//////////////////////////////////////////////////////////////////////////
FEATURE: BYOD
access management for any device from
any location. Use profiling to create
device categories Also, as more and more employees are
blurring the lines between their professional
lives and personal lives, IT is needing to
implement Mobile Device and Application
Management solutions to control corporate
resources on mobile devices without
affecting personal data. Accurately profiled devices should be a
cornerstone of your plan when rolling out a
secure BYOD initiative. As BYOD permeates
throughout your environment, not all users
will be diligent about downloading the latest
versions of the operating system. Enterprises need to define and enforce
policies that dictate who can access
specific types of data from which devices,
with the ability to differentiate between
smartphones, tablets, laptops or IoT devices.
To be effective, enforcement must extend
across MDM/EMM, a policy management
platform and firewalls.
You’ll want to capture context that allows you
to see who is running what versions on iOS,
Android, Chrome and other operating systems. Automate and simplify
Businesses are also understanding that
policies play a big role in BYOD success and
that these policies need to be transparent.
Having parts hidden from employees can
cause the policies to backfire.
Such openness requires a rethinking
of corporate communications with its
traditional need-to-know basis. The trust that
this change can foster will in turn fuel the
productivity increases that enterprises are
hoping to get from BYOD.
As new releases become available, this data
will give you the visibility to help identify
why authentications may be failing, the
types of devices that are experiencing
issues and more.
An understanding of location can also help
determine if a problem is specific to Wi-Fi
equipment if the enterprise is operating a
multivendor environment.
Manage mobile app use
Automation is essential for both initial
onboarding and to take action on
non-compliant devices (for example,
quarantining them until they are compliant).
MDM/EMM solutions should share device
posture with a NAC solution to ensure that
devices meet compliance before being
given access. Integrating with helpdesk
applications and SIEM can provide an
enhanced experience for the user and IT for
improved problem resolution.
Security for BYOD
Use context within policies
Security for Bring Your Own Device (BYOD)
and mobile must now be part of a larger
conversation when securing the network for
the new digital workplace. Based on existing
customers’ best practices, here we outline
three things you can do to boost network
security amid BYOD. It’s important to leverage multiple sources of
context to manage access. Data can consist
of user role, device profiling, location, and
once a certificate is issued to a specific user’s
device, the assumption is that it’s a BYOD.
Assign roles to users
and devices Doing this greatly enhances productivity,
usability and security. By enabling the use of
known data you can stop users from coming
up with ways to bypass policies.
With users carrying multiple devices, it’s
smart to standardise on user roles across the
organisation and then assign device roles
too. A smartphone issued by IT for a specific
purpose may require more access privileges
than a personal device.
IT-issued laptops would have different roles
than smartphones and tablets. The value is
your ability to create different rules for each
device type or role.
User and device roles also let you
differentiate privileges by device type for
the same user. An IT administrator would
be allowed to change switch and controller
configurations with a laptop assigned
a corporate role. But, that same person
would not be able to access sensitive
networking equipment using a tablet
assigned a BYOD role.
www.intelligentcio.com
The use of device categories should also
be explored. The idea is to again leverage
context to enforce privileges across a large
category of devices. All BYOD endpoints
connecting over a VPN can be treated
differently than when connecting in the
office. Printers can be managed differently
than game consoles or Apple TVs.
By automating the discovery and
onboarding of non-compliant devices, you
can reduce costs and improve your security
posture. This also allows users to re-onboard
their own devices when smartphones and
tablets are replaced, which also reduces the
time IT has to spend on device onboarding.
Go with certificates; they’re
more secure than passwords
Users will connect to guest networks more
frequently leaving passwords exposed to
theft, which makes certificates a cornerstone
of a secure mobile device deployment. As
the use of active directory and an internal
PKI for BYOD is not a best practice, an
independent Certificate Authority (CA) built
to support personal devices is preferred. A
policy management solution that includes
the ability to distribute and update, as well
IT NEEDS TO ESTABLISH POLICIES ON
WHAT TYPE OF INFORMATION CAN BE
ALLOWED ON AN EMPLOYEE’S DEVICE.
INTELLIGENTCIO
59