Building a BYOD Ready Infrastructurepost by Chris Curran on March 20, 2012
What can the process of protecting a prized baseball card collection teach us about BYOD security? Let me explain.
A few years ago, my sons and I got hooked regularly visiting a sports collectables store. These days, collecting sports cards is not just about completing team sets or collecting your favorite players. Now, its about trying to find the rarest cards in perfect condition – sometimes these cards even have a piece of a jersey nameplate or ball leather embedded in it. If you find a really nice card, you can encase it in a plastic holder, limiting the potential to damage the cardboard. Trying to keep the cards in mint condition while letting my children enjoy them at the same time reminds me of the work we’re doing to help CIOs build BYOD-ready infrastructures.
One of the major concerns is that consumer-minded employees are going to bring more than their personal devices to work. Malware and other attack vectors can hitch a ride and wreak havoc on corporate networks, including exposing sensitive information. But resisting the infiltration is futile and unnecessary, especially when you can combine access control with new preventative measures, both on employee devices and corporate networks.
Limit, Audit and Control Access
Employees aren’t the only ones with technological innovation on their side. Through application and desktop virtualization, coupled with network segmentation, CIOs can enable the devices of workers to view the network without interacting directly with applications. Essentially, it’s like the gadgets see your network through a plastic case, similar to how my boys experience our baseball cards.
CIOs have the power to create buffers that limit, audit and control employee access to corporate data and applications and free them from the hassle of micro-managing thousands of devices. Moving lockdown and lockout controls from the desktop and laptop into the network layer makes it possible to permit any device to connect securely, as my colleagues explain in: Bring your Own Device: Agility through Consistent Delivery.
It’s about both controlling the device with MDM policy management, encryption, strong authentication, etc. and appropriately limiting network access for those devices to select services that are rolled out over time.
The bad news is that cultivating an environment that is BYOD-ready isn’t as simple as slipping baseball cards into plastic sleeves. Making the transition will require new skills from IT engineers and security teams, up-to-date network access controls and sophisticated corporate governance strategies. Delivering a secure package to an unsecured platform is a vast departure from established methods of application and data delivery (transporting an unsecured object to a secure platform) Employees will be tasked with:
- Moving access controls from the desktop into the network layer
- Segmenting network resources into repositories of service
- Using firewalls as well as intrusion detection/prevention solutions to monitor while controlling communications among silos
The two biggest problems most enterprise are addressing are BYOD itself and strong authentication along with all the security features of MDM. A firewall can help but solutions such as app portals, VPN solutions, MDM and certificate-based authentication are all needed for BYOD. The other challenge is trying to address device diversity. We need both the various configurations for iOS and Android. We may not ready to bring in ANY device, but limiting platform diversity is the trend.
Emerge with a Stronger, Simpler and Safer Network
They say whatever doesn’t kill you makes you stronger. This is the case with building a BYOD-ready infrastructure. The security strategy that we’re recommending is baked into the design, not an overlay like traditional structures. Therefore, CIOs who adopt this approach can emerge with simpler and safer networks and reap the rewards of employees managing their own devices for a change.
We’re seeing companies phase in this new approach slowly and methodically while continuing to provision desktops and laptops. How about you? Are you BYOD ready? Are you transitioning to a BYOD infrastructure? If so, what challenges are you finding? Please share your experiences in the comment box so your peers learn from you.
Many thanks to Nalneesh Gaur for the insights and ideas for this post.
Image shared by Kevin O’Connor