Comment: Securing BYOD is More Than a One-step Process

IT managers need to consider combining technologies to create a “BYOD blueprint”, says Andrus
IT managers need to consider combining technologies to create a “BYOD blueprint”, says Andrus

Unless you’ve been hiding under a rock for the past year and a half, you’ve probably been sufficiently flogged regarding the security concerns that come with the Bring Your Own Device (BYOD) movement. It’s no longer a trend – it’s simply another reality that businesses need to deal with.

While your IT department has been busy trying to figure out how to manage and control the inordinate number of personal devices being brought into your organization, many security vendors in the market have been just as quick to pounce, claiming they have a cure for what ails you. Surprise! The cure they’re recommending just happens to be a stand-alone approach headlined by their solution.

The reality is that there is no single approach to securing BYOD in any enterprise – regardless of what the MDM or mobile security vendors might say. Find a technology trend that impacts your organization, and you can be sure that it’s closely followed by a wave of marketing FUD (fear, uncertainty, doubt). It’s not FUD to call out that the introduction of a personal device onto your network is a major security concern – but it’s playing into the FUD when vendors claim to be able to solve the entirety of the security problems through a stand-alone solution.

Securing BYOD isn’t just about being able to remote wipe devices, encrypt data or onboard new devices and provide secure access – it’s about all of these things in combination. If your organization is enacting a BYOD policy, the first step is to outline a BYOD blueprint that will secure all aspects of your network ecosystem. If you’re not sure where to start, here are three primary technologies that will help you on the path to securing BYOD in your organization: mobile device application development, mobile device management (MDM) and mobile device network access control (NAC).

Mobile Device Application Development

Simply put, organizations need to make sure the apps people use on their mobile devices come from a trusted, reliable source, such as an app store. While not perfect, app stores and the like are one of the safest places to download apps – you know the apps have been tested, have integrity and are of high quality. Taking this step ensures a strong building block to construct a secure BYOD environment.

App stores also have a reputation to maintain, and thus a strong incentive to prevent malware from creeping into their products. However, not all app stores have the same security standards. Android apps, for example, are not solely distributed through a centralized app store. Therefore, those apps distributed through other locations (like a developer’s website) are not checked for suspicious behavior at any point other than on the mobile device itself. This, among other vulnerabilities, is why it is crucial that IT has the ability to choose which devices can and cannot access corporate data.

Mobile Device Management

The MDM market has been the most aggressive, with claims that they completely solve BYOD security issues. There is no stand-alone solution that can address all aspects of BYOD – but MDM is indeed a critical part of a strong, secure approach to BYOD.

MDM provides IT with the ability to monitor the activity of each device deployed across mobile operators, service providers and enterprises by tracking and managing the data and applications of device. MDM technology is used for managing mobile devices and keeping the software running on them up to date, ensuring that mobile devices are automatically patched with the latest updates, they’re encrypted, and they can be remotely wiped of all data if a device is lost or stolen.

The MDM software also has other capabilities that are important in a BYOD setting. For example, it can be configured to disable questionable applications running on a device while it is logged in to the corporate network. It can also detect if a device has been jailbroken, or tampered with, in order to download unauthorized software.

Mobile Device Network Access Control

Even in our market, I’ve seen bold claims that NAC can solve it all. Again, NAC is an integral part of the solution, but is not the solution in and of itself. NAC tracks and secures network access of all endpoint devices that try to access a corporate network. These endpoints include (but are not limited to) PCs, laptops, servers, printers, IP phones, medical devices, POS devices and in a BYOD environment, smartphones and tablets.

In a BYOD setting, NAC technology can automatically identify and profile all devices and users on a network, providing complete visibility and control. NAC can also enable IT departments to automatically differentiate between corporate and personal assets and provision network access accordingly to ensure the correct access policy is applied to each device. In a hospital setting, for example, a doctor’s personal iPad may be able to access patient data, but devices used by the administration staff to check patients in and out may have limited access to the network.

In order to fully embrace BYOD, IT managers need to consider combining all three technologies to create a “BYOD blueprint” to enforce their organizations overall security policy. With all three technologies, devices are protected and network access is determined by device (and/or by user) based on roles and corporate policy. IT gains a holistic view of devices and users across the network and the ability to automatically provision access accordingly – giving control back to IT managers and freedom of choice to employees.

When it comes to BYOD, there is no one simple solution. The person who claims otherwise may simply be looking at how they can capitalize on BYOD, not secure it.

As chief technology officer at Bradford Networks, Frank Andrus oversees all strategic technology functions, which includes evolution of the current product line, new product and services development and setting the future corporate R&D strategy. Andrus has over 20 years of experience in developing software solutions for enterprise and telecommunication network management applications. His professional background includes assignments as a senior architect at Aprisma Management Technologies, where he designed and developed large-scale systems delivering advanced management services for multi-vendor networks. He also held senior engineering positions at Cabletron Systems and delivered secure, highly available, network management solutions, including patented automated device discovery methodologies.

What’s hot on Infosecurity Magazine?