Connect with us

Hi, what are you looking for?


Mobile & Wireless

No Organization Is Ready for BYOD

The Risks Are Not Worth the Reward

The Risks Are Not Worth the Reward

Android is cool, iPhone is cutting-edge and carrying a tablet is convenient. What’s not so cool, cutting-edge or convenient, however, are data breaches, which as everyone already knows lead to millions of dollars in damages year after year. The odd thing about data breaches, though, is that despite the fact that enterprises, SMBs and government agencies are more aware of them, they continue to allow the use of BYOD technologies, which increase the likelihood of a breach occurring. Although no one has come up with a “Moore’s Law” type of equation that demonstrates how data breach risk increases in direct correlation to BYOD, the evidence is clear that it does increase.

BYOD RisksHow do we know BYOD adoption increases the risk of a breach? Great question. There is an unending chain of headlines, reports and opinions indicating that it does, many based on factual research and on incidents that have occurred. A few of the more recent studies on the topic revealed that nearly half of the organizations allowing employees to connect to their corporate networks via BYOD have experienced a related breach — staggering when you consider the number of breaches that occurred before BYOD hit the market.

Despite the overwhelming risk that BYOD brings, prevailing winds suggest that organizations are convinced they must allow employees to use their own devices to conduct business communications and access data. Whether or not this trend represents a triumph of BYOD providers’ marketing genius or signals that businesses have lost control of the ability to establish basic security rules remains to be determined, although it is probably a combination of both.

Regardless of where an organization stands on the BYOD issue, there are a few basic facts it needs to consider before adoption:

• BYOD has created increased risk exposure that no organization is prepared to handle

• Visibility and monitoring are security essentials that BYOD and MDM can’t provide

• Security-aware organizations do not have to allow BYOD

Advertisement. Scroll to continue reading.

• You don’t have to trade the promise of sales and productivity for decreased security

Let’s explore these notions further.

BYOD has created increased risk exposure that no organization is prepared to handle

There simply is no way to deal with the risk that BYOD brings. Between Android and iOS alone, there are millions of apps readily available for download, countless numbers of which open up doors in BYOD technologies that hackers and cybercriminals can easily stroll through. Even iOS, long believed to be highly secure, is proving to be vulnerable. As recently as December 2012, researcher Carlos Reventlov identified a vulnerability in Instagram’s iPhone application that could allow an attacker to execute a man-in-the-middle attack on iOS.

Visibility and monitoring are security essentials that BYOD and MDM can’t provide

When it comes to data security, visibility and monitoring are essentials. When it comes to BYOD, even the most advanced MDM solutions cannot provide a comprehensive, granular picture of how employees are accessing and sharing corporate data. Organizations that don’t have visibility into employee activities have no way to determine how, when and where their information is being exposed.

Security-aware organizations do not have to allow BYOD

Mobile Device Security RisksAny organization that is serious about security does not have to allow BYOD. Most enterprise-class organizations have sophisticated physical security systems that include state-of-the-art surveillance cameras, pin-pad door locks, and ID and access cards. None would allow employees to remove surveillance cameras and replace them with their own, install their own pin-pad locks or issue their own ID cards. In these cases, Bring Your Own Security simply would not work and would never be allowed. The same could be said of BYOD; in the name of security, organizations do not have to allow it.

You don’t have to trade the promise of sales and productivity for decreased security

There is age-old adage in business: “Nothing happens until somebody sells something.” When it comes to BYOD, organizations need to take a hard look at whether or not the security trade-offs are actually worth the assumed productivity and sales rewards. Organizations that dive deep into this issue will probably discover that sales reps using corporate-issued devices are likely closing as many deals as those who are using BYOD, that they are able to respond to emails as fast on a BlackBerry as they can on an iPhone, and that they can access business applications with efficiency.

At this point in the evolution of consumerized mobile devices and smartphones, security is simply too far behind the curve and cannot provide any real defense against data breaches, data theft and compliance violations. Corporate-issued and controlled devices are able to provide not only security but also the functionality needed to enable secure business communications and access to data and applications. There is simply no reason for an organization committed to security, productivity and sales to take on the risks inherent in BYOD.

Related Reading: Dealing with Mobility and BYOD Security? Start with The Network

Related Reading: BYOD – One Size Risks All

Related Reading: BYOD- The Flash Mob of Network Security

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem