Mobility and BYOD need serious security thought

Mobility and BYOD need serious security thought

The traditional security measures put in place by companies looking to protect the sensitive data they own need to be improved in light of the growth of the bring your own device (BYOD) trend.

That was the general opinion from a recent event hosted by information security specialists Zinopy, which saw a number of consulting, legal and technology experts speaking about the challenges of employees using their own devices for enterprise purposes, reports Silicon Republic.

With a recent study from Gartner indicating that 90 per cent of firms are looking to utilise personal devices by 2014 and an Ovum survey finding that firms are still lagging behind with data security measures it is important for companies to get their house in order.

Zinopy managing director John Ryan said the trend represents a "steep learning curve" for many businesses, as there is great demand to allow staff to use personal devices within the workplace.

Some of the major concerns highlighted at the event were data leakage and loss, theft of information, legislative and compliance issues and damage to a company's reputation of brand.

Conor Flynn, founder of Information Security Assurance Services (ISAS), said: "Developing corporate policies around mobile device management [MDM] and bring your own device [BYOD] is an excellent way to address mobility-related concerns within an organisation."

Technology in the shape of mobile device management (MDM) can reduce the risk of companies being exposed to data loss and theft, but it must be used in combination with good employee procedures and education.

If staff are aware of the dangers then it is less likely that data will be leaked or lost, but on the odd occasion it cannot be prevented, having MDM in place means that your company can remotely wipe any information that is sensitive in nature and could cause reputational damage to the firm and brand.

Mr Ryan added: "Business has to take ownership of the data that's in their organisation. It should be about giving responsibilities for classifying information, and then IT has the controls to manage it in a more effective way."