New security challenges emerge with BYOD and mobility, says study

by CXOtoday News Desk    May 22, 2013

Security

While Bring Your Own Device (BYOD) policies and mobility have resulted in increased enterprise productivity gains, they were also identified as major areas of concern for data security. This was revealed today in a study conducted by Cisco and Data Security Council of India (DSCI), titled Reinventing the Network in the Context of Security. The report is based on interviews with over 90 top security leaders and CIOs across industry verticals with focus on BFSI, IT/ITeS, Engineering Services and PSU in India.

The study revealed that the current generation of security capabilities implemented by organisations in India can protect them from traditional threats, but might not be enough to address the ever-evolving threat landscape. Therefore, organisations need to re-assess their security ecosystem and evaluate capabilities of next-generation security if they want to implement BYOD and mobility.

Embracing mobility

Organisations as well as employees are embracing mobility because of improved employee productivity and enhanced user experience. About 66 per cent of security leaders in India encourage employees to bring their own device to work and 44 per cent allow employees to select and use a specific set of personally owned devices. As BYOD becomes a key enabler for improved efficiency in the workspace, 72 per cent of security leaders have witnessed an increased demand for flexibility in using endpoint devices. That said, 59 per cent also believe that rigid policies around the endpoints are frustrating business users.

And 63 per cent of the respondents agree that the business groups and their access requirements are getting complex, while 64 per cent indicate that there has been a rapid increase in requests for authorizing access to mobile devices. And 58 per cent of the security leaders said that they allow controlled access to Emails and calendars and 40 per cent offer desktop virtualization access from any device.

The technology transformation driven by mobility, BYOD, virtualisation and cloud challenges the conventional security strategies in many aspects. The current capabilities are not sufficient enough to cater the challenges posed by the technology transformations and persistent and ever evolving threats. The survey, conducted under DSCI and Cisco thought leadership program, confirms these facts. The program, designed to deliberate on engineering evolution of network security, will bring more such content for the benefit of security community in the country
-Vinayak Godse, Director, Data Protection, DSCI

Cloud and outsourcing

Organisations are hesitant but allow data to cross organizational boundaries. About 46 per cent of security leaders said that the adoption of cloud is leading to multiple connection of external application or externally provisioned systems while 40 per cent of the respondents said that the increasing adoption of cloud storage facilities causes data to be placed away from the organization’s boundaries. And 52 per cent agreed that they see an increasing adoption of cloud-based applications.

Challenges in managing the network

About 77 per cent of the leaders said that the attacks are originating from multiple channels and the attack payload is getting increasingly advanced. More than two-thirds (69 per cent) of the security leaders reveal that managing policies and configuration of devices is a complex undertaking.

Threat and malware protection (86 per cent), quarantine of non-standard devices (83 per cent), enforceability of network policy on mobile devices (83 per cent), encryption of communication and data (79 per cent), and security scanning of mobile devices (75 per cent) were key concerns for the protection of the endpoints by the respondents of the survey. 40 per cent of the security leaders consider securing the advanced mobility enabled enterprise applications a key challenge

The survey also shows that 62 per cent of the security leaders believe that applications are no longer residing in the corporate datacenter.

Current state of network security

About 56 per cent of the respondents felt that current solutions are ineffective in managing the security of mobile, BYOD, and virtualization. And 53 per cent also said that they don’t have the capability of integrating external and internal intelligence while 43 per cent of security leaders indicate that capabilities for detecting and blocking attacks that detect known vulnerabilities are insufficient to address threats in the present scenario.

Only 53 per cent of the respondents said that their existing solutions are incompetent to withstand sophisticated, targeted and persistent threats. The survey revealed that the combination of various security capabilities working in tandem brings intelligence in to the system—about 55 per cent confirmed that firewalls in combination with IPS are able to block security attacks to an extent.

A majority of respondents, 79 per cent, seemed significantly worried about the targeted and organized nature of threats aimed at achieving specific objectives. And 80 per cent also indicated that social engineering is increasingly used for compromising security.

Network evolution

The increase in endpoint technology and demand by users to access information from outside the organizational boundary is driving the demand for network security solutions. 85per cent of respondents indicate that integrating global intelligence such as blacklisted addresses with vulnerabilities is critical to network security architecture.

The survey respondents have assigned highest importance (92 per cent) to the ability of policies to respond to threats; they are equally worried (86per cent) about the consistent enforcement of policies irrespective of physical or virtual deployments.

And 82 per cent desire capabilities such as, authentication and authorization of users based on who, what, where, when, and how including granular access capabilities. The ability to dynamically encrypt data while it is being accessed or transmitted is another important element mentioned by a majority (87 per cent) of respondents.

The survey also revealed that the adoption of next-gen security solutions has immense challenges –about 63 per cent of the respondents said that managing the solutions will require additional skills and effort, adding to cost. And 55 per cent have also said that the phasing in of the current investment on security will be difficult.

“Risks from external and internal threats are continuously increasing, with this; the role of the network has also undergone a major transformation.  CIOs today need to look at a security framework that is robust, integrated and pervasive,” says Mahesh Gupta, National Manager, Borderless Networks Sales, Cisco India and SAARC.