Running Head: BYOD: A PERILOUS PATH 1

ahemcurrentΔίκτυα και Επικοινωνίες

21 Νοε 2013 (πριν από 3 χρόνια και 6 μήνες)

93 εμφανίσεις

Running Head:
BYOD:
A PERILOUS PATH


1







BYOD:
A Perilous Path

Christopher Johnson

University of Advancing Technology








ENG102

Professor L. M. Portugal

August
1
7
, 2012


BYOD:
A PERILOUS PATH



2

Abstract

This paper
examines the current state of BYOD

or Bring Your Own Device

practices and the
subsequent network security risks
.

BYOD
practices
and mobile devices expose networks to
unknown

applications,
malware/viruses
, and

unwanted network traffic
.
Re
search and survey data
sup
port these arguments.

BYOD is a forefront issue fo
r the network security community
.

Market
indicators show the consumerization trend is growing and BYOD will continue

to be a serious
issue. This highlights the need for new policies and technologies to mitigate their associated
risks.



BYOD:
A PERILOUS PATH



3

BYOD:
A Perilous Path

“Employee
-
owned smart phones, laptops, and other mobile devices have entered the IT
security landscape, bringing
both utility and risk” according to Herbert H. Thompson’s in an
opening statement for Microsoft’s Series on Consumerization. Thompson, a Ph.D. and Chief
Security Strategist at People Security, expresses

the polarizing effect this trend has had on
corporate

IT ("Consumerization and security: effective security practices series," 2012). Even
with notable benefits,

such as increased productivity and the convergence of mobile device with
other new technologies such as cloud computing, there are significant secu
rity risks associated
with consumerization trends an
d Bring Your Own Device

p
ractices in the enterprise
environment. Bring Your Own Device (BYOD) practices pose significant threats to network
security because they expose networks to unknown applications, u
nwanted network traffic,
malwares, and viruses.


Mobile Device Management to cover the diverse market of current consumer devices is
costly. This cost can be prohibitive to smaller companies. Application security is
just one of
many

areas

in which
BYOD
is
a liability
. Without centralized software management, mobile
applications like social media may lead to a user unwittingly leaking proprietary or trade secret
information. This could be especially dangerous on networks that contain secure records such as
m
edical or financial data.
BYOD has a detrimental effect on network security.


TrendMicro, one of the largest anti
-
virus software providers, defines consumerization as
the trend where employees use their own devices and consumer application to conduct compa
ny
business (The consumerization of enterprise mobility, 2012). Some businesses choose to adopted
BYOD programs or policies despite security concerns. BYOD or Bring Your Own device means
that an enterprise tolerates and encourages its users to use their pe
rsonal devices such as
BYOD:
A PERILOUS PATH



4

smartphones at works. The trend coincides with an influx of new employees from the Generation
X era. This group is sometimes referred to as digital natives. As they enter the workforce, their
technology is coming along with them. Ma
ny corporations are embracing these practices and
enjoying the ability to off load some of the hardware cost normally associated with doing
business to their employees. Employees are enamored with BYOD because they can have access
to non
-
work related items

as well as being untethered

from their desks. As with most things, if it
is too good to be true, it probably is. This parable holds true with consumerization as well.


Increased productivity is the most commonly cited reason supporting consumerization
an
d the adoption of BYOD
by

business
es
. A recent study conducted by Cisco, the world largest
manufacturer of network hardware, found that employees who are allowed the use of personal
devices at work add between $300 and $1300

of in
creased value (Hambien, 2
012).

IT managers
and professional
s

are skeptical about BYOD and consumerization and for good reason. In
another recent study conducted by Boston Research group, 68% of IT managers from a sample
of 1000 Fortune Five Hundred corporations were seriously co
ncerned about security risks
associated with mobile device
s

access
ing

corporate resources (
“New survey finds”, 2012
).

Data
loss was ranked as the highest concern amongst IT managers in the study with malware listed as
close second. Most of the uncertainty
is fueled

by the limited
availability

of Mobile Device
Management technology available.

Unknown Applications


In the world of corporate IT, the unknown is always considered the most serious threat.
Information Security specialist spend hours contemplatin
g the “what ifs” of network security.
When dealing with e
merging technologies or practices
,

there are
limited case studies available
and real
-
world

experience is sometime impossible
. This creates deficits in accurate risk analysis
BYOD:
A PERILOUS PATH



5

which limits the
effectiveness of mitigation techniques. The Boston Research study cited that
98% of IT managers were seeking a new MDM

(Mobile Device Management)
platform for
network access control (

New Survey

Finds

, 2012). The staggering number of applications and
di
fferent operating systems available for mobile devices makes it virtual impossible for IT
departments to manage and control what takes place on an end
-
user mobile device. This presents
yet another barrier to risk mitigation. Workstation compliance is a top

priority for security
designers and network security specialist. Software and hardware manufacturers like Microsoft
and Cisco invest millions of dollars and spend years researching and developing methods for
controlling exactly what resides on a network c
lient machine and this includes applications. For
this reason, IT professional are seeking new and more complete Mobile Device M
anagement
platform

to combat the new threat vectors associated with BYOD.


There is sufficient evidence to support the claim th
at BYOD can help a company’s
margins, however it is not without cost.

Aside from the investments in new technology to thwart
potential security risks coupled with man
-
hours associated with implementation, there is the
inherent danger to physical security a
nd application security associated with BYOD. Any device
that accesses network resources leaves traces and small bits of information about where it has
been. Small portable devices like smartphones are more likely to be lost or stolen than a desktop
compu
ter. A knowledgeable attacker could glean valuable information from a smart phone and
use this information to penetrate a protected network. Compromised credentials from a
smart
phone or mobile device allow an

attacker with very little technical skill to
p
enetrate

network security measures. In many cases, it would be as simple as retrieving a clear text
username and password from a tablet or smart phone.

Secure systems use methods such as
encryptions to prevent unwanted recipients from deciphering user cred
entials such as passwords.
BYOD:
A PERILOUS PATH



6

When a message is sent in clear text it can be read with software as simple as Microsoft Notepad.

Many smart phone application developers will pass usernames and password
s

in clear text.
Physical security and application securit
y are serious topics that should be considered before
deploying BYOD. According to Juniper Networks Mobile Threat Center data, one in five mobile
devices using their Mobile Security Platform had the lost or stolen feature activated in 2011
(2011 mobile thr
eat report, 2012).

Malware/Viruses


Aside from the obvious dangers of lost or stolen devices, there is an increased risk of
malware or viruses being introduced

to a network by unregulated mobile devices. Companies
like Apple do not allow

third
-
party
antivirus to be used on their mobile operating system, iOS.
Other popular smartphone operating systems such as Android have a plethora of sub
-
par choices
for anti
-
virus. Most consumers do not even bother with anti
-
virus on their portable devices
because of

the negative effects on performance. Although

many of the mainstream anti
-
virus
software manufacturers are introducing solutions for mobile

devices
, the
y are

still in a fledgling
state. It will take time for security models to fully catch up with consume
rization. So it is clear
that companies choosing to adopt BYOD policies are increasing their exposure to potential data
loss due to malware, viruses, or trojans. Whether it is an assumed risk or naivety, IT managers
permitting BYOD are increasing the risk
of infection.


Mobile devices are a double edge sword in the realm of network security. Mobile devices
are multi
-
homed. This means they are connected to more than one network at a time. With the
addition a Bluetooth radio device, another potential network
is directly connected

to the
enterprise. Users can unwittingly expose the protected internal network by browsing a malicious
site or downloading some type of malware. User
-
liable devices are one way in which
BYOD:
A PERILOUS PATH



7

organizations can benefit from BYOD by reducin
g licensing cost (The consumerization of
enterprise mobility, 2012). The risk does not outweigh the potential costs. A single security
incident can permanently tarnish a company’s reputation. It is impossible to place a dollar
amount on customer trust. In
certain industries,

such as the payment card industry, a breach can
mean the end of the business. IT managers and CISOs must ask themselves if the convenience
and cost saving is worth the risk.

Unwanted Network Traffic


Exposure to malware, data loss, se
curity breaches, and lost devices are direct effects of
BYOD practices, but BYOD also places a burden on resources. The majority of enterprise
networks
need

a plethora of different services and servers running internally to operate. The
traditional model
of one device per one user ratio no longer applies in the age of BYOD
(Furbush, 2012). More devices equal more bandwidth use. Specifically, wireless infrastructure is
most heavily impacted by BYOD. Even the most sophisticated access points can only handle

around 20 devices efficiently. Operating on the 2.4 and 5 GHz range indoors, an access point’s
coverage will be limited creating a higher concentration of devices in a smaller geographic area.
This creates a serious problem for IT. The current wireless in
frastructures are becoming obsolete.
Though newer hardware is becoming available to handle the influx of
new
devices, the cost of
upgrading

wireless hardware

can be quite prohibitive, depending on the size of the organization.
It is important to note that
smart phones and tablets are not the only devices using the wireless
infrastructure. In a recent TechRepublic interview, Frank Andrus, CTO of Bradford Networks
posed the question “Do I really want someone’s iPhone on the network?” He also stated that
“bu
sinesses need to evaluate what devices are really needed to perform the day
-
to
-
day functions”
(Furbush, 2012). In manufacturing and corporate environments devices such as inventory
BYOD:
A PERILOUS PATH



8

scanners, projectors, and even indu
strial logic controllers may
access the
network via wireless.
For example, manufacturing equipment may have increased access time to the network because a
secretary is checking a Twitter feed.

New Policies



Information

security
practitioners have

a general concept or mission known as the CIA
tr
iad. The Triad consists of three elements Confidentiality, Integrity, and Availability. The
preceding examples and explanation shed light on how BYOD and consumerization poses risks
in each of these areas. Lost devices and compromised credentials weaken c
onfidentiality. Data
leaks and malwares introduced by mobile devices may compromise data integrity and cause data
loss. The increased load on the wireless infrastructure

created by
BYOD causes serious issues
with network availability. Thus, confirming BYOD as
a
real security issue. If an organization
chooses not to adopt BYOD presently, it would seem an opportune time for planning for it. A
recent paper by
Gordon
Thomson (2012), Cisc
o Security EMEA, states that IT professional
s

need to embrace BYOD and take

the

view point

of accepted risk
. In summation, Thomson feels

that BYOD is here to stay and the sooner IT adapts to the chaos of BYOD the sooner security
models can be developed

th
at efficiently deal with the associated risks (Thomson, 2012, pp. 5
-
8).


Developing new and more flexible policies will be a daunting task for IT professions.
There are many questions that must be answered and areas that need to be examined prior to
BYOD i
mplementation. Its impacts must be evaluated

from many different angles in order to
develop secure policies related to BYOD. Network security by nature constantly evolves. New
threats and attack vectors are discovered daily. The art of risk assessment is m
ade even more
difficult when dealing with emerging technologies and practices. The current state of non
-
standardization amongst mobile device platforms and applications adds to the lack of data
BYOD:
A PERILOUS PATH



9

needed for attack prediction and modeling. Every eventuality
can never be planned

for, so the
basic concept is to make the best assumption based on available data no matter how limited. In
the case of BYOD the needed data may not be available. As more companies adopt the policy
and third party vendors rush to get th
eir share of the new market, the technology will improve

undoubtedly
.



In a perfect world, the concepts behind BYOD are inescapably logical. It is the proverbial
win/win situation. Ironically, a lack of technology has caused sophisticated devices
,
such a
s
smart phones, to become a security risk. The controls and devices used to secure networks are
not capable of handling the risks created by BYOD. A survey taken by Boston Research
Group

stated that 78% of IT security professional need new network access
controls,

specifically those
dealing with mobile devices (

New survey finds

, 2012
)
. Most IT departments do not even fully
understand all the risks associated with BYOD. The most recent study on BYOD security by the
SANS institute highlights the lack of u
nderstanding of BYOD risks in the info
rmation security
community. The

study found that only 38% of the IT managers surveyed felt confident about
their current measures to deal with BYOD (Johnson, 2012). Education will be a key component
to any organizatio
n that successfully secures BYOD.


The phrase

user
-
liable device” implies an employee’s self
-
maintained device. This
means that management, the organization, and IT are not responsible for its functionality. To an
accountant the phrase "User
-
liable device
" probably sounds magical. A User
-
liable device is one
less device an organization has to manage, license, or upgrade. This is why end user
responsibility must be addressed when creating a BYOD policy. Scott Emery, Co
-
CIO/Director
of Academic
Technology

California College of the Arts, laid out key areas that should be
addressed in developing BYOD policies in his master’s dissertation. He identified policy
BYOD:
A PERILOUS PATH



10

development, security, and user education as important factors to consider in policy development
(E
mery, 2012). User education and policy enforcement are two areas that IT department struggle
within any environment regardless of BYOD practices. BYOD only complicates matter in this
area.

The industry is hopeful that in the future mobile platforms will b
ecome more
standardized like modern desktop operating systems such as Windows. End user knowledge will
become less of an issue as standardization improves. In the current BYOD environment, end
users need to be aware of the risks their devices posed to netw
ork security. There is a need for
understanding the dangers, consequences, and monetary losses that may occur when users fail to
conform to acceptable use policies. It is especially important when implementing BYOD to
spend time educating users about these

risks. Education is an important step in the right direction
and can help mitigate some of the risks associated with BYOD. For example, if an end user is
aware that his or her credentials could be stolen using a device, they will be more carefully about
i
ts physical security. In reality, any organization considering adopting BYOD should already
have a solid security culture in place.

New Technology

Some organizations are successfully utilizing existing technology in new ways in an
attempt to conform to th
e consumerization trend ("Consumerization and security: effective
security practices series," 2012). A recent white paper from Microsoft highlighted a few
examples of this. One company successfully deployed a work approved image that can be
downloaded

to
a Blackberry device each time the user logged in. These devices were company
issued, but the concept may be applicable for future BYOD implementations. A smart phone
capable of running similar to a thin client could

theoretically operate via an approved im
age and
BYOD:
A PERILOUS PATH



11

use cloud storage. This would centralize the device and allow IT to have more control over what
applications run on the device. Another interesting concept discussed was the use of a
completely separate point of presence or guest network for BYOD d
evices. Access to corporate
resources could be allocated over proven

VPN technology like clientless SSL. Users could only
access mapped resources and those allowed in the tunnels when using the VPN.
This is more
secure than personal devices directly connec
ting to the enterprise network infrastructure.

The most important principle conveyed in the Microsoft series on consumerization, is
sharing of knowledge. Lack of information sharing is the biggest barrier to building support for
consumerization ("Consumer
ization and security: Effective security practices series," 2012).
This raises more questions if

BYOD and its relatively limited subsequent technologies are
mature enough for immediate adoption. Some organizations may choose to err on the side of
caution
and postpone venturing into BYOD. Upon examination of current data, it is safe to
assume that the market will drive BYOD into the mainstream at some point in the near future.
These indicators are strong arguments for debating and identifying the key issue
s involved now.

The data is available to establish BYOD security risks as a fact. The convergence of
devices, apps, and

mobile data transmission has complicated its mission to secure corporate data
and networks. Most IT managers will acknowledge these ris
ks and the seriousness

of the

dangers
they present. Even with all the evidence supporting the case against BYOD, companies are
adopting it in droves. This
trend
speaks volumes about the balance of security versus
convenience. Information security specialists are accustomed to
losing

this battle. It is hard to
argue with revenue streams, and in reality, upper
-
level

managers rarely have the foresight to see
network
security in the

same
light
as an IT processional.


BYOD:
A PERILOUS PATH



12

The simple truth is employee’s love tablets and smartphones and they want to use them at
work. The organization agrees to allow BYOD and then it happens. The entire user account
database is compromised. T
he HR and PR departments are on the five
-
o’clock news and
stakeholders are furious. This is the point where an executive realizes that even though there was
a three percent increase in productivity, it would have been better not to allow users devices on
t
he network. Users often use the same credentials for personal applications as th
ey

do with
business application and c
orporate resources. Hackers are aware of this and will certainly exploit
it if possible. The path of least resistance i
s always appealing
to a hacker.

The threats posed by BYOD are real but often marginalized because of other factors such
as profits and employee morale. The consumerization of enterprise networking and the adoption
of BYOD has created a perfect storm for would be attackers.

End user devices have more
exposure than any other time in history due to the popularity of social media and personal cloud
services. End users are beginning to merge their private lives and work lives digitally. The
smartphone and tablet is the incarnat
ion of all these things taking the place of a gaming console
as well as desktop workstation. Personal mobile devices also take the place of a water cooler
when people chat on Facebook or Skype. The line between an employee’s private life and their
persona
l devices is blurred

with BYOD practices. Most users accept the loss of privacy for the
convenience and enjoyment of using their devices. Companies must realize that they too are
assuming the risk of lost privacy when allowing BYOD.

As the IT world waits p
atiently for the next big thing, BYOD has arrived. A briefing
published by Infosys, one of the largest enterprise level network consulting firms, describes
several areas of BYOD technology security advancements that may on the horizon. Large retail
busin
ess application software companies will begin to meet market demands by developing
BYOD:
A PERILOUS PATH



13

mobile software solutions that integrate natively with business applications (Kumar, 2012).
Hardware vendors will begin to market mobile devices and security apparatuses sp
ecifically
designed for business end
-
to
-
end applications. Many vendors have already begun deploying
fledgling solutions for Mobile Device Management. These technologies should advance rapidly
over the next few years and become more standardized across the
enterprise. More robust
provisioning mechanisms will become available from mainstream operating system
manufacturers such as Microsoft. Inevitably, IT managers can expect new implementation of the
apple iOS designed with Mobile Device Management as an inte
gral component.


The enticements of BYOD may be too numerous

to overcome the risk associated
with adopting it. The modern work force is increasingly mobile. Lowered administrative cost,
increased productivity, and real
-
time collaboration will be necessary

for business to continue to
compete. BYOD security is a long way from becoming as secure as traditional network security.
IT managers, CTOs, and information security specialist
s

will need to do their homework before
adopting BYOD. This will enable them to

create solutions that will allow their organizations to
safely adopt BYOD. IT professional
s

must stay vigilant in the face of emerging technologies.
Even if BYOD is currently not viable for an organization, the topic is so complex that those
responsible f
or making decisions

about BYOD

should begin their research today in order to be
prepared for it in the

future.



BYOD:
A PERILOUS PATH



14

References

2011 mobile threat report. (2012). Retrieved July 30, 2012, from Juniper Networks Mobile
Threat Center:
https://www.juniper.net/us/en/local/pdf/additional
-
resources/jnpr
-
2011
-
mobile
-
threats
-
report.pdf
.

Consumerization and security: effective security practices series. (2012
). Retrieved July 31,


2012, from Microsoft:
http://download.microsoft.com

Emery, S. (2012). Factors for consideration when developing a bring your own device (byod)
strategy in higher education. Retrieved Jul
y 26, 2012, from University of Oregon:
http://hdl.handle.net/1794/12254

Furbush, J. (2012). BYOD strains corporate wireless network bandwidth (Consumer
Technologies). Retrieved July 26, 2012, from Search Sec
urity:
http://searchconsumerization.techtarget.com/news/2240118466/BYOD
-
strains
-
corporate
-
wireless
-
network
-
bandwidth

Thomson, G. (
2012). BYOD: Enabling the chaos. Network Security, 2012(2), 5
-
8.

Hambien, M. (2012). Consumerization trend creates it worries, worker benefits. Retrieved July

29, 2012, from Computer World:
http://www.computerworld.com/s/article/9227238/Consumerization_trend_creates_IT_w
orries_worker_benefits?taxonomyId=220&pageNumber=2

Johnson, K. (2012). SANS mobility/BYOD s
ecurity survey (B. L. Filkins, Ed.). Retrieved July

26, 2012, from SANS Institute:
http://www.sans.org/reading_room/analysts_program/mobility
-
sec
-
survey.pdf

Kumar, A
. (2012). Enterprise mobility strategy
-

should enterprise care. Infosys Labs Briefings,

BYOD:
A PERILOUS PATH



15

10(1). Retrieved July 30, 2012, from
http://www
.infosys.com/infosys
-
labs/publications/Documents/winning
-
it/enterprise
-
mobility
-
strategy.pdf

New survey finds that 78 percent of
it

security professionals believe network access control is

an essential function to protect enterprises from mobile device risks; security teams want
unified policy control for mobile devices and
pcs

in their network.
(2012, Feb 21).
M2
Presswire, pp. n/a.

The consumerization of enterprise mobility. (2012). Retrie
ved July 27, 2012, from TrendMicro:

http://www.trendmicro.com/cloud
-
content/us/pdfs/business/white
-
papers/wp_bring
-
em
-
on
-
the
-
consumerization
-
of
-
ent
-
mobility.pdf




BYOD:
A PERILOUS PATH



16

Annotated Bibliography

2011 mobile threat report. (2012). Retrieved July 30, 2012, from Juniper Networks

Mobile Threat Center:
https://www.juniper.net/us/en/local/pdf/additional
-
resources/jnpr
-
2011
-
mobile
-
threats
-
report.pdf
.


This report gives insight to the rapid ra
te at which malwares are being


developed specifically to exploit mobile devices such as smart phones and

tablets. Juniper researchers cite lack of application control, sophisticated

malicious applications aimed at human behavior, and the use of soft
ware stores

as distribution mechanism as the primary drivers. Stolen devices were also

referred to as a devastating risk. The sample data used to compile this report is

quite large giving the report a great deal of weight. In total, 793,631 mobile

appl
ications and vulnerabilities were examined across every available mobile

platform.

Consumerization and security: Effective security practices series. (2012).

Retrieved from Microsoft.


This white paper from Microsoft provides some real world examples and case


studies to help enlighten IT managers. The fact that a Corporation such as


Microsoft sees fits to begin producing a security series of white papers that deal



with cons
umerization, BYOD, and security, in itself, supports the statement:


BYOD is a real security risk. The examples within this document could assist



even the most non
-
tech savvy person in understanding the risks associated with


BYOD.

Emery, S. (20
12).
Factors for consideration when developing a bring your own device

BYOD:
A PERILOUS PATH



17

(BYOD) strategy in higher education
. Retrieved July 26, 2012 from University of

Oregon:
http://hdl.handle.net/1794/12254



This paper examines the proliferation of mobile devices, such as smartphones in


work place and school environments. Its intent is to assist IT professional in


identifying important factors when developing policies and solutions to deal


with the

consumerization of IT. The main areas of focus are policy


development, security, user education, and mobile learning (Emery, 2012, p. 9).

Furbush, J. (2012).
BYOD strains corporate wireless network bandwidth

(Consumer

Technologies). Retrieved July 26
, 2012, from Search Security:
http://searchconsumerization.techtarget.com/news/2240118466/BYOD
-
strains
-
corporate
-
wireless
-
network
-
bandwidth


This article discusses the effects that BYOD is having on corporation’s bandwidth. The


author fears that corporate wireless infrastructure may not be adequate to support the


current rate of expansion for BYOD. Citing Emulex, a network
solutions company, as


an example of a corporation having to adjust its policies and infrastructure to


accommodate all the new devices on the wireless network. Guest network access and


video conferencing are referred to as key contributors to
the strain on bandwidth.


Thomson, G. (2012). BYOD: Enabling the chaos.
Network Security
, 2012(2), 5
-
8.


This journal article addresses the need for IT professionals to embrace a different point


of view or "vision" when dealing with BYOD policy and
security. In the authors view,


IT must accept the amount of access but not accept the high levels of risks (Gordon,


2012). In order to achieve security and access, it suggested that newer more flexibility

BYOD:
A PERILOUS PATH



18


security models must be developed.


Ham
bien, M. (2012). Consumerization trend creates it worries, worker benefits. Retrieved July

29, 2012, from Computer World:

http://www.computerworld.com/s/article/9227238/Consumerization_trend_creates_IT_w
orries_worker_benefits?taxonomyId=220&pageNumber=2


Hambien cites a Cisco study that in summation proves points and counter points to the


consumerization

debate. The productivity gains are basically a wash against the


increased IT costs. Habien article highlights some key benefits of consumerization and


a few success stories that offer counter points against the arguments of this paper.


Johnson, K
. (2012).
SANS mobility/BYOD security survey

(B. L. Filkins, Ed.).

Retrieved July 26, 2012, from SANS Institute:
http://www.sans.org/reading_room/analysts_program/mo
bility
-
sec
-
survey.pdf


This report summarizes survey data collected from IT professionals on the topic of


BYOD security. Its goal is to identify what type application usage is currently being


leveraged at an enterprise level. In addition, the sur
vey covers topics concerning


policies and control mechanisms that enterprises are using to manage these mobile


devices. The research data clearly shows the low levels of understanding as it pertains


to BYOD security as a whole in the
information security community.


Kumar, A. (2012). Enterprise mobility strategy
-

should enterprise care. Infosys Labs Briefings,

BYOD:
A PERILOUS PATH



19

10(1). Retrieved July 30, 2012, from
http://www.infosys.com/infosys
-
labs/publications/Documents/winning
-
it/enterprise
-
mobility
-
strategy.pdf


In this briefing the author describes in detail a forecast and current state of mobility in


the enterprise. By defining user profiles, applications, and technologies in relationship


to the enterprise business model, Kumar gives a road map for making decisions about


BYOD. This briefing does not take a side in the debate on whether or not B
YOD


should be adopted, but rather assumes that it will and points out the practical matters


that will need to be addressed.


New survey finds that 78 percent of IT security professionals believe network access control is

an essential function to p
rotect enterprises from mobile device risks; security teams want
unified policy control for mobile devices and PCs in their network
.

(2012, Feb 21).
M2
Presswire
,
pp. n/a
.


This article is based on research performed by the Boston Research Group on behal
f of


ForeScout Technologies, an industry leader in network security controls. The impetus


of the article is to articulate to IT managers and networks security professional’s that


their fears of mobile devices on corporate networks are rational.

Based on the article,


most IT professionals would agree that the current control mechanisms and policy


apparatuses are inadequate to provide the necessary level of security.



The consumerization of enterprise mobility. (2012). Retrieved July 27,
2012, from TrendMicro:

BYOD:
A PERILOUS PATH



20

http://www.trendmicro.com/cloud
-
content/us/pdfs/business/white
-
papers/wp_bring
-
em
-
on
-
the
-
co
nsumerization
-
of
-
ent
-
mobility.pdf


This white paper produced by one of the leading antivirus and security companies and


explains exactly what Consumerization and BYOD is in simple terms. The bullet point


in this white paper strongly supports the
argument that there is a significant security


risk associated with the adoption of BYOD policies and the trend of consumerization in


the enterprise environment.