SINGAPORE--The technologies supporting bring-your-own-device (BYOD) trend in enterprises are not mature or secure enough to safeguard organizations' corporate networks. In fact, the road ahead for companies to ensure a secure environment will be "long and complex", says a local security consultant.
Yu Chien Siang, computer security consultant for Singapore's Ministry of Home Affairs, pointed out several reasons why the current technologies are not suited for BYOD. For one, many of today's mobile devices are consumer ones and not designed for enterprise use.
Primarily, this means that enterprise administrative control and settings cannot be implemented in these devices, Yu said in his keynote speech during the Infocomm Technology Roadmap 2012 conference held here Friday.
Even when installed, users tend to have the same effect as malware if the administrative controls impede the way they use their devices, the official said. This is because they will go ahead and uninstall the security protocols and controls given that the handsets or tablets usually belong to them anyway, he explained.
He suggested that virtualization for mobile devices could prove to be the answer for BYOD in the long run, as it would allow companies to "split" users' phones into two by partitioning the phone for both work and personal use. However, he said the current hypervisor technology for mobile devices is not "quite ready for prime time" although he did not elaborate.
"These reasons are why I think the technology for BYOD is not quite there yet," Yu stated.
Mobile security lacking
Additionally, the security consultant pointed out there is no effective anti-malware programs for mobile devices yet. This, coupled with the fact that more services requiring users' sensitive information will become available soon, means that mobile security landscape "can only get worse", he predicted.
Services such as near-field communications-based payment, the buying and tracking of stocks, and even password managers in the form of mobile apps have already or will be introduced into the market in the near future. When that happens, these will give cybercriminals more opportunities to exploit, he said.
While these are mostly bad news for companies, Yu urged companies to adopt a stance of "liquid defense". This involves creating a security system that is more proactive in managing all the endpoints and detecting potential attacks, as well as being mindful of the fundamentals in order to achieve cost effectiveness, he said.
In terms of tools, the consultant called on organizations to move away from perimeter defenses such as firewalls and antiviruses--which he said does not work at all--and look to more advance technologies such as whitelisting instead.