Security Policy for Cloud Based BYOD Scenario
09 Aug. 2013 Cloud Development
As cloud access becomes simpler with increasing number of devices such as laptops, notebooks, tablets, iPads, iPhones, Android phones and Windows phones, the risk of bypassing the security measures increases making the company data vulnerable.
Information is the lifeblood of any organization and if it falls into the wrong hands, the results may be disastrous. BYOD or Bring Your Own Device scenario has led to many security concerns for companies due to jail breaking, war walkers and virus attacks. This has made it very important for organizations to tighten their security policies and set some norms for BYOD.
BYOD cloud security Concerns
The first step to be taken is to formulate a security policy for tethered devices. Some of the major aspects are Bluetooth, encryption, password protection and use of cloud based applications. Each of these aspects brings forward a set of questions and concerns.
The use of Bluetooth in an organization can lead to security risks. For this purpose, the organization might either ask to turn off the Bluetooth and ensure this rule is followed strictly.
All wireless connections can be encrypted. However, hackers and data thieves can break in and put the data at risk. So the companies must ensure they have strong encryptions before allowing BYOD.
Another important point is that every company must have password protection for their data. There should be a set limit for the accessible data as well. For instance, if the password attempts fail for more than 3 times, the data should be either locked or completely wiped out. In case of wiping off the data, the demerits are even greater as sometimes an authorized person might find himself losing important data.
A major threat to data can be installation of frisky applications that might be serving as a data stealer. If these applications are used on mobile devices, the device can be jail broken or hacked.
Companies can protect all the devices from being jail broken, rooted or hacked. However, the solution for each device is different. Let us discuss the solution for each of the devices that can be at risk.
– Apple iPhones and iPads
One of the best methods to address tethering concerns in Apple devices is to set it in Airplane Mode. This will disable all wireless connections and the user will not be able to access any applications. iPad can be enrolled to MDM (Mobile Device Management) server to further alleviate the risk.
– Android phones and tablets
Enterprise level security tools can allow administrators to set encryption, data wipe out, set strong password security, control installation of applications as well as un-installation, turn off Bluetooth and Wi-Fi, blacklist users as well as applications, lock device and disable camera and microphone.
– RIM’s Blackberry and PlayBook
RIM offers an advanced tethering system that can help in data sharing prevention in Bluetooth-enabled devices. It can also encrypt data that is transferred through Bluetooth. Most importantly it helps prevent war drivers using GPS technology to track the location.
– Windows Mobile phones
Windows Mobile devices feature one tier and two tier access. The two tier devices offer enhanced permission options. It prevents users from installing unsigned applications on SaaS oriented devices and request for authorization on PaaS oriented devices.
In any case, companies need to communicate with the mobile device company to discuss their tethering policies. This can be achieved by getting a copy of tethering policy from the provider and then working out a policy with the MDM administrator.
Rishabh Software can help assuage BYOD cloud security concerns that arise from cloud based application. We ensure secure cloud app development through the use of latest security measures. To find out more about our cloud application development, call us at 1-877-RISHABH (1-877-747-4224) or fill in the contact form.