The blueprint for secure BYODBring-your-own-device (BYOD) quickly made the jump from industry trend to business imperative, and organizations are now feeling the pressure to open their networks to employee-owned devices. Unlike corporate-issued devices that are well-managed and under IT's control, this new BYOD initiative introduces a unique set of security challenges that require a balance of flexibility, visibility and security. Looking for a turnkey solution to BYOD, many organizations are turning to vendors that don't necessarily offer complete security, leaving sensitive corporate data vulnerable to attack.
In order to ensure holistic network security with a BYOD policy, organizations need to consider all parts of the BYOD ecosystem, including mobile device application development, mobile device management (MDM) and network access control (NAC):
Mobile device application development
Simply put, organizations need to make sure the apps people use on their mobile devices come from a trusted reliable source, such as an app store. While not perfect, app stores and the like are one of the safest places to download apps – you know the apps have been tested, have integrity and are of high quality. Taking this step ensures a strong building block for the rest of the blueprint.
Mobile device management (MDM)
MDM provides IT with the ability to monitor the activity of each device deployed across mobile operators, service providers and enterprises by tracking and managing the data and applications of each individual phone and/or tablet. MDM solutions can provide the following:
- Remote device management, using encryption and passwords
- Remote OS patching and/or upgrades
- Remote install or removal of applications
- Full-disk or folder-level encryption
- Remote locking or wiping of lost/stolen devices
Network access control (NAC)
NAC tracks and secures network access of all endpoint devices that try to access a corporate network. These endpoints include (but are not limited to) PCs, laptops, servers, printers, IP phones, medical devices, POS devices and in a BYOD environment, smartphones and tablets. In a BYOD environment, NAC technology can automatically identify and profile all devices and all users on a network, providing complete visibility and control. NAC can also enable IT departments to automatically differentiate between corporate and personal assets and provision network access accordingly to ensure the correct access policy is applied to each device. In a hospital setting, for example, a doctor's personal iPad may be able to access patient data, but devices used by the administration staff to check patients in and out may have limited access to the network.
In order to fully embrace BYOD, IT managers need to consider all facets of the BYOD blueprint, as successful BYOD strategies will use a combination of these technologies to enforce the overall policy. With all three technologies, devices are protected and network access is determined by device (and/or by user) based on corporate policy. IT gains a holistic view of devices and users across the network as well as the ability to automatically provision access accordingly – giving control back to IT managers and freedom of choice to employees.