Remember when there was much media coverage, analyst commentary and corporate angst around bring your own device (BYOD): employees wanting to use their own smartphones, laptops, notepads into the corporate IT environment?
There was much debate about the pros, cons and risks of doing so, and widespread opposition. In September 2011 I reported “A new study today revealed most employers, in Australia and New Zealand, did not accept BYOD (bring-your-own-device) practices and still preferred to provide their employees with corporate’s mobile devices when needed.”
Security was the big concern and a number of startups such as AirWatch, Good Technology, Zenprise and Sybase emerged to address a market that went under the umbrella term of mobile device management.
Bring your own ‘thing’
History has a habit of repeating itself and the concerns levelled at smartphones, laptops and notepads are now being levelled at devices that could be equally dangerous to corporate IT security: personal assistants like Amazon Echo, Google Home and Apple.
In a recent media alert, Steve Hunter, Forescout’s senior director of systems engineering for Asia Pacific and Japan, said: “Tools like Alexa and Home are incredibly useful and convenient. People are used to having them at home and they will want to bring the same level of convenience into the office with them.”
He predicted that these next generation consumer-facing devices that “aren’t necessarily productivity tools but, rather, personal devices that people enjoy using,” would constitute “the next wave of IoT devices to enter the corporate environment In Australia and New Zealand.
Hunter continued: “The risk of IoT devices in the enterprise being absorbed into a botnet, practically speaking, has not been commonly seen in the wild, because companies have a long history of having strong perimeter controls in place. But enterprise IoT devices are normally internally-focused as opposed to personal assistant-style devices that are outward looking towards the public internet.
“This makes it difficult to assess whether the traffic to and from these devices is malicious compared with internally-focused devices where communication with the public internet is a strong signal the device has been compromised.”
Today, BYOD has ceased to become an issue. Mobile device management – the ability to secure and manage the data, applications and corporate IT components accessible from a personal device — has become just a standard offering from major software vendors.
Almost without exception those startups focussed on mobile device management have been swallowed by larger players. VMware bought AirWatch, Citrix bought Zenprise, Blackberry bought Good Technology, SAP bought Sybase.
A new opportunity for startups
However, Hunter says, this second iteration of BYOD “introduces devices where such software agents cannot be used to provide security.”
He says the answer is for organisations to deploy visibility tools that let them see definitively every device that’s connected to the corporate network, along with that device’s activity, so they can segment the network and treat devices according to their level of risk.
That might be easy to do in principle but challenging to do in practice and at scale as employees come and go, change roles, change devices etc. A new opportunity for innovative startups perhaps?