BYOD seems to be one of the hottest topics in IT security right now. Every day I read about new concerns which can arise when employees access networks with their own devices. From what I experience the adoption of BYOD is on the increase.
We need to look at ways of securing mobile devices and educating users on best practices for using them. It can be very challenging implementing policies which ban the devices completely; someone somewhere will have a very compelling need for using mobile devices when they are out of the office. A properly secured mobile device can become a very useful business tool.
New technologies have also come online which promise to do everything from detecting to blocking mobile devices on your network. There are two main things to focus on for BYOD. Firstly you need to be aware of what devices are connecting to your network and secondly you need to understand what they are been used for. A number of vendors have developed products that claim to be able to detect mobile devices on your network. If you are considering getting something in this space, I would recommend that you check if the solution can also report on what data is been copied to these devices.
You then need to understand why mobile devices are used in the first place. For most people it means the ability to access their work email when they are away from the office. For others it means the ability to access ERP and customer management systems. It is important to check if the mobile applications store any local data.
One of the biggest problems with BYOD is what happens when the devices leave your network. A device that is loaded with company data and emails is very dangerous if it were to fall into the wrong hands. Most mobile devices come with basic security features like password and gesture locks. However most people do not enable these and when they do they use very weak passwords and typing in long passwords on a small screen is time consuming. The inbuilt security features of mobile devices should also be treated with caution as bugs and flaws can be found with them. An example of this was a bug with the way a smart cover could be used to unlock an iPad 2 when running certain versions of the Apple iOS.
You also have the problem of what becomes of the data on mobile devices when an employee leaves their job. In the past you handed back your laptop and your logon account was disabled when you moved on to another job. I don't think it will be well received when you ask an employee to hand over their smart devices so that they can be erased.
If you are going to allow BYOD on your network, the task of educating employees on best practices for securing their devices should be a top priority. Complex passwords to unlock devices should be mandatory and try to spot check if users are adhering to this policy. If you have to give users access to business applications, try and use web portals as much as possible. Web portals avoid the need to store local copies of data on mobile devices. You should try and ensure that once a user disconnects from your network no company data remains on their device. A mobile device should be a window for looking in on your work, not a local copy of your work.
BYOD (Bring Your Own Device) is definitely a hot topic and a big security concern. Users want to link up their personal devices to their companies network so that they can gain access to company resources such as shared folders and email. This has definitely become more of a necessity with the use of smartphones. A good way to control devices and what they get access to is to present them with a login screen where they can either login as a guest where get limited or internet only access, or login with their user credentials give them their standard level of access they normally would get at their desk. Now although I agree that it is definitely a concern if users are saving sensitive data to their devices, but I'm not sure how it's any different than using your company's VPN. For years, we have allowed users to login in from home using the VPN but there was never mention of security concerns. All in all, BYOD software is a good way to monitor and control who gets what type of access.
No comments:
Post a Comment