This is a guest blog post. Views expressed in this post are original thoughts posted by Nushin Hernandez, Analyst at Canalys.
The survey results of Juniper Networks’ Trusted Mobility Index have highlighted just how pervasive the Bring Your Own Device (BYOD) trend really is. Looking at the mobile device market – according to Canalys estimates worldwide smart phone shipments grew approximately 63% last year, similarly pads or tablets have seen rapid adoption, up a staggering 274% by the end of 2011. Smart phones and tablets in particular, which have conventionally been viewed as consumer devices, are increasingly making their way into corporate environments and businesses around the world are now faced with the challenge of managing a growing mobile workforce using multiple devices and multiple operating systems with increasing data consumption. These mobile devices can no longer be categorised as simply corporate or consumer. The number of personal-liable devices has grown considerably over the last year. Canalys estimates the number of personal-liable smart phones will grow at a compound annual growth rate of about 43% from 2011 through to 2015.
Mobility multiplies the number of attack vectors open to cyber-criminals and potentially makes corporate data more vulnerable through physical loss of devices. Users have a tendency to treat smart phones and tablets as low risk, but they need to be educated to understand the security implications when they use these devices to access corporate data and networks.
IT managers have tried to maintain their acceptable device policies, but this has become more difficult and they’re starting to lose control in the enforcement of these policies. Over the next few years, proliferation of mobile devices will continue to increase – in parallel with this growth, the BYOD problem will get worse especially considering that according to Juniper’s Trusted Mobility Index survey results, mobile users today own an average of three Internet-connected devices. Businesses need to take an holistic approach to implementing an effective mobility strategy which encompasses security and compliance requirements. A context-based policy which is user, device, location and application aware is needed.
First and foremost, we need to understand and profile users based on their role in the business. We can then tailor policies which govern what each user has access to and from which device. Mobile Device Management (MDM) is the foundation in enabling device configuration and enforcing policy controls. We then need to link these users to devices – is the device personal-liable or corporate-liable? Accordingly, device security features need to be installed. Location based network access control is important for businesses to have full visibility of which devices are connected to the corporate network at any given time. Different network security policies can be implemented based on different location settings and users. Finally, based on user profile, type of device and location, users should be able to authenticate themselves to get access to an approved list of business critical applications.
This strategy goes beyond MDM and involves advanced content security, network security and security management capabilities. Businesses need to plan, deliver and optimise their mobility strategy to cater for new devices, new applications and new user requirements. They also need to act fast and be proactive or else find themselves in a reactive-spiral.
Finally, the long-term success of this mobility framework will be user dependent – is the solution user friendly? Willingness of users to adopt such a strategy will also depend on their level of awareness of the possible security risks. Businesses with the help of technology vendors, device manufactures, service providers and channel partners need to do more to educate users on the risks. The survey done by Juniper Networks in this area is a step in the right direction.