I wrote a
piece on a pipedream called “Bring Your Own Device” back in November 2011 (http://blog.andytang.com/2011/11/embracing-bring-your-own-device-byod.html)
Like with
all new concepts, I believe my attitude has changed and mellowed as I see it
being used in the real world. I still
have a number of conversations about BYOD or CYOD (Choose Your Own Device), but
more around people still being unsure what to do.
I remember
being asked by an ex-boss, “What BYOD solutions do we sell?” to I replied “None…
We sell solutions to support BYOD policies, not BYOD Solutions!” If we consider this for a moment, your policy
could be to not allow personal devices, it could be to only to allow personal
devices on the guest wireless, or it could be full access to the corporate
network where the administrators can remote wipe your device. These are different policies, and would
require different types of solutions to enforce these policies.
Previously I
talked about network infrastructure, endpoint security, network access,
compliance and device compatibility, I don’t feel they are as important
any more. The issues I believe we need to focus on are as follows.
Wireless Security
My stance
has changed from whether the wireless network cope, to whether the wireless network
be secure enough? Can the organisation
deal with rouge access points, denial of service attacks, or unauthorised
devices connecting to your network? Most
people can’t say this about their wireless network, which in my opinion is not
good enough! There are Wireless
Intrusion Prevention Systems out there that can offer wireless access, as well
as act as an overlay to your existing wireless network.
Enterprise Mobility Management (EMM)
There was a
time when the concern was how we can wipe a device if it’s lost or if the
employee leaves. This led to an employee
pushback around it being their device and not the company’s. This is where MDM (Mobile Device Management)
was good enough, it started to get coupled with MAM (Mobile Application
Management) and more recently MCM (Mobile Content Management). This then provides comprehensive device and
data management to the mobile devices.
Protecting the Data
I only care
about the data! As an organisation, should
I worry if my employees loses their device, if the wireless connection they are
on is insecure, what type of device they are on, or whether they run any
security on their device? The answer
should be no…
My only
concern as an organisation is, is my data safe? We should be protecting the
data.
Find out
which data is critical to the organisation and protect it. There are many DLP (data leakage prevention)
solutions, but these need to be coupled with means with which the data can leave
your organisation. Primarily,
organisations will look at the web and email vectors, before considering that
ActiveSync (the protocol most mobile devices use to collect their email from
corporate email servers) is also a vector with which data can leave.
Conclusion
If you feel
you have to protect the device, then look at a full EMM solution and not just
an MDM. If you have to provide wireless,
please secure with a WIPS. Although the
key in my opinion is to protect your data!
Companies rarely make the news for losing a device, but they do if they
lose data!
No comments:
Post a Comment