Spotlight on BYOD

Private cloud technology is set to resolve bring-your-own-device security challenges.

Read time 4min 20sec

The technology race between the Apple and Android camps has taken another step forward, with the launch of Apple's Mini iPad set to challenge competitors in the eight-inch tablet market, including Amazon's Kindle's Fire and Google's Nexus 7.

This development is yet another clear indication of the proliferation of user-owned tablets, netbooks, notebooks, smartphones and other devices in the workplace, as the bring-your-own-device (BYOD) movement shifts into top gear.

Because BYODs are able to sidestep the physical, logical and personnel security controls associated with traditional corporate networking management functions, the spotlight continues to focus on their security.

As the workforce rapidly migrates from laptops to mobile devices, instead of intruders having only one operating system - Windows OS - to attack, they now have to be able to launch assaults on multiple mobile platforms, including iOS, Android, Windows Mobile, Windows 8 and others. While this presents a challenge to the hackers, it presents an equal test for network security managers.

To increase the security surrounding business applications (apps) running on mobile devices, they - the apps - need to be centrally administered, managed and provisioned.

No one is safe

Even mobile apps designed exclusively for enhanced security are at risk. The best-written app, boasting the highest levels of security, can be humbled by a single download. In many cases, users download BYOD apps from online stores in the belief that app stores are secure.

This is not necessarily the case, as apps from these sources have been proven to contain blatant malware. Therefore, limiting access to back-office applications and data is critical in the BYOD arena.

The best-written app, boasting the highest levels of security, can be humbled by a single download.

Martin May is regional director at Enterasys Networks.

Ideally, any mobile-based app that accesses corporate data should be stored 'in the cloud', with centralised security provided by the cloud provider.

The question is - will a private or public cloud provide a better solution? In contrast to public cloud infrastructures, the key benefit of a private cloud is its ability to pool and dynamically allocate IT resources across any number of business units, allowing services to be deployed quickly - and even scaled to meet growing needs.

What's more, the use of these resources can be tracked effectively, and if necessary, invoiced to individual business units within the company.

In a private cloud, the resource pool is not seen as a collection of servers. Instead it's the capacity of the pool that's important, including the number of workloads and applications it is able to support.

Significantly, a private cloud allows the IT department to deliver infrastructure, platforms and software applications without the need to allocate different infrastructure 'silos' to different departments, as the resource is managed holistically.

Private clouds provide centralised management control, most often from a single management console, over various pools of resources, including servers, storage and other devices. This central control is able to enlarge to cover BYOD protection and authentication, helping to ensure app security.

Separating business and pleasure

Because the BYOD movement is expected to accelerate the speed at which organisations opt for cloud-based solutions, it's important for network managers concerned with security to do their best to separate personal data and apps from corporate data and apps on all BYODs as soon as possible.

Today, network administrators must always be in a position to identify all at-risk data, monitor traffic on networks and scan storage devices to identify the location of sensitive data. They must be equipped to know when data is sent to an unauthorised device.

While the creation of security policies for BYODs can be challenging, there are some basic rules that should be followed. These include limiting the number of devices, which employees can link to the corporate network, and establishing strict rules about connecting to corporate internal networks via mobile devices.

Fortunately, the era of the cloud has given them the opportunity to positively engage with BYOD users and achieve these goals through the introduction of cloud-based identity and access management (IAM) platforms.

Now, mobile IAM platforms facilitate the levels of authentication required to properly identify users - employees or guests - and dynamically grant them access to appropriate IT infrastructures, while enabling the detection of new devices, along with their identity, to immediately facilitate a registration process for legitimate BYODs.

Network administrators who move up to the latest cloud-based mobile IAM solution will be able to take advantage of centralised provisioning and distributed enforcement of role-based policies. Significantly, they will also be able to address multicast discovery services - such as Apple Bonjour and Microsoft UPnP - enabling them to be routable across VLANs in large network environments.

Martin May
Regional director (Africa) of Extreme Networks.

Martin May is the regional director (Africa) of Extreme Networks. The author of the book: “Everything you need to know about networking”, he is a leading authority on infrastructure security using NAC, IDS/IPS and other network-based technologies. With experience gained in Russia, Germany, UK, the US and various parts of Africa, he is directly involved with system design and implementation at enterprise level. His emphasis is on the evolution in network architectures brought about by the concept of cloud computing. May hosts regular workshops assisting South African dealers and resellers to understand the implications, complications, opportunities and international trends surrounding the cloud. A proponent of social networking for business, he is active on Facebook and makes extensive use of YouTube.

Have your say
a few seconds ago
Be the first to comment