Bringing your own device to work may leave the door open for malicious attacks

July 24, 2012

Companies that encourage their employees to bring their own laptops to work may be leaving themselves open to "a complex melting pot of security challenges," according to industry analysts.

As collaborative cloud services such as Dropbox and iCloud have become a quick way for documents or images to be distributed among co-workers, especially those who are telecommuting on a regular basis, it can be difficult to for some companies to police what has been transferred through the cloud. According to CSO Online, the increase in "mobile productivity among employees" can introduce malware to a previously closed system while devices can be vulnerable to theft and employee carelessness.

Even traditional email can be affected with companies increasingly aware that a Bring Your Own Device policy (BYOD) can make employees unaware of the dangers of transferring sensitive data through email.

In May of this year, IBM issued a set of seemingly draconian policies for employees that banned the use of cloud services provided by competitors, which included the use of Apple's Siri application, and forbade forwarding corporate emails to private accounts to be read at a later date or using the same password on multiple sites.

Speaking to MIT's Technology Review, Jeanette Horan, chief information officer of IBM, claimed that there was "a tremendous lack of awareness [among employees] as to what constitutes a risk." However one school of thought suggests that identity management can be the key to securing email with companies responsible for creating a " digital identity for employees," which will then, according to Richard Parris of Intercede, "track who is sending which email and information to whom, when and protecting it in transit and at rest."

"It must also be run on a secure platform that delivers tightly controlled policy to enforce data labeling, digital message signing, encryption and checking of the actual content,." said Parris, who formerly held a technical position at Boeing Computer Systems.

Parris also believes that companies that supply "high-security customers" should have to comply with information security standards as detailed in the Transglobal Secure Collaboration Program required by NATO, the U.S. and U.K governments.

"Since email is the primary method of information sharing, enterprises must keep it secure, to protect intellectual property and to compete in the global business environment," Parris said.

-McAfee Cloud Security