The prevailing tech movement known as ‘Consumerization of IT’ or ‘Bring Your Own Device’ (BYOD),  continues to shift the way employees interact with enterprise applications and information, which raises considerable security challenges to any organization. These devices include an array of tablets, among them Apple® and Android™ smartphones, “Wintel” laptops, and devices we have yet to see. For some organizations, such as universities, the array of user devices may be unlimited, and therefore organization authorities’ grasp on securing data may be tenuous for quite some time. Yet other organizations will be in a better position to leverage policy controlling acceptable devices and ensuringtheir own ability to investigate these devices as needed.

Employee productivity and flexibility, reduced operational costs, ease of employee provisioning, and organizational agility ensure that BYOD is here to stay.  However, to make BYOD viable, organizations rely on two key ingredients:  authentication and policy.  Authentication ensures that the right individuals and devices are allowed access to the appropriate resources, while policy ideally defines what is allowed from a usage perspective. Generally, policy establishes the organization’s right to investigate employee-owned work devices, and outlines any security applications that are required to be installed on the employee devices.

Much of the industry conversation on BYOD revolves around an organization’s ability to monitor and examine employee-owned devices. Due to legal questions and privacy requirements, many organizations still do not have BYOD policies like those described above. However, whether an organization has successfully implemented a concrete policy or not, the fact remains that the most critical element in securing an enterprise against BYOD threats is enterprise visibility and remote remediation capabilities. If you can’t see what’s happening on the computers, servers and shares across your enterprise, as well as within network communications, you can’t effectively defend yourself against any threat, let alone those originating from employee-owned devices.

BYOD programs increase risk and compound the challenges organizations struggle with every day. Unfortunately, many of the threats that increase with the introduction of a BYOD program are often not preventable.

[Theft or Loss of Sensitive Data

How does an enterprise prevent personally identifiable information from being copied onto uncontrolled devices? What stops a user from utilizing their phone camera to snap an image of sensitive content?

Breaches of Acceptable Use Policy

Can users of BYOD devices access internet sites that violate acceptable use policies designed to limit risk? For example, BYOD users may be more likely than corporate users to fall victim to a phishing attack, resulting from a visit to a malicious website.

Malware

Introducing employee-owned devices to the enterprise exponentially increases the opportunities for malware exploits. Many of these exploits are new and undefined, which means they are not caught by traditional, signature-based tools. So how do we increase our ability to detect?]

Malware in particular is a growing concern, as the exploits targeting personal devices in the work environment are increasing in frequency.  It was discovered that a recent app named “Find and Call” was actually a dangerous address book harvester, freely available on the protected Apple App Store. Then there’s the Android “Marketplace,” based on the Google open source operating system, which more or less invites malware development as it does not have the same safety regulations in place.

Furthermore, BYOD practice includes Windows-based computers not owned and controlled by the enterprise, but used by the employee primarily for work. Can we rely on users to update their anti-virus, anti-malware and patch levels? Hardly.

Solutions for BYOD practice

While the ability to forensically examine, monitor and remotely secure BYOD devices is critical, the most effective approach to addressing the increased risk presented by the BYOD trend is to keep eyes on the enterprise. Proactive host and network monitoring, as well as integrated analysis of that data, allows organizations to detect and remediate data leakage and malware, even when its missed by IDS, DLP, and other traditional preventative tools.

Inside the enterprise, proactive steps that look for policy violations, vulnerabilities and irregularities should also be in place, including:

• Regularly scheduled audits of servers and computers across the enterprise to identify confidential or classified data
• Enterprise scans to identify malicious code that antivirus and IDS may have missed
• Network traffic capture and forensic analysis

Depending on the BYOD model, organizations may implement a mobility management solution that focuses on applications, information, policy, and devices.  However, even with protective measures in place, there remains a real need to ensure that employees are complying with BYOD policies. Doing so can prevent against data leakage, inappropriate or inadvertent network access, and malware access to corporate assets. This is not possible without complete and proactive enterprise visibility.