We’re constantly warned of the dangers of allowing user-owned computing devices onto the company network. But what are the real issues with BYOD (Bring Your Own Device) – is it really any different from managing Windows notebooks?
The ready availability of powerful mobile computing devices is having a profound impact on the IT landscape, prompting employees to reach for their familiar smartphones and tablets at work rather than a company-supplied Windows laptop or desktop PC. Some see this as a problem to be grappled with, others as an opportunity which, if managed properly, will encourage staff to make better use of expensive IT resources at work.
The following are the most common concerns raised regarding BYOD and ways of addressing them without the need for costly new management and security tools.
“Mobile devices are hard to spot, how do we stop them being used to access sensitive information?”
Like Windows notebooks, smartphones and tablets have a unique MAC address and an individual IP address, enabling them to be managed using existing device and user controls. So, for example, if company policy requires users to be domain members in order to access specific applications and data, those rules can be applied whether using a PC or mobile device.
TIP – Wireless access points can be configured to simply block connections from devices with unknown MAC addresses. Alternatively, VLAN technology in switches and routers can restrict unknown devices, whether smartphones, tablets or Windows computers, to Internet access only.
“By allowing users to connect their own devices to the network aren’t we at greater risk of viruses and malware?”
If anything, user-owned Android and iOS powered devices are less susceptible than Windows computers to viruses. There is still a risk from social engineering and infected downloads, but many of the existing security measures used to combat the spread of infection on company-owned computers can be applied equally to smartphones and tablets belonging to users.
TIP – Build a portal to authenticate mobile users and restrict visitors to a “guest” network with limited access to company servers and applications using VLAN and other segmentation technology found in managed and, more affordable, smart switches.
“How do we stop sensitive data falling into the wrong hands if user-owned devices are lost or stolen?”
Existing controls on what can be downloaded can, again, be applied here and the issue further minimised by controlling the way in which users interact with business-critical applications. Rather than a browser for example, it is better to restrict access to custom apps which not only fit the device format better but can also apply policy restrictions when downloading data.
TIP – Use controls in Exchange and other shared applications to remotely wipe data from mobile devices identified as lost or stolen. Most vendors of Windows desktop management products also include mobile security tools in their products and there are lots of downloadable apps that can help deal with lost or stolen devices.
“Our current infrastructure simply isn’t geared up to mobile access of any kind, shouldn’t we just ban it and carry on as we are?”
According to Gartner, by 2016 over 40% of the workforce will be mobile and 60% will own a smartphone or tablet, so a ban will merely put off having to deal with the inevitable. If your systems can’t be upgraded to cope with BYOD look at making use of public or private cloud services to support mobile devices and their users.
TIP – Start small, for example, by allowing users to access email and shared calendars on their handheld devices rather than going all-out for more extensive integration with business-critical applications from the get-go.
The bottom line on BYOD
Coping with BYOD can be as difficult or as easy as you make it – a challenge to be dealt with, or an opportunity waiting to be exploited. Either way it needs to be addressed and, at the very least, a proper policy on user-owned devices drawn published so that everyone knows what their rights and, more importantly, their responsibilities are.