Chuck Leaver – How To Handle BYOD

Written By Dr Al Hartmann And Presented By Chuck Leaver Ziften CEO

If you are not curious about BYOD then your users, especially your executive users, probably will be. Being the most productive with the least effort is exactly what users want. Using the simplest, fastest, most familiar and comfortable device to do their work is the main goal. Also the convenience of using one device for both their work and individual activities is preferred.

The problem is that security and ease-of-use are diametrically opposed. The IT department would usually prefer total ownership and control over all client endpoints. IT can disable admin rights and the client endpoint can be managed to a degree, such as just authorized applications being set up. Even the hardware can be restricted to a particular footprint, making it simpler for IT to secure and manage.

However the control of their devices is what BYOD advocates are rebelling against. They want to pick their hardware, apps and OS, and also have the freedom to install anything they like, whenever they like.

This is hard enough for the IT security team, but BYOD can also greatly increase the amount of devices accessing the network. Instead of a single desktop, with BYOD a user may have a desktop, laptop, cell phone and tablet. This is an attack surface gone crazy! Then there is the problem with smaller sized devices being lost or stolen or perhaps left in a bar under a cocktail napkin.

So exactly what do IT professionals do about this? The first thing to do is to develop situational awareness of “trusted” client endpoints. With its minimalist and driverless agent, Ziften can supply visibility into the applications, versions, user activity and security/ compliance software which is actually running on the endpoint. You can then restrict by enforceable policy what application, enterprise network and data interaction can be performed on all other (“untrusted”) devices.

Client endpoints will invariably have security problems develop, for example versions of applications that are vulnerable to attack, possibly hazardous procedures and disabling of endpoint security measures. With the Ziften agent you will be warned of these issues and you can then take corrective action with your existing system management tools.

Your users have to accept the truth that devices that are untrusted and too dangerous should not be used to gain access to company networks, data and apps. Client endpoints and users are the source of most malicious exploits. There is no magic with present technology that will make it possible to gain access to important corporate assets with a device which is out of control.