Organisations today have a large amount of data that is shared on a constant basis and this keeps them on their toes. While new age disruptive technologies have brought in a wave of change revolutionizing how we interact, enterprises are concerned about the potential threats that come hand in hand. Two of these technologies that pose security threats are BYOD and Cloud Computing. Although this may sound clichéd, in reality this is probably one combo that acts in favour of enterprise security. To take this a step further, we can say that cloud designs and adoption can be used to step up security in BYOD. In short, transformative developments in cloud can be directly leveraged to secure BYOD to add value to an enterprise: Inherent Data Protection Some of the historically documented risks in BYOD and cloud adoption individually revolve predominantly around security. One common thread between BYOD and cloud computing is managed data proliferation. The cloud computing architecture involves data sharing, synchronization storage largely on a shared platform. These services are already a source of major concern. So organizations are getting equipped with an enterprise-grade security level in cloud services. These data security services can be extrapolated to BYOD with an assumption that data sharing and data synchronization is inevitable. The challenge is that security features introduced depends on the device in use, and all storage devices do not have the same level of security controls. However, organizations can vet the data sharing by providing a mechanism to enforce data protection. This can be done by achieving corporate control over the data in cloud. This will ensure data security irrespective of who provisioned the device in the context of BYOD. Cloud Design In a world of cloud technology that still continues to expand footprints across enterprises, organisations are also facing an explosion of incongruent employee-owned devices along with a parallel wave of external cloud hosts, infrastructures and applications. In the context of being Software-as-a-Solution (SaaS), there are two types of cloud designs to be considered. Understanding their design assumptions will help us leverage the same to BYOD. The two designs are – an externally hosted SaaS application on the internet; and an internally deployed application in a regulated environment. The security level of any application depends on the access management such as what type of data is accessed, what are the business requirements, user access profiles and authentication and so on. Now in case of a SaaS application on the internet, it is designed to operate in a hostile environment. There is always of doubt and lack of trust on network by definition. There is a constant scan for malware and source traffic. The bottom line is, no application goes unchecked without authentication since network traffic and data is public and no host or remote peer can be trusted. Similarly, for applications on an internal network, the opposite is true and applications will assume that it can be trusted since attacks would be highly unlikely. Such assumptions could prove fatal in context of BYOD. It is thus advisable to translate the ‘hostile’ cloud design to BYOD to preempt possible attacks, particularly when the devices are operated in less secure environment and are more vulnerable and susceptible to determined attacks. To conclude, organisations must adopt the security principles as in the cloud deployments which are highly prioritised in nature. This reduces the security risk quite drastically at the BYOD endpoint. To take this a step further security best practice must be adopted by BYOD any given day – be it in the form of firewalls between users and servers or in the form of user access rights. The
author is Anuj Mathur, chief executive officer, Q3 Technologies