I was recently asked to represent ISACA in a webinar for Infosecurity magazine that will be running in its Summer Virtual Conference on 9 August 2012. The session , “Providing Smart Security for Smart Devices,” will discuss the risk and rewards of mobile access. This is a topic ISACA also explored in a recent survey.
It can be very daunting for an IT department to think about all the risks and issues that present themselves when employees are allowed to connect their own personal devices to the company’s network (known as bring your own device, or BYOD). While BYOD can potentially increase productivity, employees may not really understand the risk these devices pose—especially when hackers have found weaknesses in their phones. Will we ever feel comfortable with the concept of BYOD, and is it possible to control the risk?
These are the questions we will explore during the webinar. In the meantime, ISACA has a great guide on what you can do to secure mobile devices as well as the mobile computing community in its Knowledge Center. This research not only discusses the risk and controls around mobile devices, but also educates us on why we, as IT auditors and security professionals, need to be more open to the concept.
It’s very easy for us to say “No mobiles devices in the network.” But is that the best answer for the business? Not according to the research. We need to accept the fact that personal Droids and iPhones are dominating the market, and employees are finding ways to work more efficiently and effectively with them.
What next? Review your policies; in them, acknowledge the fact that mobile devices have infiltrated the network and set standards on how to control them. Review your security awareness training, and educate the employees on the risk and rewards of using their smartphones. Investigate the use of mobile device management (MDM) solutions. Yes, there will be an investment in time and money, but it may be far less than the cost of not allowing smartphones into the network!
Matthew J. Putvinski, CISA, CISSP, CPA
Program Director, ISACA New England Chapter
Director - IT Assurance and Security Services, Wolf & Company, P.C., USA
We welcome your comments! Please log in using the Sign In link at the top right of this page and then leave your comment in the box at the end of the post. To view all blog posts, please click on the ISACA Now link in the blue box on the left.