Tech supporting BYOD 'not quite there'

Tech supporting BYOD 'not quite there'

Summary: Lack of control over employees' mobile devices and people's propensity to weaken security when deployed by uninstalling programs means bring-your-own-device trend a liability.

TOPICS: Security, Mobility

SINGAPORE--The technologies supporting bring-your-own-device (BYOD) trend in enterprises are not mature or secure enough to safeguard organizations' corporate networks. In fact, the road ahead for companies to ensure a secure environment will be "long and complex", says a local security consultant.

Yu Chien Siang, computer security consultant for Singapore's Ministry of Home Affairs, pointed out several reasons why the current technologies are not suited for BYOD. For one, many of today's mobile devices are consumer ones and not designed for enterprise use.

Primarily, this means that enterprise administrative control and settings cannot be implemented in these devices, Yu said in his keynote speech during the Infocomm Technology Roadmap 2012 conference held here Friday.

Even when installed, users tend to have the same effect as malware if the administrative controls impede the way they use their devices, the official said. This is because they will go ahead and uninstall the security protocols and controls given that the handsets or tablets usually belong to them anyway, he explained.

He suggested that virtualization for mobile devices could prove to be the answer for BYOD in the long run, as it would allow companies to "split" users' phones into two by partitioning the phone for both work and personal use. However, he said the current hypervisor technology for mobile devices is not "quite ready for prime time" although he did not elaborate.

"These reasons are why I think the technology for BYOD is not quite there yet," Yu stated.

Mobile security lacking
Additionally, the security consultant pointed out there is no effective anti-malware programs for mobile devices yet. This, coupled with the fact that more services requiring users' sensitive information will become available soon, means that mobile security landscape "can only get worse", he predicted.

Services such as near-field communications-based payment, the buying and tracking of stocks, and even password managers in the form of mobile apps have already or will be introduced into the market in the near future. When that happens, these will give cybercriminals more opportunities to exploit, he said.

While these are mostly bad news for companies, Yu urged companies to adopt a stance of "liquid defense". This involves creating a security system that is more proactive in managing all the endpoints and detecting potential attacks, as well as being mindful of the fundamentals in order to achieve cost effectiveness, he said.

In terms of tools, the consultant called on organizations to move away from perimeter defenses such as firewalls and antiviruses--which he said does not work at all--and look to more advance technologies such as whitelisting instead.


Topics: Security, Mobility

Kevin Kwang

About Kevin Kwang

A Singapore-based freelance IT writer, Kevin made the move from custom publishing focusing on travel and lifestyle to the ever-changing, jargon-filled world of IT and biz tech reporting, and considered this somewhat a leap of faith. Since then, he has covered a myriad of beats including security, mobile communications, and cloud computing.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • As the knowledge worker I'll decide

    what tools I use and where I store the information that I create. If IT gets in my way then I go around them.
  • Securing Consumerised Devices Is Hard

    Having lived in the security space for many years and watched the BYOD issue develop in recent years I could not agree more that the vendor solutions currently presented leave a lot to be desired. Due to the nature of mobile technologies there is no easy way to manage, deploy and secure them as has developed over the years in the PC world. We are back to the beginnings of the challenges of how to support multiple immature platforms with the added challenge of different hardware and OS platforms and an architecture that does not lend itself well to being managed in a group way. After all mobiles are driven by the consumer world and that in itself is a very different proposition. Expect this to proliferate as a challenge for many years to come until some standards emerge that enable a centralised approach where chosen to managing and securing such agnostic devices.

    Ian Moyse
  • BYOD

    BYOD is definitely some uncharted waters. It will be interesting to see how these developments change the industry. Great article, Kevin.

    Mosaic Technology
  • BYOD workaround

    Has anyone seen Framehawk?