A Secure BYOD Environment
Published: February 19, 2013
Author: Jay Paloma, Enterprise Security MVP
In this day and age, a significant percentage of the working population is using some form of personal handheld or portable technology for communications, information, and entertainment. Sooner or later these technologies are used in the workplace, connecting to the corporate network and accessing corporate data. If the organization does not have any way of ensuring that network services are only available to authorized devices, or alternatively, detecting rogue devices that are connecting to the corporate network, then there is a risk that corporate data may be compromised.
Bring Your Own Device
Many people think that a BYOD corporate initiative simply means that the organization is becoming more flexible because the applications and data are now accessed in more ways and in a wider variation of devices than before. In the context of corporate security, the letters “YO” in BYOD need to be emphasized: “Your Own.” This means that the company now has to work with devices that are not company assets and would most likely not conform to corporate security measures. These devices should be able to access any required applications while maintaining security from two fronts: securing corporate data from the user, and securing the user’s personal data on the device.
The best way to visualize an organization’s BYOD security is through a “ Defense in Depth” strategy. As you can see, what we are securing is the data, and all other security measures are intended to protect it. The same is true for a secure BYOD implementation.
Securing the Data, Application, and Host
The major security concern of the BYOD initiative is the proliferation of devices with a variety of unmanaged operating systems. This in turn leads to issues on application compatibility with the OS, or the web-based application to the browser running on the device.
Securing the Internal and Perimeter Network
A good network strategy of the BYOD initiative is to treat the BYOD devices as external, meaning they should be able to connect only to the needed resources through the external network, and be subject to the security checks available in the perimeter network.
Physical Device Security
The organization has to be protected from the device being physically compromised by ensuring that:
Policies, Procedures, and Awareness
The organization should have education programs on the benefits and accompanying responsibilities of the BYOD program, and implementing certain security measures on the devices like installing antivirus and ensuring that the definitions are current, and so on.
What About Personal Data?
Phones and tablets, let’s face it, have more personal data than ever: pictures and media, text messages, personal emails, messenger, as well as social networking credentials. An employee who elects his/her device participate in the corporate BYOD program would appreciate the fact that personal data remains secure as well.
In both VDI and Windows To Go options, personal data is isolated from corporate usage. In VDI, because the device is only a Remote Desktop Services client, and in Windows To Go where it is running another operating system instance independent of the device OS.
If your organization is considering a BYOD policy, it is now time to review the different options and technologies available to implement a secure BYOD environment. Remember that BYOD is not just users being allowed to connect their personal devices on to the corporate network. BYOD is about giving your users the ability to use technology they are familiar with, while ensuring that corporate data remains safe.
About the Author
Jay Paloma is one of the pioneers of the Philippine Windows Users Group or PHIWUG (
http://www.phiwug.org) and eventually became its president. He and his team of officers (some of them being MVPs themselves) led PHIWUG to become a very active users group in the Philippines, heavily contributing to the Philippines Technical Community by organizing a number of successful community events. Jay specializes in Microsoft network and security infrastructure, including ISA Server, Active Directory, and Exchange Server.