Bring Your Own Device: How to balance convenience and security

Bring Your Own Device: How to balance convenience and security

Posted on Posted in Business, Cybersecurity, Insights

The emergence of smartphones and tablets as mobile devices has been a significant change in the ICT landscape in recent times.  Allied with the increasing prevalence of private and public WiFi networks, Bring Your Own Device (“BYOD“), has proved to be both a blessing and a curse for ICT departments.  A blessing in that BYOD removes the cost of equipment from the ICT budget.   A curse in that the ICT department must now try to support users as they attempt to connect a wide range of different devices and operating systems to a network.  An attendant issue is that of online security, with unmonitored and unknown devices potentially introducing malware to a network, and of data and bandwidth theft by unauthorised users who manage to connect to the network.

The IT Head faces a challenge balancing the convenience of BYOD with support and security implications, particularly in maintaining an adequate level of online security.

It’s not so much of a problem in wired networks. All attached devices and all authorised users are known, and any new devices and new or guest users need to be setup by ICT before they have access to applications and data.  The perils associated with users attaching unknown and unmonitored devices to the network are sharply reduced if not eliminated.

The main issue for IT Heads and network managers is the application of BYOD to WiFi networks.   Online security is a major issue.   The unrestricted use of unmonitored devices on a WiFi network is the stuff of nightmares, particularly if users use WiFi as an access method to apps and data.

With WiFi, the ICT department has no knowledge or control over the devices that can connect to the network, the apps they run and their malware status.  Any new devices must be checked.   If all the user needs is Internet access, they can sit outside a firewall with scanning of websites and any downloaded material for malware.  No user data passes through the firewall.  If the user needs access to applications and data inside a firewall they are treated like a new internal network device and must be authorised prior to being granted access.

In the larger environment, access management systems such as Radius can be used to manage device and user access to WiFi and wired networks and their applications and data.  They provide user authentication services and usually device recognition and grant/refuse connection services.

Connect to WiFi

A major decision to be made is the type of WiFi network – private or public.   Any user can see public networks on their device, and whether it is open access or secured.   Private networks are not visible to the casual user, access is limited to registered users, and their access credentials are often hidden.   Private networks tend to be more secure, in that the casual hacker doesn’t see them.    Unless there is a good reason to have networks visible to the general public, it is usually better to hide them from general view.  Corporate or family home networks should be hidden.  Basically, unless there is a good reason to make it public, keep it private.

Unauthorised use of the WiFi network to gain access to the Internet is common.   Basically stealing bandwidth.   A casual user sees an available network on their device, and if it has no connection security, an open network, off they go.   Even if network security is enabled, there are hacking apps that will try, often successfully to find valid access credentials.  If you are on a metered connection this will cost you money, as the hacker burns his way to your data cap.  A further reason to keep your home network under the radar.

Users tend to have a simplistic view of WiFi networks.  They expect to be able to see and connect to one easily, and hopefully automatically with any device.  Allowing users to connect any device to the network brings demands for increased support.  If they fail to connect, the device they are using might not be compatible with the network, or it is not configured properly.  A clone of a popular device with reverse engineered software will probably not work.  The ICT support function does not have the specialists and the budget to support the additional workload of supporting all varieties of smart devices, operating systems and network implementations.

The way round this is to use your website to list the devices and device configurations that your WiFi network will support, supplemented by self-help connectivity instructions.  Advise users that all other devices are not supported, except on a “try and see” basis, and any support will be charged.

Apps can also an issue.  Again state clearly what you will support, and put installation copies on a download server.

BYOD is new terrain for many IT Heads.  Careful consideration of online security and who can attach what to your network can ease a lot of the pain.

Leave a Reply

Your email address will not be published. Required fields are marked *