Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

CISOs Concerned Over ‘Bring-Your-Own-Anything’

Forget Bring-Your-Own-Device. CIOs and CISOs are worried about the security implications of Bring-Your-Own-Anything, BYOx, and how the trend affects corporate data, according to a new Wisegate report.

Forget Bring-Your-Own-Device. CIOs and CISOs are worried about the security implications of Bring-Your-Own-Anything, BYOx, and how the trend affects corporate data, according to a new Wisegate report.

CISOs and CIOs are looking for a balance between information security and letting employees select which devices and services they want to use, according to a new report from Wisegate. Wisegate is a private practitioner-based IT research services for senior technology professionals. CISOs across industries and from small businesses to large enterprises, participated in this report.

Organizations have more than just bring-your-own-device to worry about nowadays, as the trend has shifted to employees wanting to use their own mobile devices, download apps for personal use, sign up for their own Web services, and use consumer-focused cloud storage, among others. Dubbed BYOx, the name is a “catch-all term that encompasses a broad spectrum of technologies and services” that employees use to get work done, even though IT may not have approved their use, Wisegate said.

Regardless of the name, the overall trend is still the same: CISOs and CIOs have an increasingly mobile workforce who needs access to a wide range of tools in order to be productivity while still protecting the network. It’s also increasingly easy for individual employees and business units to just open an account with a Web service and be up and running, as opposed to waiting for IT to grant access to a corporate platform, Wisegate said.

“Many CISOs are questioning how they can support mobile productivity demands while still adhering to corporate policies,” a CISO of an major company said in Wisegate’s report.

CISOs have to meet worker mobility and productivity expectations while minimizing security, privacy, and regulatory risks, Wisegate said. There is no right answer for everyone and the best solution would differ for each company, based on industry, corporate governance or compliance requirements, and employee needs. However, the most common questions revolve around which devices to support and how to manage them, how to protect files being shared and stored outside the organization, and how to handle employee access to custom applications, Wisegate said.

Some of the frequently mentioned MDM vendors in the report were Good Technology, AirWatch, MobileIron. While several of the CISOs discussed approaches to monitor both corporate-owned and personal devices and to restrict how data is stored on those devices. Many of them were still in early stages, or just using the basic features such as remote wipe.

MobileIron came up frequently because of its flexible and affordable platform.

“We prefer MobileIron because it allows you to determine which applications work together to open attachments and whether you trust them or not. It gives us some granularity,” said the CISO of a global financial services firm.

As for file-sharing, CIOs and CISOs in the Wisegate discussion were concerned that employees were using consumer-oriented sites such as Dropbox to store business data. “We have policies and awareness programs to help employees understand that while they have access to the site, they shouldn’t be putting any company data there,” a CISO of a major company said in the report.

While cloud storage may be cheap on an individual level, the costs can add up when trying to extend the service across the entire organization. The “more attractive” option is to have an internal online storage service that is under IT control, a senior executive said in the report.

Sharing files with others—either internally or externally—is a big need for most organizations, Wisegate said. If a company does not provide a specific file sharing platform that all employees are required to use, then the workers will use whatever is easiest and most convenient, according to the report.

“If the intent is for collaboration and the ability to access documents from any device, there needs to be a data classification policy in place to help determine what should be shared in the “cloud” and what shouldn’t,” a Wisegate CIO said in the report.

CIOs and CISOs are increasingly considering giving employees technology autonomy, to let them bring their own personal devices, use their own applications, and sign up for cloud services. In a recent BlueCoat survey, organizations said their productivity, efficiency, and productivity improved when they allowed employees the flexibility to decide what technology to use. However, it’s clear that CIOs and CISOs still face a huge challenge to protect the organization and the data. “Most companies are struggling with the same type of issues and are looking for technology solutions that can help,” the report concluded.

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.