The way we work is changing. Increasingly, today’s employees no longer find themselves bound to the confines of their static workstations, as they seek out flexible working arrangements to improve their work-life balance. Employers have also become more open embracing greater flexibility at work, enabling their staff to complete their tasks from cafes, co-working spaces, or even the comfort of their own home.
Greater workplace mobility also means that employees have better access of business applications and company servers through their personal smartphones, tablets and laptops, which can in turn help boost productivity. Coupled with the rapid growth of enterprise mobility solutions and evermore sophisticated personal devices, this has helped made Bring Your Own Device (BYOD), a norm in the workplace. In a recent study, ReportLinker projected that the Asia-Pacific region is likely to grow fastest, in terms of BYOD adoption and enterprise mobility market.
Device makers and service providers are recognizing this tremendous market opportunity, and have been consistently improving and targeting their enterprise offerings to those who wish to use their personal devices at work. Apple, for example, recently announced a partnership with Deloitte, aimed at helping businesses build productivity solutions across enterprise functions such as retail, recruitment and back-office systems. Similarly, Microsoft has greatly simplified the BYOD experience for Windows 10, allowing users to add work accounts to their personal devices, and enabling integration with Azure Active Directory, Microsoft’s cloud solution that manages identity and access for users of its software.
While the BYOD phenomenon has enabled many companies to reach heightened levels of productivity and flexibility, the introduction of personal devices on such a wide scale has both altered and complicated the way organizations secure their networks.
What BYOD really means for workplace security
As organizations blur the distinctions between personal and work devices, traditional firewalls and Network Access Control (NAC) options alone will no longer be able to provide adequate protection. The widespread adoption of BYOD exposes corporate assets to a much larger potential attack surface, meaning companies would need to channel greater resources to mitigate threats. Restricting the number and type of company-related activities that employees can perform on their personal devices might be the most logical means to limit this attack surface, but in reality, would be challenging to manage and may lead to companies missing out on productivity gains.
There are three ingredients that security teams need to bear in mind when setting out to secure their networks in today’s BYOD age, so as to ensure that the resulting security strategies remain palatable to those who seek mobility and flexibility.
Three ingredients critical to securing BYOD
- Traffic Protection
The first aspect companies need to consider is network traffic protection. The inspection of traffic is a vital requirement for securing access and controlling movement of data. Security teams must build policies that are consistently enforced, regardless of whether the operating endpoint is remote or internal. Secure connections must be established between any endpoint and the company network, and provide full visibility of network traffic across all ports, protocols and applications. This helps to eliminate blind spots in mobile workforce traffic, and gives organizations the ability to maintain a consistent view into applications.
- Network Segmentation
Besides traffic, data also needs to be protected by securing the network internally – not all users within an organization need access to every nook and cranny of the corporate network. Security teams thus need to adopt network segmentation measures that allows for the partitioning of their network, and to enforce precise controls for access to internal resources based on business needs. Policies should be crafted in such a manner that specific groups of users are only able to access applications and files on a need-to basis. By employing a zero-trust policy, companies can more effectively reduce the potential attack surface area, and secure their internal networks.
- Device Management
Mobile device management is an integral part of any BYOD security strategy. This includes both pre-usage controls, such as providing strong authentication options, as well as other preventive measures such as protection against phishing and credential theft. Although these devices may be privately owned, it is important that policy-based security is instated across the BYOD environment. Possible measures can range from the simple – such as requiring a PIN to unlock to the phone – to technology-based solutions, such as the ability to remotely lock specific apps in the event that one’s device is lost or stolen.
Today’s fast-paced and increasingly digital business environment coupled with employees’ desire to achieve a healthy work-life balance is signaling a convergence of work and personal lives, as we’ve never seen ever before. This is similarly reflected in the cross-usage of personal devices at work and vice versa. Yet in order to fully enjoy the benefits and productivity growth that the BYOD future can bring to the workplace, companies must first institute the right approaches to security across its people, processes and technology and adopt a prevention-first strategy, in order to remain secure against potential cyberthreats.
Vicky Ray, Senior Threat Intelligence Analyst, Palo Alto Networks