Feeling pressure to implement a BYOD (bring your own device) strategy? Start getting ready because BYOD is inevitable, writes Rory Higgins is co-founder and EVP Marketing at Mancala Networks. But don’t pull the trigger on that shiny new miracle solution before you’ve covered the basics and know that it is right for you.
Chief information officers (CIOs) are under increasing pressure from the business to support BYOD initiatives. The reality for the vast majority of IT groups is that they need to play catch up as 20 to 50 per cent additional devices that aren’t known nor controlled in the enterprise management systems are already present on the network – BYOD is already here, we’ve just chosen to collectively close our eyes. Make sure you’ve covered the basics in order to optimize your security investments.
What not to do
I’ve seen several reactions of enterprises to BYOD, the most common being outright denial. The IT group points to the fact that there are written policies against using unapproved devices on the network and that they’ve only received a couple of requests to configure an iPhone via the helpdesk. The reality is that it doesn’t take end users long to figure out that the same credentials they use to log in to their workstation, also work on their iPhone and they simply don’t ask.
Other organisations have leveraged access control solutions to lock down all ports using 802.1X and MAC address authentication. Without the right tools, this is a costly, time-consuming proposition and, while it meets the requirement of increasing security, it sacrifices the real benefits BYOD brings in terms of end user satisfaction and potential cost savings.
Both of these options suffer from the same shortcomings – turning otherwise trusted employees into “attackers” for finding creative ways of bypassing controls in order to do their jobs and not providing any means for IT to know that the controls have been bypassed.
Make BYOD work for you
Migrate to a continuous network monitoring and control architecture that enables you to easily detect new employee owned devices as they initially connect to the network. This enables you to guide them through the configuration process including for network connectivity, Mobile Device Management (MDM) enrollment, and acceptance of the corporate terms of use. It ensures that your controls cannot be bypassed (manual configuration or compromised MDM agents), but also that they don’t constitute a barrier to employee productivity. A continuous network monitoring and control architecture may be achieved by integrating next generation network access control solutions with MDM solutions as well as existing IT infrastructure such as vulnerability assessment and asset management tools so as to ensure that devices don’t escape controls. Whichever solution is selected, it should provide flexible deployment options, easy integration into the enterprise architecture, and complete, real-time visibility of all networked devices as well as advanced correlation and policy capabilities.
The foundation
– Get all stakeholders involved and agree to scope of BYOD within your organization including acceptable risks, tradeoffs, support policies, HR and privacy policies.
– Implement a continuous network monitoring and control architecture. This will allow you to make managing network level controls easier (802.1X, MAC authentication, role based access controls) and to leverage the real-time network monitoring information to optimize existing security and management infrastructure (vulnerability assessment, CMDB, NCCM).
Know what is on your network, and act on it!
The next steps
– Select and implement a MDM solution that provides advanced, multi OS control capabilities including remote wipe, encryption and corporate data sandboxing capabilities.
– Integrate existing technologies (vulnerability assessment, CMDB, etc.) with your continuous network monitoring and control solution to provide 100% compliance 100% of the time.
– Implement periodic policy reviews, security audits and, perhaps most importantly, get feedback from end-users to make sure you are reaching the goals you’ve set out.
The net-net
The jury is still out as to whether BYOD will deliver all of the anticipated cost reductions by transferring the upfront purchase cost of endpoint devices to employees, as it is difficult to model exactly the impact it will have on things like IT support. What is clear is that IT departments can no longer ensure improved employee productivity by providing standardized corporate owned devices and they can’t just continue to ignore the problem. Their employees have already purchased (and connected) their own personal device that is faster and more intuitive to the way they work. At a minimum, BYOD will force us to re-think the assumptions we’ve made about the trust model at the core of our enterprise LAN architecture and move to an architecture that supports real-time monitoring and control.
Mancala Networks is exhibiting at Infosecurity Europe 2012 (stand C83), For further information – visit www.infosec.co.uk.
