Skip Navigation
BlackBerry ThreatVector Blog

How to Effectively Secure Endpoints in the “Bring Your Own Everything” Era

1140691246

The modern enterprise has never been more complex. This is especially true when it comes to the diverse endpoints workers use every day to do their jobs. There once was a time when users had essentially two choices when it came to their work devices: a notebook or a desktop. Today, staff rely on many more types of devices — from smart watches to desktop PCs — to work. Today’s devices also run more work-critical systems and processes, and access more critical data, from anywhere.

This makes securing enterprise endpoints more difficult. It’s not the case that enterprises are having difficulties due to being inundated with thousands of devices with various operating systems — that much, most enterprises can cope with. It’s so arduous simply because enterprise security teams don’t have much control over what personal devices users choose and use to access corporate resources.

This rise of bring your own devices (BYOD), along with ubiquitous access to cloud applications and services, as well as the increased consumerization of enterprise apps, means enterprises need to get good at securing these devices quickly. According to this recent report from Mordor Intelligence, the BYOD market reached $186 million in 2019, and should reach $430 billion by 2025, growing 15% annually.

While the BYOD trend was well underway prior to the pandemic, the impact from the novel coronavirus on work-from-home trends has considerably accelerated its widespread adoption. Of course, this means staff work outside of the protections of the enterprise network and enterprise security software. While they are working from home, staff will be much more inclined to use different types of devices and even consumer applications in order to do their work.

This isn’t going to be a situation that rectifies itself anytime soon. By some estimates, about 25% to 50% of workers who previously went to an office to work will remain working from home for the foreseeable future.

Steps Enterprises Have Taken to Secure BYOD

It’s a good thing, as a recent Frost & Sullivan analysis found, that 70% of U.S. businesses have BYOD policies already established. That means, essentially, that organizations will do their best to secure employee-owned devices. According to the Frost & Sullivan analysis, of those organizations that support BYOD, 94% support smartphones, and 58% support tablets, with support for personal laptops being much lower. “Typically, the security extends to allowing access to smartphone apps for email, CRM, data dashboards, and other systems,” the Frost & Sullivan report explained, also noting that it’s not enough.

“Some companies also have proprietary messaging networks. Considerably fewer enterprises secure personal—or even their own—devices in terms of talk and text, which can leave these devices vulnerable to a cyber intrusion if company or customer information is transmitted through unsecured channels,” the research firm said.

This is no small risk. Personal devices will interact with countless other systems and third-party applications. The study cited how app stores curators detect and block an average of 24,000 malicious apps every day. And that the typical smartphone owner has from 60 and 90 apps installed. “Phones, tablets, and laptops may also link to connected cars and smart home solutions (smart TVs, connected thermostats, video doorbells, and surveillance cameras—the latter of which are among the most-hacked home devices), and will connect to home networks as well as less-secured third-party Wi-Fi,” the report noted.

The Risks of Uncontrolled Connections

All these connections create risks. When an attacker gains a foothold on a user’s endpoint, they are one step away from using that access to gain access to the enterprise network or enterprise cloud apps. With a single username and password, an attacker can quickly move beyond the endpoint onto more valuable resources. These types of stealth attacks can take weeks or even months to detect.

With the dramatic shift in device usage, data flow, and the ever-expanding attack surface, enterprises can’t rely on the same security strategies they’ve used in the past. Organizations need to create comprehensive policies that can protect their expanding attack surface.

Here’s how Frost & Sullivan advises enterprises go about doing it:

1)      Ensure Control and Visibility Across Ever-Increasing Endpoints

Complicating the growth in the number of connected devices is how different components of a business use and manage different devices. Businesses must track, secure, and update thousands of connected devices internally and across a diverse value chain.

2)      Simplify the Security Solution Landscape

Today there are literally thousands of security solution providers; as the threat landscape continues to evolve, the number of vendors continues to grow. For an enterprise to keep up with the market is a near-impossible task requiring resources that are unrealistic. Additionally, the more vendors an enterprise deploys, the greater the risk in terms of point-to-point security vulnerabilities and interoperability maintenance issues.

3)      Manage Scale

The Internet of Things (IoT) has created a scale issue where the size of the environment of endpoints, data, and threats is making the job of the CIO and CISO unmanageable. The demand for instant communications and the market’s cybersecurity skills shortage contribute to the growing scale problem.

To make the analyst’s advice reality, enterprises must find endpoint security tools that provide ways to protect the endpoint workspace, perhaps through virtualization, and enable VPN file sharing. And enterprises must also be able to find a security provider that enables security teams to defend and monitor how staff communicate via voice, text, and email, across the various devices staff want to use.

Fortunately, just a few years ago, the ability to unify the management of endpoint security across many different types of endpoints would have taken the efforts of larger security teams and considerable investments in complex security tools and log managers. Fortunately, today, thanks to cloud and machine learning, it’s possible to secure staff endpoints no matter what devices they choose.

Read the full Frost & Sullivan analyst report here.

Nigel Thompson

About Nigel Thompson

Nigel Thompson is VP Product Marketing at BlackBerry