BYON security risks can be mitigated with 3 critical elements

BYOD was one thing, but now that individual workers have their choice of network connectivity options, how will IT departments prevent the worst from happening? The answer begins here


Now that Bring Your Own Device (BYOD) is entrenched as an IT trend, the industry is turning its attention to an associated concept: Bring Your Own Network (BYON). As BYOD did when it first emerged on the tech scene, BYON is stirring up plenty of controversy. Some people trumpet its benefits; others decry its problems.

BYON encompasses a range of wireless networking options: mobile service-provider networks, public Wi-Fi hotspots, and ad hoc Wi-Fi hotspots that users can create on their own mobile devices. No matter where users are, they can locate and rely on some sort of wireless connectivity.

No question, BYON is a boon to users. The technology gives them the power to stay online—and productive. The IT industry as a whole, however, approaches it from a different angle: BYON is a potential data-security nightmare.

Dave Pearson, research manager, enterprise storage and networking at IDC Canada, explains that users now have three options to connect to the Internet: corporate networks, mobile service-provider networks and ad hoc networks. “When you have three kinds of networks on a single device with access to company information, that’s a security concern,” Pearson says.

Companies can’t be 100 per cent sure that the networks they don’t control are as secure as their own. Will a thief be able to infiltrate a hotspot and whisk away sensitive business information?

For businesses to benefit from BYON—while mitigating risks—they must focus on three things: policies, security architecture and network capabilities.

Policies

Organizations should specify policies that guide employees on BYON. Are there particular tasks that employees should never use BYON for? Are there BYON configurations that the company wants workers to avoid using?

Some organizations put a sharp point on their BYON rules by insisting employees sign contracts indicating that workers are expected to help keep data safe. Ted Schadler, a Forrester Research analyst, says that makes users think twice about the importance of data and wireless security.

Security architecture

Security is always an issue in IT but BYON makes data protection even more important. In a Dark Reading article, Jason Sachowski, a security professional at Scotiabank, explains that organizations should focus primarily on protecting data, not the device used to access the data, and then layer on supplementary safeguards. Additional protection might include installing mechanisms that separate sensitive information from non-sensitive data, using the latest firewalls to track network usage, and developing applications with built-in security.

“As security professionals, we must re-evaluate traditional security practices and create service models that offer secure data access—regardless of the device, network or source,” Sachowski says.

Network capabilities

Organizations also must invest in their own network capabilities to ensure employees have adequate wireless access—especially at the office. In his Toolbox.com blog post, James Gaskin advises technology users to speak up about their wireless needs.

“Go to IT and ask for an extra Wi-Fi access point in your area. Outline the need by listing the number of users demanding access, and the projects impacted by poor wireless service.”

If companies hone their policies, bolster their security systems and beef up their network capabilities, they’ll be well placed to mitigate the risks that BYON may introduce.

Comments are closed.