One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1937697 |
| Date de publication | 2020-09-24 23:08:00 (vue: 2020-09-25 00:12:32) |
| Titre | BYOD security explained: what is a BYOD policy? |
| Texte | This blog was written by a third party author What is bring your own device (BYOD)? Bring your own device (BYOD) describes the practice of using a personal device such as a smartphone or tablet to conduct business on an organization's network or with its data. Organizations constantly walk a tightrope with their BYOD policies to balance employee productivity and satisfaction against the effective management of cybersecurity risks. Early in the evolution of mobile devices, many enterprises were hesitant to officially sanction any personal device use on their networks due to numerous BYOD security concerns, including: Potential insecurity of devices and their threat as a malware vector on the network Amplification of insider threats from both malicious and negligent BYOD users Data breaches of personally identifiable information (PII) or intellectual property (IP) due to device loss or malware This led to many draconian BYOD policy bans against personal devices on the network that often created a disconnect between employers and their workers. Employees were frustrated with having to carry around a work phone and a personal device on the road, with the limitations of outdated corporate devices, and with the inflexibility of not being able to use the tools they felt they needed to get their work done effectively. In reaction to restrictive BYOD policies, many employees, managers, and even executives chose to find policy end-arounds, pushing a wave of shadow IT assets onto the network. These unmanaged devices often created more BYOD security problems than if an organization had found a way to develop more lenient BYOD polices and invested in the means to track and enforce how those devices were used to interact with network and applications. How should an organization approach BYOD security? Many organizations seeking to tackle shadow IT and enable digital transformation had already been working on transitioning to more flexible BYOD policies prior to 2020. With the world rocked by the radical shift to a suddenly remote workforce, business sustainability now mandates that nearly every organization accelerate the process of updating their BYOD security stance. Consider: COVID-19 closures pushed the incidence of U.S. full-time employees working from home from 33% to 61% From January to April 2020, access to the cloud by unmanaged, personal devices doubled 84% of organizations report they're likely to continue to support remote work flexibility long after stay-at-home orders are lifted 70% of large businesses believe remote work makes them more vulnerable to cyberattacks These statistics indicate that the genie is now fully out of the bottle with regard to BYOD. Highly distributed workforces will not only be more prevalent moving forward, but the variety of personal endpoints that employees use to connect to corporate assets will also likely grow. Security teams must contend with BYOD not just as a mobile phenomenon but also one that encompasses user-owned PCs, connected personal devices like smartwatches, and a full slate of other IoT devices. As a result, BYOD security programs must be equipped to provide highly secure remote access to corporate data from any device, and any location. Similarly, ef |
| Envoyé | Oui |
| Condensat | 2020 able accelerate acceptable access according actively after against already also amplification and/or any appetite application applications approach approximately april are around arounds assets attacks author automated average balance bans based been being believe between blog both bottle breaches bring browsing business businesses but byod bypassed can cannot capabilities carry changes chose click clicked closures cloud comes company component concerns conduct connect connected consider: constantly contend contents continue controls corporate course cover: covid created cyberattacks cybersecurity data defense describes detection develop device devices devise digital disconnect distributed dlp done doubled draconian due during early effective effectively employee employees employers enable encompasses end endpoint endpoints enforce enforceable enforcing engagement engineering ensure enterprises equipped establish even every evolution example executives existing experience explained: exploits features felt find flexibility flexible forward found from frustrated full fully genie get grow had have having helping hesitant highly home how ideally identifiable incidence including: indicate inflexibility information insecurity insider installment institute integrate intellectual interact invested iot it's its january just key large latest layers led lenient leveraging lifted like likely limitations line links location long lookout loss lost maintaining maintains make makes malicious malware managed management managers managing mandates many may means meantime mobile modern more moving mtd must nearly necessary needed negligent network networks not now numerous occurs officially often one only onto operating orders organization organization's organizations other otherwise out outdated over overlooked own owned ownership part party patch pcs personal personally phenomenon phishing phone pii plays polices policies policy possible potential practice prevalent prevention prior priorities privacy problems process productivity programs property protect protecting protection protects provide pushed pushing radical reaction ready received regard regardless remediation remote report require requirements restrictive result revisit risk risks road rocked role rules sanction satisfaction secure securing security seeking sensitive services shadow shift should similarly six slate smartphone smartwatches social software solutions stance standards statistics stay stipulations stolen such suddenly support surprise sustainability system tablet tackle teams technology than them these they're third those threat threats tightrope time today’s tools track transformation transitioning transmit transparency types uem ultimately unified unmanaged update updating url use used user users using variety vector vectors version visibility vital vulnerability vulnerable walk wave way what when whether which will wipe work workers workforce workforces working world written year you: your |
| Tags | Malware Vulnerability Threat Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.