The story of part one described how having resources accessible from an individual’s personal device could have dangerous and negative effects on a business. Having a better perspective on the extent of the vulnerabilities that a BYOD environment present, how do we handle these situations without simply locking out BYOD entirely? Let’s look over what the details of the situation are and see how we can address each.
First off, looking to the original story we have to ask, how do you lock users out of critical resources when they are using an insecure device? For this to work, we must have the ability to identify the device the user is currently using to connect to the resource we’d like secured. Is it a tablet? Is it a mobile phone? A desktop? This is an essential step in handling the user as we must first know the environment we are dealing with to be able to react appropriately. Based on what device is being used, security measures must adapt and be able to assign differing levels of access.
Now that we have an idea of what device the user is on, we must figure out where they are coming from. Are they in their office? Perhaps they are sitting in the cafeteria trying to eat and work at the same time. Maybe the user has taken their work home with them and is connecting through VPN. Do we want a HR person able to read sensitive employee data from their tablet while they sit in the cafeteria where eyes could be looking over their shoulders? Each of these locations, even for the same person, could have different security and access needs and our solution must address them.
What about time of day? Should the user be allowed to make changes after hours? The answer to this question will vary greatly from user to user and company to company. Again our solution needs to adapt to these differing circumstances.
To really offer secure BYOD, we must be able to take into account these variables and many more, react to them dynamically, and seamlessly allow users to do their job safely every time. This becomes a very difficult task when you don’t have the right systems in place. So what is the right system for this situation? Well, we need an adaptive network access control system, which can evaluate each situation and dynamically adjust security appropriately.
Luckily here at Milton Security Group, we make such a system. Our Edge7200i evaluates everything I’ve described in this post, and much more. Being able to identify end users based on their credentials, machine, location, time of day, and even their machines health, as well as continuous monitoring of every packet that travels down the wire, the Edge7200i gives full control over the BYOD environment, deftly solving the issues surrounding BYOD.