BYOD is no more dangerous than company-issued hardware

Network system security essential to successful BYOD
Author:
Publish date:
1-networking-3-1564500.jpg

Bring your own device (BYOD) is no more of a risk to network security than company-issued hardware, says Hypersocket CEO Lee Painter.

BYOD schemes have exploded in popularity as businesses look to cut costs but the nature of persoanl devices has lead to concerns about network security.

Painter says: "We're all familiar with BYOD dangers: data breaches exploited because of a lack of proper security protocols and encryption on devices or missed operating system updates; data leakage as a result of device software not being regularly updated; malware on the device finding its way onto the corporate network."

He however states that personal devices should pose no greater danger than company-issued hardware so long as companies follow this one rule: "focus your major efforts on securing the core of your system first, your network, and then work outwards with access control, authentication control and finally device control".

There are four steps identified by Painter that will ensure parity in security across company-issued hardware and devices owned by employees: 

1 – Create a structured network segmentation strategy

"A tiered networking structure might include a public network, a private intranet network and a network for secure limited access. This allows public and unauthorised devices to have access to the internet through the public network, while authorised devices have secure networks and for that, devices must meet your BYOD standards. The secure network should be super-tight, IP-restricted, user-limited, and behind a VPN."

2 – Limit access to systems through a single point and apply fine-grained access controls

"If access is always through a central point you can add role-based access to limit who has right to use to which systems and information. It's important to work on the principle of least privilege here to ensure employees only have access to the services they really need. If you can restrict by profile, you can also control who has access to what when in the office network and when outside, allowing restrictions on certain fileshares or applications to within the office network only for easier auditing, monitoring and to control data leakage.

"At the very least organisations need to have a level of visibility so every item can be traced, and every user accessing for example, copyrighted data, is audited and monitored."

3 – Increase authentication to corporate resources

"Introducing identity and access management (IAM) and single sign-on (SSO) technology means that regardless of how your network and data is being accessed, you know it's being accessed securely through correct identity mapping, correct access assignments and robust authentication flows. Enterprise IAM solutions can even provide real-time, continuous risk analysis on users, detailing who has access to what, who has access to privileged resources, their activity and summarising their behaviour and access rights with a risk
score per user.

"Software like SSO helps separate user from device, so no matter what device they upgrade to, they must still go through strict SSO authentication. Embracing more trust-based authentication technology like security assertion markup language (SAML), which allows secure web domains to exchange user authentication and authorisation data, means there is no password to steal either should a device be stolen."

4 – Manage your devices

"With the network itself under control through IAM, segmented networks, VPN access and fine-grained access, managing the actual end-user device is next. This is where technology like master data management (MDM) comes into play. From managing what is installed on these devices, what can continue to be installed, to auditing and monitoring their use and locking down and disabling stolen devices, MDM is a vital piece of the jigsaw for effective BYOD. It can also be used to ensure that devices remain patched and up to date, reducing malware infecting the network."

Painter believes that by "concentrating on network-based solutions and technologies, backed up with stringent security policies" the risks of BYOD can be minimised. With the rise of Internet of Things (IOT) tech in the work place and an ever growing number of connected devices into corporate systems, system administrators will need to ensure that their networks are more secure than ever going forward. 

Related