BYOD is one of the biggest buzzwords in recent years. In reality, how big of a challenge is BYOD for large organizations?
The challenges are somewhat nuanced. Computing and communication are still fundamentally the same, but the typical IT department provides support based on a common build practice. Under the old paradigm, when a user called, the helpdesk knew what they were dealing with. Most large companies have standardized hardware and software platforms and that made troubleshooting pretty straightforward.
In a BYOD environment, this is not the case at all. Devices and the applications loaded on them are a complete yard sale, that is to say they are unpredictable in shape and texture. Customers that have navigated this properly, standardize and enforce the things that support the business, which ensures more predictability in terms of network behavior. Control the things you can control, because the rest of it is pretty messy and somewhat distracting. Standard endpoint protection or VPN software are some of the things you can dictate, and we have customers that use Procera to enforce policy on non-conforming devices by putting them in a “virtual penalty box” until the issue is addressed.
One other challenge is device registration. This was not always the case, but it is emerging as a requirement. Once the characteristics and behaviors of a device or class of devices are understood, organizations may find it desirable to apply policy to those devices. We have seen a renewed interest in registration portals and in binding identity to network behavior, which is something that we understand. At any rate, having this information is just good policy and recreating it in the future can be a daunting task. Microsoft Active Directory did this in the all-PC environment, but achieving the same in the BYOD landscape requires developing new muscle.
What devices and applications are most popular with those who bring their own devices to work? How do those pose a danger to the organization?
The most popular devices are the ones used in mobile networks, where we have traditionally played an important role and have a strong presence. The reigning kings of the smartphone space don’t need further introduction, but there is some variety once you get past the top few. We are seeing a big increase in tablet usage, but this should not be a news flash to anyone. This market is fragmenting further, as it becomes more competitive, and as other models challenge the leaders.
The applications are pretty diverse as one might expect. When the employee is off-site, they are using the things they normally use in their non-work life. Coming to work doesn’t change that, so there is a fair amount of “non-essential” traffic added to the corporate network as a result. This additional burden can be viewed as dangerous when viewed in the harshest light. The security implications of this “application stew” are emerging, suffice to say it will get messier before it gets neater.
Since many of these applications serve little or no corporate purpose other than the amusement of the employee, they are drawing some attention. Increasingly CIOs are asking hard questions about their obligation to support or fully enable that traffic. It’s a bit of a devil’s bargain though, they want the employee to use the device, but they want to prevent them from using it in their normal way. Most customers are moving toward some form of traffic management, but disabling popular non-essential applications will prove too draconian in some corporate cultures.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.