Skip Links

10 tips for implementing BYOD securely

By Richard Benigno, Senior Vice President of Americas, Stonesoft, special to Network World
September 04, 2012 01:29 PM ET

Network World - This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

With the Bring Your Own Device (BYOD) movement quickly becoming an accepted norm, IT needs to better understand how it impacts all aspects of the corporate network security strategy.

The true cost of BYOD

BYOD is another technology trend that moves a company from a position of risk avoidance to risk management. Where many IT organizations get it wrong is they focus on only one piece of the puzzle - like the device. If organizations want to minimize the risks of BYOD, they need to assess the impact on the network security ecosystem and understand the big and small weaknesses it creates.

Here are 10 tips for implementing BYOD securely and effectively within the enterprise, while fostering secure, remote access to business critical information:

1. Go Beyond Passwords to Authentication. Static passwords, combined with the risks of BYOD, are not enough to ensure secure remote access to sensitive business data and systems. Companies should consider multi-factor authentication methods to strengthen security while continuing to prioritize usability. One-time passwords and alternate notification methods (e.g. text messages) are two ways to make the authentication process holistically stronger.

2. Secure Remote Access with SSL-Based VPN. Once you have authenticated a user, companies must secure the network connection. SSL VPN gives employees enormous flexibility to access the network securely from any location and from any mobile device. Furthermore, unlike IPSec, SSL VPN provides secure remote connectivity without the need for software to be installed on each device.

3. SSO for Password Fatigue. Separate logins for individual applications are both a hassle and a security risk, as users may deploy insecure methods for keeping up with different passwords. Single sign on (SSO) tools let employees use a single password to access a portal of company and cloud applications, and can be part of an SSL VPN configuration.

4. End Node Control. Once an employee leaves the company, network access should leave right along with them. However, that is not always the case unless there is a way to instantly and effectively block specific users. Find a solution that manages devices from the corporate side, not just the employee side, and allows you to quickly remove a specific user's access privileges with a few keystrokes. This should be accomplished without requiring redefinition of the entire user base, which is both time-consuming and prone to error.

5. Applying a Federated ID. Federated ID simply means that the person's identity is stored across multiple systems, such as when you use Facebook or Twitter to log in to another account online. The same works for your organization, where you authenticate a user, and then allow them access across internal and external systems that you manage. Federated IDs allow single sign-on for the employee. What are the benefits? The employee logs in to any approved system easily, the corporation controls access even to cloud-based applications, and the service provider does not need to maintain user profiles.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News