Charles Leaver – If Your Users Want BYOD Then Minimize The Security Risks

Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO

If you are not curious about BYOD then your users, specifically your executive users, most likely will be. Being the most efficient with the least effort is what users desire. Using the most convenient, fastest, most familiar and comfortable device to do their work is the main aim. Also the convenience of using one device for both their work and individual activities is desired.

The issue is that security and ease-of-use are diametrically opposed. The IT department would usually choose complete ownership and control over all client endpoints. IT can disable admin rights and the client endpoint can be managed to a degree, such as just authorized applications being set up. Even the hardware can be limited to a particular footprint, making it much easier for IT to protect and control.

However the control of their devices is exactly what BYOD proponents are rebelling against. They want to pick their hardware, apps and OS, and also have the flexibility to install anything they like, whenever they like.

This is challenging enough for the IT security group, but BYOD can likewise greatly increase the quantity of devices accessing the network. Instead of a single desktop, with BYOD a user might have a desktop, laptop computer, mobile phone and tablet. This is an attack surface gone crazy! Then there is the issue with smaller devices being lost or stolen and even left in a bar under a cocktail napkin.

So exactly what do IT specialists do about this? The first thing to do is to establish situational awareness of “trusted” client endpoints. With its minimalist and driverless agent, Ziften can offer visibility into the applications, versions, user activity and security/ compliance software which is actually running on the endpoint. You can then restrict by enforceable policy what application, enterprise network and data interaction can be performed on all other (“untrusted”) devices.

Client endpoints will usually have security issues develop, like versions of applications that are vulnerable to attack, potentially harmful processes and disabling of endpoint security procedures. With the Ziften agent you will be informed of these issues and you can then take restorative action with your existing system management tools.

Your users have to accept the reality that devices that are untrusted and too dangerous must not be used to access organization networks, data and apps. Client endpoints and users are the source of the majority of malicious exploits. There is no magic with current technology that will make it possible to gain access to important business assets with a device which is out of control.