Subscribe to the Newsletter

Your email:

Follow us on:

Latest Posts

Current Articles | RSS Feed RSS Feed

Is BYOD a legitimate strategy or a network security nightmare?

Posted by Jeremy D'Hoinne on Tue, Dec 06, 2011 @ 05:00 AM
  
  
  
  

Mobile Devices

Why a "Bring Your Own Device" approach to mobile access security may not be such a bad idea.

When you ask Chief Security Officers for their nightmare scenario, they invariably mention either a network outage or an intrusion. For years, the enemies were known and relatively limited in number, but today we live in one open network, threats are more diverse, and the old “Maginot line” strategy is outdated. Times have changed, haven’t they? Well if you put yourself  in the shoes of an enterprise network security professional, limiting access to internal resources might still be your holy grail. Unfortunately though, you now have more than just the one perimeter to deal with; you are now in charge of dozens, hundreds, maybe thousands of small and mobile networks: your users.

The rise of mobile devices in Europe

In Europe, over the last decade, we’ve seen an incredible adoption rate of high throughput networks and mobile devices. It started at home, with affordable DSL Internet access, where competition between ISPs has forced prices ever lower, while available bandwidth has increased by orders of magnitude. In France today, for example, €30 ($44) a month can buy you up to 100Mb/s.

This abundance has set an appetite for technology. European countries are right behind the US in terms of consumer mobile phone adoption and tablet usage, but as always, the enterprise market has moved at a slower pace. One reason for this is that for a while, the big European ISPs maintained high prices for enterprise connectivity, in a desperate attempt to finance the huge infrastructure costs required by the Internet’s mass adoption.

Combined with the late awareness of network security threats, Europe has directly switched from isolated networks to massive numbers of mobile users. Yet Europeans still lack the necessary, proven tactics to adopt these new tools without putting their business at risk.

Bringing your home to work?

So, while the difference between home and office equipment is still significant, employees will bring their home devices to work. They use their personal computer on the enterprise network, mainly because it is unlocked, and might even embed software dedicated to avoid the company’s web filtering policy.

This issue is not really new, but it is overwhelming. For years, preventing unauthorized access to individual devices has been enough of a challenge: blocking USBports, CD-ROMs, unwanted network file transfers, preventing the antivirus being switched-off, etc. The list is almost as endless as the imagination and ingenuity of a user intent on winning that all-important e-bay® auction bid.

Lock down?

What can we do? The most obvious and - let’s admit it - “comfortable” - solution is to come back to the Maginot line tactics. It is a common, and valid, security policy to admit only company devices and to block access from everything else. The only problem with this is that it doesn’t work! There are just too many device changes and too many requests for remote access. How can you say “no” to your VP of sales who demands you give him access to his “damned e-mails” while traveling overseas? You can’t. He is an Apple fan and doesn’t want your obsolete 3GS for which you’ve negotiated a good deal? It seems that your security policy is in trouble right away.

Responsible opening

The reality is that IT professionals don’t have a choice; they can fight the wave and lose, or try to surf it. Application-level security policy should replace device-based access-lists - whatever the device is - personal or corporate. Despite what some security vendors may tell you, this does not mean you have to forget the devices completely. You just need to have the ability to recognize it and apply different security profiles accordingly. Technology can help. A unified security gateway should be able to manage local and remote access, automatically identify the applications and devices in use, and apply different security inspection strategies based on this information.

Tracking the different usages and automatically adapting your security policy gives you an all-important advantage over a simple blocking strategy: you know what’s happening. This enables you to act on the most important link in the overall security chain: your users.

 Photo courtesy of Niels Heidenreich

Jeremy D’Hoinne

Director of Product, NETASQ

Tags: , , , , , , , , , , , ,

Comments

We are already working on combining BYOD with the NETASQ firewall. Till now it's only possible to protect the phones/tablets with special software for when the devices are stolen/lost. For this reasen we have chosen for company devices which users can take home and limiting acces to our own network but enabling the users to transfer files to the devices. 
 
What we would like is a way that users can connect to our authorisation page and then choosing a RDP session to a terminal server. This is the way users can acces files with a laptop. The problem at the moment is that there is no support for Java extenders in iOS or Android so users can't use a tablet for remote access. This is something which we really would like to implement. Are you thinking of changing the way devices can connect through a authentication website or using a special app? We have a preference for tablets because of the ability to use this with more than 1 user at a time.
Posted @ Thursday, January 05, 2012 7:56 AM by Paul Germanus
Comments have been closed for this article.