOS or BlackBerry OS, many devices still run older versions, so it will be some time before these features become ubiquitous.

But despite these problems, there are signs that organisational use of mobile devices is here to stay. For example, last year the DoD approved the use of Android based devices for its employees, although they did mandate the type of hardware and OS version rather than allowing any Android device.

Avoiding BYOD is not an option anymore. The key issue for IT departments is how you manage personal devices in the workplace and what you allow those devices to acces.

English French German Italian Portuguese Russian Spanish
Call us now on
01634 721855

Latest News

I wish to highlight the outstanding work that your consultant undertook whilst doing the ICT Health Check for the Council.

View all Testimonials

Particularly notable was the level of technical knowledge displayed by NTA’s consultants, and we were also impressed that they were willing to share this knowledge with the network team.

View all Testimonials

We have found NTA to be an excellent supplier, offering a very good service at a competitive price. A key differentiator is that they are happy to answer any questions...

View all Testimonials

I have found NTA to be an approachable knowledgeable partner, and have no hesitation in recommending their services.

View all Testimonials

The NTA testing programme was a success on all fronts.

View all Testimonials

The quality of both the initial work and follow-up advice and guidance was excellent, and NTA provided full lifecycle support to the development and delivery of our Online Services portfolio.

View all Testimonials

On one occasion our third-party did not believe the vulnerability was an issue - having had their software tested by another well-known security testing company - and NTA Monitor were...

View all Testimonials

NTA Monitor are very supportive, especially regarding general questions about Information Security issues such as hacking and vulnerabilities.

View all Testimonials

NTA Monitor has been a trusted supplier for a number of years and we have found them to be approachable, helpful and understanding of our needs relating to information security.

View all Testimonials