The Bring your own device (BYOD) movement is getting bigger and faster. IT managers across the globe are striving hard to provide secure access to information through mobile devices. Providing support for various devices, managing BYOD costs and meeting compliance requirements also add to the list of challenges. With new smartphones and tablets getting released continuously and more data moving to the cloud, securing access to sensitive corporate information is easier said than done.
A Gartner study reveals that about half of the world’s companies will adopt BYOD by 2017 and will stop providing computing devices to employees. Another 40% of companies will provide a choice between BYOD and employer-provided devices. The BYOD adoption rate of US is double that of Europe but the highest is in India, China and Brazil. Not just across corporate enterprises, BYOD movement is gaining momentum in Healthcare industry as well. More and more physicians are welcoming the usage of personal devices which are seen as a source for interacting with patients and giving them the much needed personal touch. With the adoption of BYOD in full swing, having a secure approach to access of corporate information is imperative.
Containerization keeps BYOD hope alive
Containerization is an emerging class of BYOD management that promises to keep the BYOD concept a reality sans security issues. This technology lets you create a separate workspace on smartphones that can serve as a container for storing all the corporate applications and data. The security policies can now be applied to the new encrypted work zone and the personal user data can be well alienated from the corporate information. This technology has been gaining attention for all the right reasons, for the entry to the encrypted work zone can be authenticated with AD credentials and multiple apps within the container can be accessed with single sign-on.
Also known as “Sandboxing”, this BYOD management technology can be implemented in 3 different ways. Encrypted Folder is the most solid approach where separate space is created for users to run all the enterprise apps and house other corporate information. The work space can be protected with a passcode and can be encrypted thus providing a solid defense when the device is stolen or lost.
A more granular approach is “App Wrapping” where an encrypted space is created for every individual app and its associated data rather than pooling in all the apps together. This gives more flexibility as different security policies can now be applied across each app. The downside to this approach is that each application should be modified, which is certainly not easy, as these apps are code signed. Obtaining these binary codes is tough and it only gets tougher in the case of apps sold via App stores.
The third approach is one where a virtual phone is created within a phone with its own instance of mobile operating system strictly for business use. This is done using hypervisors and support from smartphone makers. This splits the employee’s device into two isolated segments for personal and work related tasks.
BYOD dream now a reality with Mobile IAM
The BYOD movement is changing the identity of the workers. Today’s employees prefer working on smartphones, tablets and laptops and need on the fly access to corporate applications like emails, personal file sync services, Skype and more. With the use of mobile devices, the concept of corporate perimeter is becoming fuzzy. When users access such information using personal devices that are not sufficiently secured unlike the employer-provided devices, it becomes a basic necessity to extend the enterprise Identity and Access Management (IAM) program and bundle it into the employee handhelds.
Organizations now need a robust system in place to guarantee that the mobile access to corporate information doesn’t result in any security policy violations. BYOD technology stresses the need for a Mobile IAM system so that each and every mobile device user access can be authenticated. With Mobile IAM, the identities of the users trying to access information with their handhelds can be verified and their access and privilege can be controlled over time.
The mobile IAM solution should deliver key capabilities that can effectively combat the challenges of BYOD. It is critically important that organizations adopting BYOD have a stronger form of authentication like multi-factor authentication meeting all security regulations, support for single sign-on across all applications, appropriate security policies and end user self-service functionalities.
With smartphone vendors like Blackberry and Samsung announcing the release of software packages supporting dual-personality features (Knox from Samsung and Balance from Blackberry), it is evident that all are trying to keep pace with the BYOD growth. In addition to the Mobile Device Management (MDM) techniques discussed above, organizations should also adopt an IAM strategy to protect the intellectual property, no matter how it is accessed. With so much of potential in the BYOD movement, organizations should have solid BYOD migration policies that govern the usage of devices, remote wipe, and encryption of device data rather than banning the use of personal devices completely.