Defense Strategy for BYOD Networks

By Jack Giardina on January 19, 2018

 

BYOD banner
Source: Xyfon Managed IT

  Bring your own device (BYOD) is a trend that has grown increasingly common over the past several years among companies both big and small.   It allows employees to utilize their personal devices in the workplace by connecting them to the internal network, access key files from practically anywhere in the world, and most notably it can be a security professional’s worst nightmare.  In contrast, when a company distributes all equipment with access to internal company data it maintains the ability to control the respective security posture of each individual device.  This measure of control doesn’t provide absolute protection to the network, but it does allow for the mitigation of significant risk with new vulnerabilities being discovered every day.  The unfortunate tradeoff for this control is that significant productive versatility is sacrificed.  Company devices often end up quickly dated, and the ability to perform work on a flexible schedule is an advantage that many companies simply can’t afford to lose.  As people grow more attached to their personal devices of choice, BYOD has already begun to evolve from a trend to an expectation in many industries.  This pattern is predictable, but it places a significant strain on anyone tasked with securing a company network.  Effective security is simply not possible if administrators are not able to keep track of what devices are connected to their networks at all times.  To defend against the ever growing cyber threat and satisfy the demands of work life balance, improved security procedures and management of mobile devices must be emphasized.

   When dealing with networks that employ a BYOD policy, several steps can be taken to mitigate risk:

  • Mobile device hardening (done by individuals)
    • Enable device locks and enforce encryption.
    • Keep devices patched and updated (updates generally resolve known security risks).
    • Configure devices to “ask to join networks”.
    • Never allow webpages to save logins and passwords.
    • Never store passwords on a device.
    • Disable wifi and bluetooth features when they are not in use.
  • Mobile device management (MDM)
    • This framework allows for devices connecting to private networks to be managed efficiently and offers improved levels of security.  Devices can actively be inventoried, controlled, and monitored.  By enforcing a security policy that requires device registration and utilizing MDM: personal phones, laptops, and tablets can be kept in compliance with company standards in real time.
    • Notable professional grade MDM solutions:
      • VMware Airwatch
      • Citrix Xenmobile
      • Microsoft Intune
    • Open Source and free MDM solutions:
      • Apple Configurator
      • Miradore
      • WSO2
  • Employee education and training
    • Educate employees on the potential hazards of possessing an overly vulnerable device.
    • Caution against downloading applications from third party vendors, particularly on android devices.
    • Instruct employees to treat their devices much in the same way they would a passport, or social security card.
    • Encourage device hardening and the practice of good security habits.
    • Promote the use of two-factor authentication (RSA SecurID, SMS, etc.)

     While there is no perfect solution to securing a BYOD network, these steps are a good start.  Accounting for what devices are connected to your network at all times, educating employees on best practices, and encouraging the hardening of personal devices will all significantly lower a networks attack surface.  As technology continues to intertwine itself with every aspect of our lives, we must alter our mindset in order to stay current and safe.

 

Sources:

SANS Institute, BYOD Security Implementation for Small Organizations

Xyfon, Is BYOD Right for You?