Fortinet expressed a warning that the significant rise of bring-your-own-device (BYOD) and bring-your-own-application (BYOA) among today’s workforce are exposing corporate networks to more complex cybersecurity issues through shadow IT, data leakage and the cloud.
According to IDC Asia Pacific’s Enterprise Mobility Survey 2017, BYOD has become the primary choice in organisations, with 31% preferring this approach compared to 19% (in 2015). Meanwhile, a recent Global Market Insights report projected the global BYOD market size to be valued at US$366.95 billion by 2022, with APAC forecast to be the fastest growing region at 20.8% CAGR.
Gavin Chow, Fortinet’s network and security strategist commented that BYOD and BYOA will result in cost reduction, increase the productivity and efficiency of employees as well as employee retention. However, he also noted that there are still significant risks in allowing unprotected devices and applications to access corporate networks and digital resources.
A recent industry survey has revealed that about 65% of organisations are now allowing personal devices to connect to corporate networks, with 95% of CIOs stating concern over emails being stored on personal devices, and 94% being worried about enterprise information stored in mobile applications.
To benefit from BYOD and BYOA without compromising network security or losing visibility into classified data use, Malaysia organisations must address three major cyber security concerns, which are:
Strict policies on the applications and services employees are allowed to use on their devices can result in staff circumventing this security protocol to acquire solutions that will help them do their job more efficiently. This can present a major security risk, as IT teams struggle to secure data on applications they do not know about.
This refers to unauthorised movement of corporate data from the secured data centre to an unauthorised device or location. It often occurs when employees transfer files between corporate and personal devices or when they have access to privileged data which are not essential to their roles.
To minimise data leakage, CISOs should consider implementing access controls and network segmentation that gives clear visibility into how data is used and moved both across the network perimeter as well as laterally across the network.
On average, there are over 216 applications running within a single organisation, not taking into account personal applications stored on employee-owned devices. As these endpoints and applications converge and connect to the network, in-depth application security is necessary. This is especially true in cloud-based applications, where it can be difficult for IT teams to enforce the standard security policies of their organisations.
“To ensure data security in the age of the mobile workforce, CISOs have to take a layered approach to security that provides visibility into data movement across the network,” said Chow. “Specifically, this security protocol should incorporate application security, endpoint security, network segmentation and cloud security, in addition to standard network perimeter defenses such as firewalls.”