Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO
If you are not curious about BYOD then your users, especially your executive users, most likely will be. Being the most productive with the least effort is what users want. Using the most convenient, fastest, most familiar and comfortable device to do their work is the main goal. Also the convenience of using one device for both their work and individual activities is preferred.
The issue is that security and ease-of-use are diametrically opposed. The IT department would generally prefer total ownership and control over all client endpoints. IT can disable admin rights and the client endpoint can be managed to a degree, such as just authorized applications being set up. Even the hardware can be limited to a particular footprint, making it simpler for IT to protect and control.
However the control of their devices is what BYOD supporters are fighting against. They want to choose their hardware, apps and OS, and also have the freedom to install anything they like, whenever they like.
This is tough enough for the IT security team, but BYOD can likewise greatly increase the amount of devices accessing the network. Instead of a single desktop, with BYOD a user may have a desktop, laptop, mobile phone and tablet. This is an attack surface gone wild! Then there is the problem with smaller sized devices being lost or stolen or perhaps left in a bar under a cocktail napkin.
So exactly what do IT professionals do about this? The first thing to do is to develop situational awareness of “trusted” client endpoints. With its minimalist and driverless agent, Ziften can offer visibility into the applications, versions, user activity and security/ compliance software which is really running on the endpoint. You can then restrict by enforceable policy what application, business network and data interaction can be carried out on all other (“untrusted”) devices.
Client endpoints will usually have security issues develop, for example versions of applications that are susceptible to attack, potentially damaging procedures and disabling of endpoint security steps. With the Ziften agent you will be made aware of these issues and you can then take restorative action with your existing system management tools.
Your users have to accept the truth that devices that are untrusted and too risky should not be utilized to access company networks, data and apps. Client endpoints and users are the source of many harmful exploits. There is no magic with existing technology that will make it possible to gain access to crucial corporate assets with a device which is out of control.