The BFSI industry in India is still contemplating a formal BYOD policy, given its informal prevalence, some organizations have already introduced it while ensuring the security of sensitive corporate data.
In an interaction with CIOL, Naveen Chopra, Director for Vodafone Business Services shares his insight to latest trends in BFSI industry and how the Vodafone's recently launched Secure Device Manager can accelerate BYOD phenomena.
CIOL: Why organizations in the BFSI industry have been apprehensive to allow BYOD?
Naveen Chopra: Banks and financial institutions are entrusted by billions of individuals with sensitive personal and financial information. If this data is compromised, it can jeopardize an individual's financial well-being and the institutions reputation.
BYOD promotes the use of personal devices at workplace, employees carrying unsupervised devices may expose the financial institutions IT eco-system to trojans/viruses/sniffers etc. Unless closely governed and regulated via stringent mobile device security polici
es, BYOD may pose a security threat to BFSI operations. In the absence of credible solutions to manage their device fleets BFSIs have been apprehensive to fully adopt BYOD.
CIOL: What is the security challenges being faced by the industry while implementing BYOD?
Naveen Chopra: The biggest threat to any organization is accidental data loss OR planned information theft.
With BYOD, smartphones & tablets access corporate information from the same data-centres as personal computers (PC) do.
On the one hand organizations spend heavily on PC security, on the other they mostly leave personal mobile devices unsecure; they are seldom monitored OR managed by the organization. BYOD can be a big threat; it has the potential to expose corporate data centers and information stores to cyber-attacks / data-theft.
jackpresno Thu Jan 24 at 11:38 PM
Very interesting interview, and I agree that BYOD offers big productivity gains and big security risks. Like healthcare, banks have a lot of fear from BYOD and especially with employees using thier own devices, but I think privacy concerns are still the biggest challenge for all big BYOD employer device systems. We were looking to bring in a larger MDM system for BYOD at our hospital, but the doctors (who own the hospital) felt it was to intrusive since they all wanted to use their own devices, but didn't want IT to have total control over them. Still, they wanted the ability to send HIPAA compliant patient info (mostly text messages) to admin and other doctors. We changed our stratagy and started looking for individual apps to deal with the various security issues. Example to allow for HIPAA text messaging, we got an app (Tigertext) which is HIPAA compliant, and installed it on all the doctors devices. It auto-deletes the messages after X period of time, and IT can still wipe the device if it is lost or stolen, but the doctors didn't feel it violated thier 'privacy' which made it acceptable to them.