By Gavin Reid, vice president of threat intelligence at Lancope
Like it or not, for most organisations the ‘any device world’ is the world we live in. Bring your own device (BYOD) should really be ‘brought your own device’, as business soon find out that they have little control over an employee’s own mobile technology. Companies with strict policies against BYOD have found their users pushed to using off-premise solutions, so have lost all visibility and control.
For example, organisations with sales teams that limit access to instant messaging often see those same salespeople purchasing their own private device to meet their customers’ needs. Similarly, with webmail, often employees who travel need to be able to quickly send updates and they may not have access to corporate resources; pushing them to use freely available tools. If those tools are restricted on corporate devices, personal devices are cheap and easy to obtain.
IT losing control
All of these lead to potential exposure with no visibility. When users are responsible for their own hardware and software, IT departments lose control over a number of key areas like configuration standards, purchasing power and of course, security.
What has worked well is the bartering or trade of security for functionality. Do you want corporate email? Then you have to accept this security profile that inserts a PIN and encrypts the data on your device. Do you want access to internal corporate intranets? Then the user and device has to accept a pushed down policy that proxies and encrypts that data. With both of those examples another security-for-functionality bartering point is a policy to be able to wipe the data on password fail along with remote wipe of the device.
Detect and defend
Also important is the ability to detect and defend the device. With some of the normal host-based tools unavailable, the network becomes the only place to both defend the device and also detect any attack activity.
As organisations shift from a totally managed environment, endpoint security tools must also move to good network tools like network intrusion detection, NetFlow, which is a network protocol developed by Cisco for the collection and monitoring of network traffic flow data generated by NetFlow-enabled routers and switches, and also proxy becoming a necessity to manage the security of an enterprise.
All of the on-device security tools must be replicated inline, from things like antivirus and data loss protection fall back, to using network-enabled sensors to detect and protect these endpoints.
Lastly, identification of device to owner becomes a key issue. Corporate naming standards or other typical ways of attribution won’t work on any device purchased and brought onto a corporate network. The ability to pull user data off the wire with a tool like Cisco Identity Services Engine (ISE) or combining network telemetry with Active Directory (or other user database,) becomes a hard requirement. Without good attribution, rapid incident remediation is impossible.
Lancope is a provider of network visibility and security intelligence to protect enterprises against today’s top threats.
