This page contains a Flash digital edition of a book.
BYOD ICT


Determine which applications are mandatory (or prohibited) for each device


Then determine what applications employees need in order to be productive, and what precautions need to be taken. An IT administrator can configure MDM software to enable network access only to specified enterprise application(s), and disable access to personal applications that could carry a security risk while the user is logged in. When the user logs out of the company network, they can go back to using their personal apps.


Determine which groups of employees will be allowed to use these devices


Next, determine who can use the approved devices based on their profile: what group they belong to, what privileges they have, what device they are using, and what applications they need to use. For example, field sales teams may be granted access to their iPads to view and access marketing collateral, while CEOs might be granted deeper access to business applications and the network across these devices.


Define the who, what, where and when of network access In this step, organisations associate users and groups with a specific network according to the policy they have defined. For example, John Smith, CFO, wants to connect his iPad to the corporate employee network when he gets into the office at 8:10AM. Because it’s an employee owned device, the access policy is that personal owned devices get guest access. So, you need to assign a unique identifier (such as a MAC address) to identify his device, identify the owner (Mr. Smith), specify an SSID that identifies the wireless network, and specify the physical Access Point(s) from which that network can be accessed. This could involve specifying the following using the NAC tool below: These ‘Who/What/Where/When’ specifications that define network access for John Smith can now be carried over, with suitable modifications, to other employees.


Educate employees about the BYOD policy Once a BYOD policy is in place, ensure employees understand it, as well as the reasoning behind it and how it will be enforced. Communicating this is crucial.


Inventory authorised and unauthorised devices A network access policy cannot be created and implemented in a vacuum. Before setting up controls to enforce these network access policies, conduct a reality check to see what devices are currently on the network and who is using them.


Inventory authorised and unauthorised users Collate an inventory of all users (known and unknown) who are currently accessing the network, and the devices they are using. An IT administrator might, for instance, discover a group of people using one type of device when policy dictates they should use another.


Control access based on the need to know Having built a network access policy, educated employees, used network visibility to inventory devices and users currently on the


User name:


Unique Identifier: SSID/AP:


Time: Mr. John Smith D8:A2:5E:2D:85:AD


Guest Network/Finance (where Guest Network is the SSID because personal owned devices get guest access and the Finance department is the Access Point)


8:10 AM 46 www.dcseurope.info I June 2012


network, and refined the policy, now it is time to start enforcing the network access control policy—the ‘Who, What, Where and When’ of network access control.


Continuous vulnerability assessment and remediation A BYOD policy needs continuous monitoring and ongoing maintenance. It is not good enough to set it up according to one snapshot of security risks and employee needs at one single point in time.


Therefore, organisations need to continuously check for vulnerabilities and the changing needs of employees, and potentially modify the BYOD policy to reflect these changing needs, as well as evolving security threats.


While the BYOD trend enables employee productivity, the drawback associated with it is without a doubt the possible security risk it brings to organisations. Any uncontrolled and/or unexpected access to the network via a mobile device – smartphone, laptop or tablet – provides another channel through which an organisation’s entire network can become severely compromised.


Thankfully, NAC technology has ‘grown up’ while at University to become the sophisticated and efficient network security management tool it is today.


NAC, together with MDM technology and a well-thought-out BYOD strategy can form a powerful defence against security threats created by BYOD while enabling employee productivity to remain high across the organisation.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56