VPNs and Common-Sense Policies Make BYOD Safer

Monday, April 15, 2013

Patrick Oliver Graf

E595c1d49bf4a26f8e14ce59812af80e

Mobility and bring-your-own-device (BYOD) programs have become staples of today’s workforce. For employees, the ability to use their own personal smartphones, tablets and laptops provides a measure of comfort and convenience. For their employers, it can reduce IT hardware costs and increase productivity by allowing individuals to use devices familiar to them. It’s a win-win.

BYOD also has the added bonus of enabling companies to build custom mobile applications designed for specific business tasks. However, one drawback is that each mobile operating system comes with its own architecture and security concerns. Any company that embraces BYOD and mobile technologies must account for the different platforms its employees use to complete work-related functions.

Aligning Consumer Desires and Business Needs

Most of the personal devices people bring into the workplace are designed and marketed with consumers in mind, not businesses. So how do you reconcile the consumer desires of convenience and style with the functionality and security businesses require?

The goal is to allow authorized users to access and transmit sensitive data by way of a secure tunnel that unauthorized third parties cannot intercept. VPNs do exactly that. However, not all VPNs are alike. IT administrators benefit greatly from versatile solutions that enable them to manage VPN security settings on the various end devices used by their workforces. This offers the flexibility needed to address specific issues that require technical support, and roll out patches on whatever scale may be needed, whether it’s for one device or 100. It also makes it easier to offer support to individual employees who encounter any IT-related problems on their mobile devices.

The best VPNs will also provide additional security features, such as a personal dynamic firewallthat automatically adapts security settings to any network environment. This ensures that otherwise vulnerable remote access points, like public Wi-Fi networks, can be used without compromising the company network.  

Security is Never Foolproof

Letting employees use their personal mobile devices for work certainly has its benefits, but as we have shown, there are also security considerations that should not be ignored. VPNs are a big part of the solution, but not the whole answer. They need to be incorporated into company-wide BYOD policies that govern how, where and when sensitive information is accessed.

If a hacker infiltrates an employee’s tablet or smartphone, for example, they could gain access to the secure VPN tunnel and walk right through the virtual front doors. From there, they could do untold amounts of damage.

With this in mind, here are a few tips that every organization should follow when designing BYOD policies:

  • Compile a list of devices that are authorized to be used for work-related functions. This list should be based on the most up-to-date information on device security settings and flaws, and employees should only be able to access the corporate network using devices from this list.
  • Compile a list of operating systems that employees are allowed to use when accessing company IT assets. This should include the various versions of each operating system, as they are regularly updated.
  • Restrict the downloading of specific applications known to contain malware, insufficient security protocols or other vulnerabilities.
  • Require all data stored on a mobile device’s internal memory to be encrypted in the event that it is lost or stolen.
  • Deploy mobile device management (MDM) solutions that allow IT departments to roll out security updates and patches, configure security settings and initiate remote data wipes in case a device is lost or stolen.

By combining these steps with a robust VPN solution, companies and their employees can enjoy the convenience, productivity and cost-savings of BYOD without placing critical data at risk.

Possibly Related Articles:
11829
Mobile Security BYOD
Post Rating I Like this!
9d3a17c38c82d7146ece1ec44e9f9fe3
Christa Joe BYOD is emerging as a trend in industry and has been further extended with the concept of BYOA i.e. bring-your-own-application.
Industry has seen a tremendous shift in its operational practices and concepts like Enterprise mobility, BYOD & BYOA are the result of such behavioral maturity.
In contrast with earlier times, organizations have become more open-ended in sharing their data on personal devices of their employee while maintaining the highest level of security. Technology has proven its importance with the emergence of these concepts.

Read more about BYOD here: http://www.examiner.com/article/the-great-idea-of-byod
1368013978
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.