BYOD and Its Risks to Network Security

Thursday, June 05, 2014

Patrick Oliver Graf

E595c1d49bf4a26f8e14ce59812af80e

In the not-so-distant past, when enterprises lacked ubiquitous high-speed Internet connections and the means to provide employees with remote access, organizations were far more likely to enforce strict working hours than they are today. After all, work wouldn't get done if employees weren't present.

Mobile technology has since enabled the growing trend of remote work, allowing employees to work from anywhere at any time. As a result, many employers have become more flexible in their expectations of employees and in their definition of "the workday."

But, where they shouldn't be more flexible, and where many are actually falling behind, is in the governing of how employees use personal mobile devices for work purposes and their remote access to the corporate network.

Are Employees Bringing Their Own Security Problems, Too?

Bring-your-own-device (BYOD) is now more of the norm than a new, disruptive trend. According to a new study by Gartner, more than half of the 995 employees it surveyed said they use their personal devices for work purposes for more than an hour each day. For companies, every second that sensitive information is leaving the corporate network, it could be exposed.

In a perfect world, employees would never experience security problems with their personal mobile devices while using them for work purposes, and 100 percent of those few who did would report incidents to the appropriate personnel at their company.

The reality is vastly different.

Gartner found that about one-quarter of users have had a security issue with their personal mobile device at work, and only 27 percent of these victims have reported the incident.

These numbers suggest that organizations still have a long way to go to manage BYOD, and that new approaches and technologies are required to protect business data accessed via employees' mobile devices.

Central Management to the Rescue

Enterprises are increasingly seeking to implement remote access solutions with central management capabilities to manage VPN configurations, certificates, and network and firewall policies, and prevent sensitive data from being exposed whether unknowingly by employees, or by hackers with malicious intent. With myriad operating systems and devices to support in a BYOD environment, IT administrators are searching for cost-effective solutions for securing remote access to the corporate network while enabling workers to be productive.

With a centrally managed VPN that works on all types of devices an employee might have, IT administrators can ensure that all endpoints connecting to the corporate network are policy compliant and automatically roll out VPN software updates to all employees. Also, if a breach occurs, immediate steps can be taken to revoke access to the network down to the device level. IT staff, then, gain a powerful tool that helps to fill the gap left by unreliable employee self-reporting and keep the corporate network secure.

This post originally appeared on VPN Haus.

Possibly Related Articles:
13791
Network->General Enterprise Security Policy Security Awareness Security Training Breaches
BYOD risks
Post Rating I Like this!
92b408f64ffd8e8ce7338d1b9a220ec8
Mary Kaichini At present some kind of monitoring is the only solution to prevent serious problems like data leakage or hacker attacks. My office allows BYOD, but they set strict control over the system by means of IT infrastructure monitoring software Anturis, that checks the company networks and all the devices attached to it. Several times the solution saves us from being infected etc.
1402920379
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.