Cloud Source

Implementing a Successful BYOD Program: Challenges and Solutions

by

BYODPersonal devices have become ubiquitous, with the majority of the population having at least one device that can access the internet. Many businesses are taking advantage of this to implement bring your own device (BYOD) policies, allowing their employees to work — in-house or remotely — with their own devices. This can mean a reduction in IT costs and CapEx, while also ensuring that employees are always able to be contacted. However, there are a number of security risks that come with a BYOD program, including:

  • Data loss
  • Malware
  • Unauthorized access
  • Unsafe applications

Data Loss

Loss of data is the biggest priority for businesses with a BYOD program, according to 72% of respondents to Crowd Research Partners’ BYOD & Mobile Security 2016 Spotlight Report. Many companies deal with sensitive data for their clients, making this a top priority for IT departments. It is imperative that the IT department take personal devices into account and work to keep them as secure as possible.

Malware

A single infected device can compromise a business’s entire network, if given the access. Any device registered to a BYOD program should be kept up to date with its firewall, OS, and antivirus. The best way for a business to ensure this is to have policies and procedures in place that all employees are trained on and expected to adhere to. It is also important to have a VPN standing between the device and the network itself, to protect the network by ensuring that all transmitted data is secure and encrypted.

Unauthorized Access

The benefit of employees using their own devices is that they always have access to the network — but the drawback is that they always have access to the network. This means that if a device is lost or stolen, whoever has it next will also be able to connect to the network. PINs or passwords can help keep unauthorized users out, and devices should be registered with the IT department so they can be flagged as soon as they go missing.

Unsafe Applications

There are thousands of apps available for download, not all of which are from legitimate distributors. Like malware, apps can cause serious security breaches, especially in more vulnerable devices like mobile phones and tablets. A strong policy in place will help keep employees from downloading harmful apps, and businesses can also use virtual routing and forwarding (VRF) and virtual switching instance (VSI) environments to separate trusted traffic from untrusted.

Educated employees are the best defense against an unsuccessful BYOD program. Businesses should also monitor network activity and use guardian programs that can intelligently adapt to possible threats. This will ensure that the program is a success and allow the business the flexibility that BYOD can bring.

Security: How IT Decentralization Introduces Vulnerabilities

by

SecurityThe decentralization of IT management, brought about by more businesses moving to the cloud, brings with it growing concerns about vulnerabilities, according to a survey commissioned by virtualization vendor VMware. The purchase of non-secure solutions has led to new compliance and security issues, and IT managers must overhaul their measures in order to keep up with the move to the cloud.

The Effects of Decentralization

According to the VMware study,

  • 69% of those surveyed agree that IT management has become decentralized,
  • 57% believe that, as a direct result, non-secure cloud and other services are being purchased,
  • a similar percentage believe that this results in non-compliant applications, and
  • 61% agree that decentralization leads to duplicate IT resources.

Shifting to the Cloud

The cloud has become a solution that the majority of businesses are using, driven at least in part by efficiency, flexibility, and long-term cost savings. According to the study, IT infrastructure spending is up by an average of 5.7%, which includes authorization of devices and new applications. However, this comes with the risk of breaches, especially as business leaders are able to purchase technology themselves rather than relying on the IT department to properly vet new applications before they’re deployed.

The Role of IT in Keeping Data Secure

Regardless of whether the IT department itself purchased and implemented the new applications, it is usually responsible for their security. According to the aforementioned survey,

  • almost 75% of business leaders are authorizing new devices,
  • 56% of business leaders are purchasing third-party applications,
  • nearly 50% of IT leaders have seen a shift in their internal application development, and
  • 75% of IT leaders agree that business users taking control of purchasing and deployment is leading to an increase in vulnerabilities and IT costs.

Finding a Solution

IT managers must find a balance between keeping sensitive data and applications secure and working with business users to continue to grow within new technology. One possible solution is a network virtualization framework, which will not only give the cloud the same security as a physical data center, but also strengthen the network.

Security is the main concern of any business’s IT department as it works to keep data safe and ensure the system is still manageable. However, with more business leaders taking on the role of purchasing and deployment of applications as well as authorization of devices, IT leaders will need to find ways to keep up. Business leaders would benefit from stopping the decentralization of their IT departments, allowing the business to continue to grow and take advantage of flexible new technologies without compromising security and compliance.

The Mobile Workplace: Benefits, Issues, and Solutions

by

Mobile WorkforceTechnology is everywhere, bringing with it a shift towards the mobile. According to Cisco’s Visual Networking Index, by 2020 more people will be using mobile than use desktops. Businesses can take advantage of this by leveraging the use of mobile devices to improve and increase productivity and flexibility.

Ways to Use Mobile

Mobile allows great flexibility in the workplace, including through the use of:

  • Bring your own device (BYOD) policies
  • Cloud-based telephony
  • Cloud networks
  • Mobile apps, both in-house and from outside sources

The Benefits of a Mobile Workplace

Any business interested in making the move to a more mobile workforce needs to know how this shift will benefit the organization. The biggest benefit is flexibility, which leads to an increase in productivity. Employees using mobile devices, especially their own, have the flexibility to connect to the network and complete their work no matter where they are, whether that’s at the office, at home, or out meeting with clients.

Mobile also benefits clients and other outside partners who can use their own devices to access the business’s network. Visitors to the office can also hotdesk rather than having to be set up to use their own station, improving their efficiency during their visit.

Possible Issues

Security is the biggest issue facing businesses looking to move to a mobile workplace. While a BYOD policy improves productivity, it also means that the business can’t ensure that all devices are set to the same security measures and standards. If a network isn’t safeguarded properly, cybercriminals can take advantage of outdated OSes to gain access.

Fortunately, there are two major strategies to maintain a mobile workplace without sacrificing security: replacing BYOD with a company-owned, personally-enabled (COPE) policy, or ensuring that employees receive proper training to keep their devices updated and secure.

Using COPE

Using COPE instead of BYOD means the business has more control over the devices employees use. While these devices are owned by the company, they are also enabled for the employee to use as a personal device, which allows for standardization and the ability for the business to remotely wipe the device. However, there is a small drawback in that the business will also need to ensure they purchase a device for each mobile employee.

Using BYOD

For companies who choose to go with BYOD, the first step is always research and planning. The three major aspects to consider are:

  • Cloud hosting: Allowing employees to access the network through a single portal
  • Customer continuity: Allowing customers to contact employees no matter where they are through the use of call routing capabilities
  • Network capacity: Ensuring that the network can handle increased traffic without dropping the connection

A mobile workplace can bring great benefits to a business that puts the research into it and ensures support for employees while maintaining security of the network. As mobile and the cloud become more ubiquitous, businesses will need to consider their mobile options in order to increase productivity and remain competitive.

SaaS: Security Considerations

by

SaaSAcross homes, schools, and a growing majority of businesses, Software as a Service (SaaS) applications are moving closer to the center of everyday life. But in business contexts, this move to cloud-based software such as Google’s G Suite or Microsoft’s Office 365 may open up security challenges that businesses aren’t equipped to address.

The Popularity of SaaS

Businesses have a number of reasons for switching to SaaS architecture, including cost effectiveness, centralization of files and work processes, and a degree of standardization and support for bring your own device (BYOD) workplaces. And the convenience of cloud-based architecture is convincing: according to a report by BetterCloud, a significant proportion (25% to over 50%) of businesses that already use the G Suite or Office 365 plan to migrate to entirely cloud-based software environments by the end of the decade.

However, that same report revealed that over 60% of businesses running SaaS applications consider themselves underfunded for addressing cloud security – and many of those businesses simply don’t recognize cloud security in their budgets at all.

Security and SaaS

Several factors may be responsible for this discrepancy, including poor understanding of what SaaS security entails on the business end. Server security, for example, falls under the auspices of the service provider. However, companies are responsible for a number of critical security topics, including:

  • Managing employee authentication and access, including requiring strong passwords, limiting the creation of accounts, and disabling account access when employees leave the company. Employees should also have access only to the files and applications they need in order to perform their jobs – access should never be granted across the board.
  • Mandating secure access points, using (for example) VPNs or secure web gateway applications, and requiring all connected devices to have passwords and idle screen locking. Employees who take advantage of BYOD policies should be prepared to keep their devices up to date and configured to the standards developed by their company’s IT security team.
  • Thorough knowledge of emerging cloud security standards, as well as work done by groups such as the Cloud Security Alliance, and insistence that SaaS applications meet security standards as a prerequisite for adoption. As SaaS is more and more widely adopted, these standards will become more finely-tuned.
  • Thorough knowledge of security implementations on the part of the SaaS provider. While IT security managers may have little or no ability to affect the security profile of a SaaS application, they should nevertheless know the details of the cloud’s security. This will enable them to judge whether or not the implementation is in compliance with security standards, and whether or not it’s in compliance with company- or industry-specific regulations.

While SaaS removes a number of concerns from the IT team’s wheelhouse, security can never be entirely outsourced. For some years, security has been a highly-cited reason for discouraging adoption of cloud technologies, but with appropriate funding and attention to detail, companies can enjoy the convenience of cloud sourcing as well as rigorous security.

How to Effectively Secure Data

by

DataIn today’s vulnerable security landscape, data protection is of paramount importance. Organizations must strive to effectively secure both incoming and outgoing data. No truer is this than with General Data Protection Regulation (GDPR), which offers additional security for encrypted technologies and firewalls. As a form of legislation for mainly European entities, GDPR is designed to protect all forms of data for worldwide companies and private citizens.

The GDPR interface is now being adopted by North American markets as well. In fact, businesses that span several industries are taking security measures to ensure optimal protection for clients and employees. This includes but is not limited to:

  • Integrating GDPR security guidelines for all business data access, transfer, and communications
  • Securing formidable defenses that protect Personally Identifiable Information (PII) for customers and staff
  • Enhancing existing security infrastructure to comply with all GDPR rules and guidelines
  • Ensuring good security hygiene for all business verticals
  • Seamlessly blending new security protocols to enhance existing ones

While GDPR is relatively new, it has resulted in timely and efficient results for a number of organizations. However, this form of security legislation can only succeed if the suggestions below are followed by global companies.

Changing the Business Mindset

Organizations must start thinking about information security in the following ways:

  • As an element that is crucial in enabling daily business protocols and communications
  • As a pivotal and vital part of risk management that enables businesses to secure a competitive edge and protect their brand validity and professionalism
  • As an essential tool in protecting even the most discreet and confidential client and business data across all access points
  • As a technology that is easily integrated with cloud, hardware, software, and communications applications for everyday business

Consistent Security Procedures

GDPR also stresses the importance of being consistent with all security measures, including the ability of staff members to view daily business from a security standpoint. They must have a clear view of how business activity can impact security as a whole. While it may take some time to find the right blend of sound security procedures, GDPR offers a wealth of techniques that have so far had a positive and profound impact on companies of all sizes.

Security First, Business Second

Without adequate and sound data protection, it’s next to impossible to conduct normal business. With this in mind, organizations need to understand the importance of security first, business second. Cultivating an environment of security is not only relegated to IT departments. All employees should play a part in identifying and addressing potential risks on a day-to-day basis. This can include malware and viruses, along with potential vulnerabilities with applications and data protection. It will ultimately be up to organizations how they want to introduce and implement new data security measures.

Contact

328 S. Jefferson St. Suite 603
Chicago, IL 60661
Ph: 312.753.7880
E: info@CloudSourceServices.com

Newsletter Signup

Stay up-to-date on Cloud Source's news.

↑ Top of Page