The ‘BYOD problem’ can be defined as twofold. Firstly, the increase in users’ own devices accessing corporate servers is an infiltration threat. Secondly, the habit of downloading sensitive data onto insecure and frequently lost and stolen mobile devices is an exfiltration threat. An IDC survey in July 2011 (2011 Consumerisation of IT Study: Closing the Consumerisation Gap) found that 40.7% of devices used to access business applications are the users’ own devices, including home PCs, smartphones and tablets. BYOD-facilitated infiltration and exfiltration are both rapidly growing problems.
A new survey published by the Boston Research Group today suggests that 78% of IT security professionals believe that network access control (NAC) must be a major part of any BYOD security solution. “Device mobility, wireless access, personal applications and the high risk of lost or stolen handhelds creates a need for added defenses against data loss, unauthorized access and malware,” said Paul McClanahan, research analyst and partner at the Boston Research Group. The solution is seen to be extending network access control to include mobile device management, all controlled by a single central console.
This is the route proposed by ForeScout with its new ForeScout Mobile add-on to its CounterACT NAC platform. Without requiring a software agent to be installed on the remote device, the system provides data about the device, its configuration, its security posture and its user. This data can then be used by CounterACT to enforce granular control over access by mobile devices, thus reducing infiltration threats. The same principle in reverse can be used to control what data can be downloaded to the remote device, reducing the threat of unauthorized data exfiltration.
A similarly new Mobile MDM Module allows companies to integrate their existing mobile device management solutions with CounterACT. Bob Tarzey, analyst and director at research company Quocirca Ltd, explained the relevance. “ForeScout,” he told Infosecurity, “admits that its CounterACT product is not a full MDM tool, although it does support NAC for mobile devices. ForeScout Mobile extends this support, for example control of app types used from devices; but while MDM vendors in general do not provide any sort of NAC, they bring other things to the party, especially support for contract management and billing. It is to this end that ForeScout is seeking integration with MDM vendors. This underlines a general convergence of MDM with end point management and network security vendors.”