With the clamour for ‘Bring Your Own Device’ (BYOD) solutions increasing dramatically in the corporate workplace; IT departments are facing the dilemma of potentially unsecure personal devices connecting to the corporate network and threat of compromise to the once secure environment.
This has come about with the increased popularity of smart phone and tablet type devices which have flooded the consumer market over the last few years, though it also extends to personal laptops and other commonly used devices. Though this solves problems such as staff members not being happy with company issued hardware, it also introduces a new dynamic to the way corporate security is handled. It inherently takes control away from the IT departments.
There are many challenges in place with BYOD. Security breaches need to be avoided, data loss could bring an organisation to its knees and compliancy has never been more important. A well thought out mobile/cell strategy needs to be in place. Done correctly, organisations can adopt BYOD to increase employee efficiency while reducing network costs.
Clearly, it is not viable to simply allow an employee to connect any device to the corporate network. Ideally, devices need to be registered or ‘onboarded’ so that users can access the network in a secure manner. This process allows devices to be identified and validated in a way that IT departments can monitor and control data access for. IT needs to be able to control what applications are available to user’s personal devices. Access and security policies, which may mandate certain minimum standards for a device to be able to connect to the corporate network, need to be administrable from a single control point.
Most organisations now use virtualisation to one degree or another. This can be no less useful in securing a BYOD culture. Providing employee resources in a virtualised environment can greatly assist with the security effort. These are examples of software that allow a device to access enterprise data, applications and desktops. They support a wide range of devices, including smart phones, tablets and PCs. High strength encryption secures communication between the client and server and administrators get to configure granular access policies. Such virtualisation approaches go a long way to ensure that the introduction of malicious software into an organization is brought back to the levels of the traditional company owned PC security model.
Of course, for added layers of security, especially to help assist in avoiding data loss, there are further approaches that can be taken. Blocking USB and optical drives on a device that is connected to the corporate network can be achieved through Windows group policy objects, as well as some anti-virus applications. Alternatively, automated encryption software can be enforced. This will allow data to be copied out, but forcibly encrypts it first. Hardware encrypted USB flash drives are also widely available and are now falling in cost. The right combination of the techniques described should strike the balance between employee productivity and corporate security.
BYOD is a trend that shows no sign of letting up. The challenge for IT departments is how to efficiently and securely manage these devices in a time effective manner. Addressing the security issues involved and producing a mobile/cell strategy will enable organisations to reap the rewards of increased employee productivity, lower network costs and increased worker mobility, without the corporate security posture suffering.
To contact Nettitude's editor, please contact firstname.lastname@example.org.