With the unprecedented rise of mobile devices, Bring Your Own Device (BYOD) has become a convenient way of everyday work to access email and other digital data outside of the office. But what about security and privacy?
Even those who do not have a business cell phone are often willing to use their private cell phone or tablet to be productive outside of the office. Of course, BYOD also brings new security risks. Even before the pandemic, companies were struggling to balance the desire of employees to work remotely against the vulnerabilities it opens up for cybercriminals to gain unauthorized access to corporate networks. The dramatic increase in teleworking in recent years has once again accelerated the BYOD dynamic. 60 percent of companies have expanded their BYOD programs during the pandemic, according to an industry study by Palo Alto.
BYOD and mobile device management
Many companies have turned to mobile device management (MDM) technologies to gain at least some control over work activities on employee devices. However, this method can violate employee privacy, which is why many workers are reluctant to install the software. This shifts control of the device to the employer, who would now have the ability to remotely control apps and data on the device depending on the circumstances and level of risk. Although these rights only apply to work-related applications and data, there is also a risk that personal data may be accidentally deleted, leading to wider privacy concerns.
In addition, most MDM tools allow organizations to access sensitive employee information, even beyond the virtual personal partition. For example, by implementing MDM solutions, companies often get their employees' browsing history, which can lead to difficult situations, such as when the employer learns that a team member is looking for a new job. In addition, MDM also gives organizations access to location data, potentially allowing them to monitor employees who call in sick or who work from home. In these circumstances, important data protection boundaries are easily exceeded.
Security and privacy: New solutions
Security and data protection must be balanced in order to create a working environment that facilitates technology-enabled processes without opening the door to data thieves. For heavily networked environments, companies should therefore rely on the implementation of authentication technology that guarantees both security and the protection of employee privacy. A cryptographic binding of the identity to each device creates a high level of trust in the authenticating user and provides proof that it is an authorized user and an authorized device. However, this does not automatically prove that the device can be trusted.
Companies must therefore also ensure that the device meets the necessary security requirements, for example that the firewall is activated. Trust in the device can only be built if it is ensured that the necessary security checks are actually carried out.
Constant safety checks are mandatory
It is important to note that device safety is constantly changing. Companies distribute changes to end devices, employees change settings themselves according to taste - and attackers paralyze security. For this reason, continuous checks are required to ensure that the device remains secure over the period of use, and not just at the beginning of authentication.
Binding the device to an identity, combined with continuous monitoring of the device's security posture, is key to a secure identity authentication process. This allows organizations to close security gaps in unmanaged endpoints without the negative impacts associated with traditional MDM solutions and compromising employee privacy. This strikes a balance between security, privacy, and ease of use.
More at BeyondIdentity.com
About Beyond Identity Beyond Identity revolutionizes secure digital access for internal employees, external and outsourced employees, customers and developers. Beyond Identity's Universal Passkey architecture provides the industry's most secure and frictionless multi-factor authentication, preventing credential-based security breaches, ensuring device trust, and enabling secure and frictionless digital access that completely eliminates passwords.