Securing Customers’ Networks as Their Workforce Becomes More Mobile

The growth of mobile devices (there are 4.9 billion unique mobile device users globally) and the use of the cloud to access corporate information from any device and any location have given employees the ability to work remotely from virtually any location outside the company’s walls.

This tech-enabled rise in the mobile workforce has led to the bring-your-own-device (BYOD) and bring-your-own-application (BYOA) phenomena. BYOD and BYOA refer to employees using their own personal devices and applications to perform their jobs, with 65 percent of organizations now allowing personal devices to connect to corporate networks.

Across industries, your customers are embracing BYOD and BYOA for the many benefits they have been shown to bring in terms of cost reduction, increased employee productivity and efficiency, as well as increased employee retention. However, there are also inherent risks with allowing devices and applications not managed by your customers’ organizations to access their corporate networks and digital resources.

As such, network security remains top of mind, with 95 percent of CIOs stating concern over emails being stored on personal devices, and 94 percent showing concern for enterprise information stored in mobile applications.  

Your customers’ aim is to find a balance between benefiting from BYOD and BYOA while mitigating potential cyber risk factors.

BYOD and BYOA Security Concerns

To benefit from BYOD and BYOA without compromising network security or losing visibility into classified data use, organizations have to contend with three major BYOD security concerns.

• Shadow IT
  Strict policies on the applications and services employees are allowed to use on their devices can result in employees circumventing this security protocol to acquire solutions that will help them do their job more efficiently. This can be a major security risk, as IT teams can’t secure data on applications they do not know about, or ensure that these applications are updated with the latest patches. And if this data is breached, it is unlikely that IT teams will know about it and be able to implement proper incident response protocols
   
• Data Leakage
  Data leakage refers to the unauthorized movement of corporate data from the secured datacenter to an unauthorized device or location. This often occurs when employees transfer files between corporate and personal devices, or when non-essential employees have access to privileged data. As cloud and SaaS application use becomes more common, and the number of connected endpoints increases, IT teams often lose visibility into data use and movement. To minimize the negative effects of data leakage, your customers will have to implement access controls and network segmentation that gives clear visibility into how data is used and moves both across the network perimeter as well as laterally across the network.
   
• Application Security
  With BYOD and BYOA come an increased number of applications, regardless of whether they are being used for business. On average, organizations have 216 applications running within their organization, not to mention personal applications stored on employee-owned devices. As these endpoints and applications converge and connect to the network, in-depth application security is necessary. This is especially true in cloud-based applications, where it can be difficult for your customers’ IT teams to enforce the standard security policies of their organizations.
  These three risk areas associated with BYOD and BYOA can leave classified corporate information vulnerable to data breaches. To take full advantage of the benefits that come with a mobile workforce through personal device use, your customers have to implement additional security controls that protect and monitor data without being so rigid that they inhibit mobility. Also keep in mind that many BYOD users are unwilling to install traditional MDM (mobile device manager) solutions as this gives the company rights over their personal data. In this case, the provisioning of network-based security and monitoring provides a critical advantage.

Network Security and BYOD

To ensure data security in the age of the mobile workforce, your customers have to take a layered approach to security that provides visibility into data movement across the network. Specifically, this security protocol should incorporate application security, endpoint security, network segmentation, and cloud security, in addition to standard network perimeter defenses such as firewalls.

The Fortinet Security Fabric is uniquely suited to enable mobility through BYOD and BYOA at your customers’ organizations, while offering layered security measures and data visibility across networking environments.

The Security Fabric incorporates controls to address each of these device and application-based concerns, including application security, CASBs, identity access management, endpoint security, and network segmentation. Furthermore, because the Fabric takes an integrated, architectural approach to security, it offers single-pane-of-glass visibility to data movement and system management and orchestration across the network and even into the cloud.

Final Thoughts 

Employees have come to expect to have their mobile devices on them at all times, and to be able to access the information they need to do their job from any device in any location. To meet these needs, organizations are increasingly allowing employees to connect to the corporate network from their personal devices, with little control over application use. In order to sustain BYOD and BYOA without compromising security, your customers will need to implement a cybersecurity process that is layered while offering increased visibility.

Sign up for weekly Fortinet FortiGuard Labs Threat Intelligence Briefs and stay on top of the newest emerging threats.

Our paper on “Understanding the IoT Explosion and Its Impact on Enterprise Security” provides more details on the security risks of IoT and what your customers can do to address them.