It sounds strange, I know, but I think I'm in love...with my phone. It is my constant companion. It wakes me up in the morning, its soft glow leads my way at night. I would be lost without it (literally). It talks to me, it sings to me, it reminds me when I forget. We laugh together. We cry together. I love my phone. Many people feel similarly about their device, be it a laptop, tablet, or smartphone. (Admittedly, there are some who claim they hate their phone, but I'm convinced that beneath that cold, harsh exterior lies an insatiable love like mine). For people like us, if given the opportunity, we would gladly utilize our personal devices on the job instead of the five-year-old dinosaur that we are typically issued by our employers.
We could spend all day discussing the pros and cons of BYOD, but since this is a technical forum, I'll skip that part and jump right to the technical ramifications.
From the network's perspective, whether a connected device is supplied by the employer or the employee is of little consequence. In fact, in and of itself BYOD doesn't present any networking challenges that don't exist in some form in a traditional employer-supplied device environment. But a large-scale BYOD deployment does exacerbate some problems, three of which I would like to address here.
BYOD challenges to the network
1) Heterogeneous clients and security. In a traditional employer-supplied device environment, the variety of devices is relatively small. If you've read any of my other posts, you'll know that I'm a big fan of simplicity and elegance in network design. Less variety generally means less complexity, less complexity means less exposure to human error, and less exposure to human error means increased security.
2) Data loss. iPhone users have 1.2 million apps to choose from, Android users 1.3 million. How many of those apps do you think have some capability for sending data to a third party? Personal devices are more likely to have all manner of useless apps, increasing the potential for organizational data loss.
3) Rogue gateways. Organizations typically limit exposure to the Internet through the use of a Gateway architecture. A compromised device can activate both Wi-Fi and cellular data networks simultaneously, allowing for a real-time entry point into the network for attackers. Of course, this challenge isn't unique to BOYD, but as I stated earlier, a larger variety of devices present more vectors of attack.
Addressing the issues
There are two components to addressing these issues: technical and non-technical.
Let's get the boring one out of the way first: the non-technical component includes policy and awareness. A comprehensive and realistic BYOD policy is needed, and users need to be educated.
Phew, that wasn't so bad, was it? Now comes the fun part. There are two main technical tools for addressing BYOD, both of which happen to have three-letter acronyms: MDM and DLP.
1) Mobile Device Management, or MDM, is the generic term for software suites that are used for – you guessed it – managing your mobile device deployment. MDM tools and techniques aren't exclusive to BYOD, but a comprehensive MDM solution is even more essential for a successful – and secure – BYOD deployment.
2) Data loss prevention, or DLP, is a strategy to avoid exporting sensitive data outside of the boundaries defined by the organization. There are several types of DLP tools: some look for sensitive data, like social security numbers, on the wire. Some look for sensitive company files (like the marketing strategy for your company's latest soon-to-be hit product). But all serve the purpose of keeping sensitive data from going where it doesn't belong.
Why does it matter? What does it mean for the future of the enterprise?
With Gartner is predicting half of employers going BOYD by 2017, it is basically a foregone conclusion that your organization will have to deal with personal devices, either directly or indirectly. BYOD can either be a blessing (reduced costs, increased employee satisfaction) or a curse (management nightmare, increased vulnerability) to your organization. You pick: address it early and it will be a blessing, ignore it and it will be a curse.