Is Wireless Really Worth the Risk?
+ read more
The security concerns around BYOD stem from the fact that employees are bringing unmanaged devices into the corporate environment. Often the organisation has no knowledge or visibility as to where BYOD devices have been.
A device that has been compromised in some manner may lead to the compromise of the entire corporate infrastructure. Targeting and compromising an unmanaged and unpatched BYOD device in a coffee shop may prove easier and less time consuming than scanning and attacking the organisations external infrastructure in order to gain a foothold on the network.
BYOD devices will often not be subject to corporate security policies in the same way as company issued devices. This can result in devices running outdated software with known security vulnerabilities as the responsibility for maintaining the security of the devices is shifted from the organisation to the device owners.
One of the most effective methods of implementing and maintaining a secure BYOD policy is to require employees to register their device with a corporate Mobile Device Management (MDM) solution that provides access to the corporate network and internal services via network authentication.
This will allow the organisation to enforce an MDM policy on the BYOD devices, while allowing the device access to specific corporate resources. MDM can often be configured to allow the user to unenrol, should they no longer wish to participate in the BYOD program. A correctly configured MDM solution will remove any corporate data from the device upon unenrolment.
BYOD programs should always be implemented with caution. Appropriate steps should be taken in order to segregate BYOD devices from other devices on the network, especially those that hold sensitive data or perform critical operations.
The safest approach would be to provide the devices with an independent network that is separated from other devices in the corporate infrastructure. It is also advisable the BYOD devices are monitored in order to detect any threats to the network originating from unmanaged devices.