BYOD + IOT ≠ Security.
BYOD, IT Security, and The Internet of Things
Last year, the number of smartphones in the world hit a new record. Out of the 4.55 billion cell phone users worldwide, 1.75 billion of those were using smartphones. Users are rapidly switching to smartphones as these devices become more affordable, and as 3G and 4G networks are introduced into key markets, allowing faster than ever data transfer rates. For businesses, this increasing smartphone penetration has significant implications. As more businesses adopt BYOD (Bring your own Device), IT security professionals and CIO leaders will need to address the issues of security that are introduced as business data is taken on the road, and exposed to external networks.
How Does BYOD Impact IT Security?
Data security consultants, and anyone involved in information technology or management, will need to be clear on the risks that are introduced with BYOD.
A company that allows BYOD is able to receive great benefits from doing so. Systems that allow for users to bring their own devices mean that staff are able to use devices that are familiar to them, which can reduce training time and increase efficiency. At the same time, businesses can save significant amounts of money on IT procurement, because users are bringing their own cell phones, tablets, and even laptops, from home.
There are even benefits to recruiting - new hires will be more comfortable with their own device and the option to bring it in, instead of having to juggle phones and computers.
Even with these key advantages, there are some problem to overcome. The biggest challenge with BYOD is security. A BYOD device would be almost worthless if it didn’t have sufficient access to a corporate network, so that a staff member can easily obtain the information and run the applications that they need to perform their jobs. This means opening up access to systems which would have previously been protected by closed networks accessed by in-house devices, with security enforced through strict and robust security policies.
Another challenge exists when employees leave a company. Because they take their devices with them, there needs to be a mechanism in place that prevents access from devices that are no longer associated with an authorized staff member. Compared to a model without BYOD, this adds another layer of security, and a number of process layers within the organizational structure of a business. Without addressing this type of situation, businesses would be putting themselves at significant risk.
Security Is Even More Important than Ever with IoT
The Internet of Things has been called the future of business, computing, and entertainment. Indeed, IoT covers all of these areas, whether you look at a smart TV, an internet capable MRI machine, or even the cloud services that deliver email, streaming video, or music, to devices that will work from anyplace where there is an internet connection.
IoT exists in complex industries, too. Consider a production line that utilizes networked sensors along the line, which then transmit data in real time between ordering systems, packing robots, and even dispatch centers, to coordinate logistics. Considering the data that is collected using IoT sensors, and then the possibilities there are to interface with this data by using BYOD devices, it becomes clear that a system utilizing IoT technologies and BYOD access policies, needs to be secured to the highest industry standards.
Security breaches could mean that an unauthorized party is able to gain access to production data or even sensitive manufacturing secrets, or that a previous employee is able to take data and learnings to a competitor, using their own device that was once legitimately authorized through BYOD policies.
Similar risks exist in any industry. If you are an IT data security consultant within a contact center business, you could be tasked with protecting CRM systems, billing information, payment gateways, and other critical systems. Sales reps, telephone agents, and remote staff could all be using BYOD devices to connect to a decentralized cloud solution. Ensuring that access control and other security measures are present, will be a core aspect of the solutions that you design and implement. The reality is that a single violation can expose your entire network, making it critical to hire the right people and solve for these problems internally and for your clients.
Who are The Big Players in IT Security Today?
You only need to look at the world’s largest information security consultancies to see that data security is a big business.
Deloitte, currently the biggest player in IT security, made over $2 billion in revenue from security consulting in 2014. Other leading companies are seeing similar growth, with all of the top five, including IBM and KPMG, seeing revenue growth in security consulting. All of the top five exceeded 5% growth between 2013 and 2014.
This means that not only is there a clear growing need for security consulting, but also that there will be an increased demand for IT security consultants who are experienced in the latest technologies, including cloud and IoT technologies. The demand has been partially spurred on by high profile data security breaches, especially those at government level.
Businesses and Professionals Should Prepare for a Growing Market
Not only do businesses need to assess and respond to their needs regarding BYOD, IT security, and overall risk management, but they will need to begin to seek the most qualified consultants to lead their security initiatives.
Likewise, qualified candidates who are entering the job market need to seek out the most promising opportunities. Such as those that exist with businesses where they will have the opportunity to demonstrate their expertise in new and emerging IT technologies.
Moving forward, the businesses and professionals who recognize the importance and opportunity within data security consultancy, will be the ones who benefit the most in the next five years, when both IoT and IT Security are expected to experience drastic market growth.
How are you hiring to fill the need? Let's talk and see how your BYOD security concerns can be solved with a single hire - IOT Security Officer.
Dynamics 365/Power Platform Specialist at LCI Education
8 年Thanks Mr. Bill for all the wisdom transmitted in this article. In my opinion the most important start point is the political structure that will enhance the overall management of the "device mesh". Also the perimetrical security is an old concept that need to be replaced with proactive protection of data in every transacction, reducing the security gaps in a bottom-up proccess.
Researcher | Educator | Engineer
8 年Wow, great insight about security in regards to BYOD and IoT. Thanks Bill.
Content Writer and CM Strategist
8 年Words of Wisdom! Worth to Read!
Empowering Organisations for the Future of Work
9 年It is a natural evolution of the move to cloud based services that the end device becomes more and more just an access device, akin to the terminal back in the days of centralised computing. BYOD and private cloud services really go hand in hand, of course it goes without saying the correct controls need to be in place to manage access and data exchange. Now, you are absolutely right, IoT adds a whole new dimension to this puzzle and necessitates a focus on risk assessment and mitigation plan - the technology exists but must be deployed correctly to ensure data loss and unauthorised data manipulation are avoided.
ITSM and NetOps Consultant
9 年A clear and comprehensive corporate BYOD policy is the first step of security as it should define the line which separates personal from professional/corporate information and data in a BYOD environment. Policy must be agreed upon before any non-corporate device can access corporate network and data.The tools and technology used are obviously important when securing data in a BYOD environment, buy Policy is key, as all parties clearly know and agree upon the terms of how security issues should be dealt with.