Network security in the BYOD era

Mobile device management and restrictions on some device operating systems needed say experts

The bring your own device (BYOD) phenomenon may be consumer-led, it may be tempting to also pass along network and data security onto employees, but doing so would lull you into a false sense of security.

If anything, BYOD means that IT departments should be more vigilant than ever in making sure their security policies are up to date and can handle tens of even hundreds of devices out in the wild beyond the confines of the corporate network.

A good place to start for making sure that BYO devices are secure, Gartner US research director, Lawrence Orans, argues, is to take a three-pronged approach which breaks secuity down into three layers: the device, the data and protecting the network.

On the device side, Orans warns that some devices may be inherently more secure than others, and as a result, to tailor BYOD policies which recognise this.

“The company may have a policy where you can bring in some brands of personal devices but not others,” he says. "For example, some organisations allow iPhones and iPads but not devices that run on the Android operating system because of Android’s open development platform which makes the phone more vulnerable to attacks.”

Orans adds that enterprises should use the network as their security gatekeeper to make sure that employees are playing by the rules.

For example, some companies allow employees to use their own iPhone on the network as long as it is running the corporate supported mobile device management agent.

“Having an MDM agent installed means that if the phone is lost or stolen it can be wiped remotely,” he says.

However, according to Websense Australia and New Zealand country manager, Gerry Tucker, having an MDM and wiping devices is “not enough” because mobile devices are still subject to threats accessing Web and email content.

“While an MDM offering gives you device controls it does not protect against phishing attacks, malware, malicious apps, or data theft and loss,” he says. “Email and Web lures still apply, plus redirects to free gifts, surveys, fake app pages, and credential-collecting scams."

According to Tucker, IT executives should install a solution which combines device management with real-time protection from data loss, dynamic web threats, mobile malware, and malicious mobile apps.

Data security

Gartner’s Orans says that IT executives can secure the data using virtualized desktop infrastructure [VDI] and a hosted virtual desktop.

“You can better protect the data because you are only seeing the virtual image on your device,” he says. According to Websense’s Tucker, businesses should remain focused on the most important objective--ensuring adequate protection of mobile data--while balancing the needs of users.

“IT executives should favour offerings that deliver a high degree of administrative efficiency and low total cost of ownership [TCO] based on their capacity for consolidation and incorporation of enterprise-class features, such as centralised management, directory integration, and robust reporting,” he says.

In addition, a Cloud security service would also ensure that enterprises can have security available anytime anywhere, preventing confidential data loss on iPads, iPhones, Android, and other mobile devices.

Network protection

Gartner’s Orans warns that if a device with incorrect configuration is allowed on the network then it could impact the network’s stability.

“Another issue is that IT organisations are concerned about losing control on the network and they want to know what is on the network,” he says. “Four years ago it was much easier to control the network but it’s wide open now because of the proliferation of devices.”

According to Tucker, a BYOD network security strategy should include the following features:

  • Unified content analysis that integrates Web, email, and data security to stop advanced, targeted, and blended attacks.

  • Enterprise-class data loss prevention (DLP) for email that guards both incoming and outgoing communications.

  • Flexible, dual policy management that supports separate policies for corporate devices and personal devices.

  • Protection from malicious apps, helping to keep the device and data safe from emerging mobile app threats.

  • Simplified, single-console management and detailed reporting-- reducing cost and complexities-- and giving time back to IT to focus on other projects.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

More about DLPetworkGartnerLPTCOWebsense

5 Comments

Yiddish

1

It refers to employees who bring their own computing devices to the workplace.

AntonyRocky

2

A good place to start for making sure that BYO devices are secure, Gartner US research director, Lawrence Orans, argues, is to take a three-pronged approach which breaks secuity down into three layers: the device, the data and protecting the network.

Eric

3

Good points! Thanks for the share!

Jack Marsal

4

What this article alludes to but does not mention directly is that Gartner recommends Network Access Control as a foundational technology for securing BYOD. Without NAC, you'll have no way of identifying unmanaged devices and limiting their access to your network. MDM systems are great but they only work with known. managed devices.That's where NAC comes in. A NAC system can flag an unmanaged device and enable IT to determine what to do - provide limited access, force the user to download an MDM agent before granting it network access, etc. For more on Garnter's take on NAC for BYOD, check out http://www.networkworld.com/news/2012/050812-byod-nac-258934.html.

John Harrington

5

@Jack Marsal, I encourage you and others to check out a recent webinar held by Fiberlink and Forescout: Embracing BYOD with MDM and NAC.

The on-demand version can be found here: http://bit.ly/mdmAndNac

Comments are now closed

TechEd: Developing for Internet of Things is 'cheap as chips'

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]