BYOD solution for your network - Part 2

In part 2 of my recommendation I look at bring your own device (BYOD).  I'd consider my recommendation as a simple and somewhat sane method that also addresses a fair but low friction way to enable BYOD as a corporate device.


In a recent Gartner  report, 80% of CIO's say they will  allow users to BYOD by end of 2016, making a individually owned devices a norm. This could be looked at as a risky proposition as these potentially unhygienic devices become welcome on your corporate network, and could cause havoc. On the other hand, BYOD maybe a way to save money, and increase your users satisfaction, and productivity.

I've outline six simple steps to consider when you get ready to make the plunge to bring BYOD to your world.

Step 1 -  Decide and understand your device ownership model. The two scenarios on ownership are corporate owned/managed, and user owned/managed. 
Most likely if the device is owned by a corporation it will be managed by the corporation, and users will expect the corporation to service, maintain, license, configure, and possibly monitor the device.  User expectations to freely use these devices are generally low. In this scenario the users usually will do some corporate work on the provided device, and also have their own device, they will use to do their personal computing, at home and possibly at work.
On the other end of the model, the device is user owned, maintained, configured, licensed, and operated. As a corporate user, they have access to their personal device at all times, and access to corporate data when connected to the correct service, or network. Problem with this is the device may, or may not be infected with malware, or have technical, or configuration issues that can be costly for an organization to correct.

Today the best BYOD scenario is one I'd consider in the middle. A shared ownership/management model may be subsidized by the organization, but ultimately the user owns the device. In a shared model the user would be made to  purchase a device from an 'approved' devices lists to minimize configuration issues, and provide some level of compatibility.


A shared model can reduce an organizations risk of BYOD, and maximize the user's ability to pick a device they own, and care for.

Step 2 -  Consider the use of a Mobile Device Management (MDM) tool. These tools provide a great means to ensure  the devices can be kept malware free, prevent them from being jail broken, and remotely wiped if lost. Here's two good MDM comparable I'd recommend if you're looking to introduce an MDM.

--Side note-- Since this blog's about tech and cloud, before you buy ask the vendors if THEIR solution is in the cloud?... I think it's reasonable to expect that the providers of MDM solutions embrace cloud computing for their capabilities. I think it's interesting to see many still have dedicated data centers!

Step 3 -  Invest in training and creating an acceptable BYOD use policy. The policy and training should explain the need to keep devices malware free, It should address why jailbreaking devices is not advisable, and the training and policy should address how a MDM would be used to ensure the devices stays safe from a corporate view.

Step 4 -  Require encryption, and possibly geolocation - Part of the use policy, MDM management, and selection criteria for devices would be to ensure that the device provides an encrypted storage mechanism, and a means to track the device using geolocation. On most recent handheld devices this is not a problem for instance Galaxy s III and newer, IOS 4.0 and newer, Windows phone 8 and newer provide encryption. As for geolocation - this may be controversial, as people generally don't like being tracked, but it's important to weigh the benefits. A good MDM will ensure that only when devices is on another continent to alerts your security expert.  This can address the question why did your iphone suddenly popup in Thailand?

Step 5 -  Require pin lock, and consider a banned app list. A device pin lock is a bare minimum that should be required. As for a ban list… Hmm…What to allow, and what not to allow. Here's the skinny in opinion..

Unless you absolutely have to…and I mean absolutely have to, I'd recommend you ban JAVA.. Yes based on my experience JAVA is not safe enough to run on a corporate network. Especially older version of JAVA.

Step 6 - Keep versions current and devices patched - stay on the most current version of the OS as vendors tend to send security fixes out with their updates. Keep a device up to date, and current can be a pain, but essential…. I've heard from many iPhone users complain that upgrading may bugger itunes and other apps… I'd recommend this is just too bad…tough love… Upgrades keeps devices healthy.


That's it.. 6 simple steps right?

One last recommendation I'd have is consider having a dedicated solution to do administrative tasks, and manage systems that have data classified as High.  There are several technologies, and mechanisms to consider for administrative tasks. I'll look at what it takes to enable a Secure Administrative Workstation (SAW) in a future blog.


Next recommendation I'll address Software Defined Perimeter (SDP), and Deperimiterizing of your network.



Comments

Post a Comment

Popular posts from this blog

2020 predictions

Image
2020 is coming upon us, and it's time to reflect on my 2019 predictions I made, and look forward to this coming year with another technology prediction. So let's get started - first off - a lookback to see  progress in the areas I outlined, possibly no earth shattering results, but progress.  2019 retrospective - New UX - probably not as much evolution as I would have wanted to see in this area. For now, we use windows, android, IOS, and it's pretty much the same UX as it's been for a while. IoT the simple assistant - IoT continues to be the hot area of growth. I consider this more evolution than revolution. As we see IoT based technology being embedded into more and more devices. Cloud growth advances in   astonishing speeds - This past year all three cloud providers made strides in the cloud worth noticing.  AWS entered the quantum computing market with Bracket, introduced an in-house...
Read more

Secure workstation - Root of trust to manage the cloud

Image
Two months ago I introduced the Azure secure workstation, and I’ve had the privilege to present the ideal to some great audiences. From the discussions, a common question I’ve been asked is a pattern that would provide the Secured PAW model lock down scenario to exclusively manage an Azure Portal (EG how to I assure only secured workstation, and users assigned to the program can manage my cloud services)? In this article I’ll provide the NEXT step to accomplish exactly that outcome. This includes additional configurations that I only lightly covered, or net new technology to apply since the publishing of the doc. Proposed outcome “ How do I” Use a Secured workstation (that I can trust) to manage my Azure cloud. Here’s how I would deploy the solution. First I will start by deploying the Secured Workstation model this using the secured profile. New technology, and capabilities to add: Hardware root of trust – in our solution we post the idea that you can...
Read more

What is the Security Threat Landscape in 2024?

Image
 I was working up a question that I thought would make a great blog. the question is in 2024 what is the the security threats landscape? Here's the key take aways that I considered. Proactive Mindset : Today’s threat landscape demands a proactive mindset. Organizations are moving away from reactive security measures and are instead focusing on identifying potential intrusion points and actors before an incident occurs . Cyber Threats evolving : Cyber threats are leveraging AI, exploiting vulnerabilities in mobile and cloud platforms, and targeting data breaches. The rise of connected cars has led to concerns about automotive hacking. Ransomware attacks have become more sophisticated, causing significant damage to organizations. The proliferation of IoT devices on a 5G network presents new security challenges. As systems become more integrated and automated, they also become more vulnerable to cyber threats.  Remote Work and Digitization : The rush to adapt to pandemic-inspired...
Read more