The new debate with BYOD (Bring Your Own Device)
The default Blackberry days for the executives have now evolved to employee owned smart phones and tablets that they use for both personal and business reasons (The acronym for this phenomenon being BYOD – Bring Your Own Device). Allowing employees, guests, contractors and fieldworkers to work anytime, from anywhere, no doubt contributes to the increased productivity in the business world. But, have the industry’s security solutions and best practices scaled as much? With cloud services available on every smartphone and with the recent security fiascos niggling the mind ( say DropBox, iCloud) , the new debate is productivity vs security in the context of BYOD.
The BYOD paradigm is a reality that is set to grow. Businesses better look for comprehensive security solutions if they want to enjoy the productivity boost brought about by this change. The three layered approach to achieve it.
- Data/Traffic management
- Unified Firewall solution
- Enterprise device management
Secure Remote Access
Deploying a centralized SSL VPN solution is the first line of defense – arguably the most reliable way to secure web based access to corporate networks. This solution encrypts all traffic leaving a device that terminate in the web or your corporate firewall. Also, this solution is device and OS agnostic, which helps in bringing down IT overheads.
Unified Firewall solution
Traditional firewall policies were framed by ports and protocols. Today, that is not enough. There is a need to take into account the variety of smart devices in the market. The next generation firewall solutions offer services that are granular enough to manage these needs.
Authentication & Authorization
When the traffic from a VPN client terminates at your corporate firewall, the firewall solution should forward requests from only those devices that are authenticated.
You should also be able to authorize users to access or not access certain applications on the web or to be even more specific, what features they can use. For eg, employees can be allowed to access Facebook but restricted from using chat because they may open links that are malicious.
Your solution should have the ability to vary access levels based on user profiles. For example, you may want to allow only your senior executives to access the company’s sales data and not your engineers.
To protect network resources, you should constantly scan your end points to check if they have the right levels of security patches as dictated by the company’s security policy. If they don’t, you should be able to quarantine the user or device to a network where they are first required to download the necessary patches before they get on the corporate network.
Enterprise device management
Device management is the lowest of the three security layers. The function at this point is to separate the corporate data from the personal data. Thus it completes the loop by providing the extra level of security through its intended functional redundancy. But as a standalone solution, it is not fool proof because device management techniques are far less reliable than data management techniques.