Welcome!

Mobile IoT Authors: Zakia Bouachraoui, William Schmarzo, Liz McMillan, Elizabeth White, Yeshim Deniz

Related Topics: Mobile IoT, Microservices Expo, Wearables, Cloud Security

Mobile IoT: Blog Post

The Challenge of BYOD

Managing security in a mobile universe

Don’t care how…I want it now!
-Veruca Salt (Willy Wonka and the Chocolate Factory)

We live and work in a world of immediate gratification. In the name of greater productivity if you need to check inventory from a supplier’s warehouse…click there it is. Share a file on Dropbox, no problem. Add detail about a meeting in the sales database… click! Update your Facebook or LinkedIn status. Email a white paper to a potential client...click, click. Want to see that flying pig meme…well, you get the picture.

Now that’s not necessarily a bad thing…unless you’re an IT professional and the those accessing and storing your network assets use unsecured/unauthorized devices while potentially bypassing security protocols. But unlike Veruca Salt quoted above, it isn’t the user who falls into the garbage chute—the risk is to the security of the network. And it's happening more often than you think.

Many organizations are now allowing employees to use their personally-owned devices for work purposes with the goal of achieving improved employee satisfaction and productivity. However, this comes at an IT price. Users love the mobility and the immediacy of smart phones and tablets, but forget these devices are just hand-held computers prone to the same intrusions, attacks, viruses and risks as the computers used in the office. The larger problem is many users don’t see that, so every time they sign on to your network or download an app, it creates a wider and wider vulnerability gap for the enterprise network.

This issue is not unique to a company of any particular size or one vertical market, however the solution, whereas not simple, is clear. There are several moving parts that require elements of identity management, access management, SIEM, WebSSO and SaaS SSO. It incorporates a suite of integrated answers that together can let you rest a little better at night. The idea that if you build a strong perimeter or have users install anti-virus on their devices, the problem goes away. It simply puts the finger in the dyke, and the overriding issue still exists. Your proprietary assets are still exposed.

First off, regardless of whether you approach the solution from the cloud or more terrestrial confines, you need to rethink the risk, revise the policy and enforce the rules. You have to consider how best to maintain compliance (PCI, HIPAA, and/or Sarbanes-Oxley), and you need to incorporate the answer holistically. To this end you need new protocols to authenticate and credential users, define authorization rules based on very specific rights and profiles and monitor traffic patterns to identify, alert and act on any unusual activity.

This takes time, money and manpower. All of which are typically in short supply for new IT initiatives. That is why I advocate security-as-a-service. BYOD is a threat that will only grow exponentially and the longer you wait to address the issue head on, the greater the vulnerability gap. However, by taking advantage of the integrated solutions managed from the cloud, organizations gain the benefit of cost-effective, seamless, on-demand, scalable coverage. If you already have a strong SSO, then you don’t add it. If all you require is additional resources to improve intrusion detection and/or password management, the cloud solution exists to leverage your existing architecture. Essentially cloud-based security fills the vulnerability gap with proven and tested solutions monitored 7/24/365.

Managing security in the cloud provides the resource bandwidth to create the rules, easily provision or deprovision devices, automate the alerts and incorporate a more comprehensive and layered protection strategy that includes the BYOD crowd.

But whatever your decision, you need to address the issue sooner than later, because if you don’t take charge, your employees will self-serve based on their own needs. There’s a prescient blog by Joe Onisick of Network Computing who said:

“If you don’t support a particular device, employees will begin to find ways to self-support it. They will bypass corporate IT and, with that, bypass security, compliance, change management and audit logging. It’s a problem that will continue to get worse, and, as with any problem, an ounce of prevention is worth a pound of cure.”

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

IoT & Smart Cities Stories
The Founder of NostaLab and a member of the Google Health Advisory Board, John is a unique combination of strategic thinker, marketer and entrepreneur. His career was built on the "science of advertising" combining strategy, creativity and marketing for industry-leading results. Combined with his ability to communicate complicated scientific concepts in a way that consumers and scientists alike can appreciate, John is a sought-after speaker for conferences on the forefront of healthcare science,...
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by ...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
DXWorldEXPO LLC announced today that Ed Featherston has been named the "Tech Chair" of "FinTechEXPO - New York Blockchain Event" of CloudEXPO's 10-Year Anniversary Event which will take place on November 12-13, 2018 in New York City. CloudEXPO | DXWorldEXPO New York will present keynotes, general sessions, and more than 20 blockchain sessions by leading FinTech experts.
Apps and devices shouldn't stop working when there's limited or no network connectivity. Learn how to bring data stored in a cloud database to the edge of the network (and back again) whenever an Internet connection is available. In his session at 17th Cloud Expo, Ben Perlmutter, a Sales Engineer with IBM Cloudant, demonstrated techniques for replicating cloud databases with devices in order to build offline-first mobile or Internet of Things (IoT) apps that can provide a better, faster user e...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (November 12-13, 2018, New York City) today announced the outline and schedule of the track. "The track has been designed in experience/degree order," said Schmarzo. "So, that folks who attend the entire track can leave the conference with some of the skills necessary to get their work done when they get back to their offices. It actually ties back to some work that I'm doing at the University of ...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
Rodrigo Coutinho is part of OutSystems' founders' team and currently the Head of Product Design. He provides a cross-functional role where he supports Product Management in defining the positioning and direction of the Agile Platform, while at the same time promoting model-based development and new techniques to deliver applications in the cloud.
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...