Security remains an 'afterthought' in enterprise mobility

Enterprises in Asia generally do not prioritize security but instead focus on using BYOD to attract young talent and for productivity, according to participants in a ZDNet roundtable.

Enterprises in the region do not prioritize IT security with regard to bring-your-own-device adoption among employees.

SINGAPORE--Organizations in Asia still do not prioritize security amid increasing BYOD (bring-your-own-device) adoption, and should focus more on securing applications and data alongside mobile devices.

According to participants at a ZDNet roundtable held here Wednesday, security is still not at the top of business priorities when implementing BYOD and remains an "afterthought" for most organizations.

This is especially so with Generation Y employees entering the workforce and the competitive fight for talent, pointed out Ng See Sing, head of portal city and business application services at NCS. 

Elaborating on his point, Pratyush Khare, technical director of archival solutions at Hitachi Data Systems Asia-Pacific, noted companies typically end up implementing BYOD to " keep their employees happy ".

Enterprise policies governing BYOD also usually are not in place, observed Guido Crucq, general manager for security solutions at Dimension Data Asia-Pacific, who noted that organizations often prioritized BYOD for productivity instead of looking at the security element behind BYOD.

Stuart King, strategy director of end user computing business at Dell Asia-Pacific agreed, citing a survey conducted by the hardware maker which found 50 percent of end-users said there were no corporate policies within their organization governing BYOD.

Such security measures should not be neglected as the risks of mobile devices to a company's network is very real, Oh Sieng Chye, virus researcher at ESET, pointed out. A mobile device is essentially a computer and poses risks as soon as it is attached to a corporate network, he explained.

Even though there have not been records of malware causing disruption to enterprises yet, nobody knows if the malware is lurking within the organization, Oh noted.

The roundtable participants further observed that organizations in the region face several constraints when it comes to BYOD.

Here, adoption in Asian organizations would happen in two ways--"accidental" or "planned", observed Jimmy Sng, partner in technology advisory practice at PwC Singapore. At most companies in the region, it is commonly "accidental", he pointed out. The management may want it for convenience, and subsequently the IT organizations do not know how to deal with it, Sng explained.

The IT department has to consider the company's data regime, while others must deal with IT resources including human resource and budget because mobility is moving faster than IT devices are distributed, making it hard to create data policies and estimate resources needed to tackle the associated challenges , he said.

Greater emphasis on apps, data over devices

Moving forward, John Brand, vice president and principal analyst at Forrester Research, advised enterprises to  focus on securing data instead of mobile devices since cybercriminals target organizations for the information they have.

He also noted that devices will evolve in the next years in response to the security industry, but data will still be targeted by cybercriminals.

Crucq added that the need to  secure enterprise apps which drive productivity also has been neglected by organizations which must focus more on securing apps rather than restricting access to them.

Many corporate policies also look at securing the device, but neglect the fact that data and apps are the most important components within the organization, he added.

Stephanie Boo, regional director of South Asia-Pacific at FireEye agreed, noting that apps were the biggest challenge and another point of vulnerability when it comes to IT security related to BYOD adoption.

Organizations should strive to upgrade applications and roll out patches for application vulnerabilities, Boo advised.

The FireEye executive and ESET's Oh will be speaking at a mobile security workshop to be held this week at the CommunicAsia 2013 tradeshow.

Roundtable participants:
Guido Crucq, general manager for security solutions, Dimension Data Asia-Pacific
- Jimmy Sng, committee member at Association of Information Security Professionals (AISP); and partner in technology advisory practice, PricewaterhouseCoopers (PwC) Singapore 
John Brand, vice president and principal analyst, Forrester Research 
Ng See Sing, head of portal city and business application services, NCS
- Oh Sieng Chye, Virus researcher, ESET 
- Pratyush Khare, technical director of archival solutions, Hitachi Data Systems (HDS) Asia-Pacific 
Stephanie Boo, regional director of South Asia-Pacific, FireEye 
Stuart King, strategy director of end-user computing business, Dell Asia-Pacific and Japan