When it comes to technology, device management resources have come a long way, just as much as the technology in our actual devices has. As a network or systems admin, you can probably relate to that statement in one way or another. Network admins may have used device profiling at one time or another and you server admins probably pushed out a few changes with group policy I could imagine. Devices that are known to your IT environment are not the issue anymore. While still important, nowadays, the applications and other resources that are available to IT staff everywhere allow us to make changes to devices on a large scale… that is on one condition usually: that they are under our control.
The Front Door: The Network
The network provides the first level of protection against BYOD devices a lot of the time. It is the first thing users with outside devices commonly will connect to upon arrival. Proper segmentation of the network is a basic way to provide security to the network when dealing with BYOD devices. This can include firewalls or network access lists to control what these outside devices are able to access. Short, sweet, and to the point. This is a basic way that some companies choose to handle BYOD devices. They simply give these devices web access and restrict access to internal company resources.
What happens the first time a vendor comes on-site and needs access to your network to fix a device or an application though? You will not have control of their device, nor will a simple internet connection suffice. They will need permissive, yet secure access to the internal network in one way or another. In terms of the network, device profiling can allow both wired and wireless network users to get an individualized access control list based on their user credentials or device for starters.
BYOD Devices And The Software They Bring
BYOD devices can be of many different brands and models and with that they carry a wide range of software as well. Some of these devices are more secure than others. The goal of server admins is the same though: to keep the internal systems and applications secure. One way this can be done is with device posturing. Device posturing is the process of ensuring that devices that come on to the network are up to predetermined system security standards. If they are not, they will not be allowed to connect. Server admins are commonly tasked with ensuring that devices under their control are up to date with the latest security updates and free of malware. Device posturing allows admins to ensure that the security standards they set are upheld by company employees with corporate assets and visitors bringing their own devices onsite.
The Users: Who They Are and What They Need
The other way that I want to mention that brings both challenge (and control) to admins concerning BYOD users is around the users themselves. When the users are looked at in a granular sense, security can really be heightened very quickly. So many times, access to internal systems is controlled based on things like the wireless network they are on, or the network vlan they are assigned to. Nothing more. Everyone in that subnet would commonly share a similar set of firewalls rules and permissions. The beginning of the process of getting more granular is by managing security based on user account and user security groups. Users can be given permissions to resources based on their position in the company, a team they are working on, or an application they, as a vendor, are assigned to support. Going a step further is the topic that I previously mentioned and that is around individualized access policies that can work on a per user basis. Regardless, one common theme that is repeated whether you are in networking, server support, or desktop support is that users should only be given the access that is required, and nothing more.
Those three topics are some of the common things that come up when the conversation of BYOD is mentioned. Discussing and developing a plan around these things will ensure that you are putting the needed focus on such a sensitive topic. While this is not a guide for BYOD devices in your network, these three areas of focus will be a good start to securing BYOD devices in your IT environment.