Written By Dr Al Hartmann And Presented By Chuck Leaver Ziften CEO
If you are not curious about BYOD then your users, particularly your executive users, probably will be. Being the most efficient with the least effort is exactly what users desire. Using the easiest, fastest, most familiar and comfortable device to do their work is the primary goal. Likewise the convenience of using one device for both their work and individual activities is preferred.
The issue is that security and ease-of-use are diametrically opposed. The IT department would generally choose complete ownership and control over all client endpoints. IT can disable admin rights and the client endpoint can be controlled to a degree, such as just approved applications being installed. Even the hardware can be limited to a specific footprint, making it easier for IT to secure and manage.
But the control of their devices is exactly what BYOD proponents are fighting against. They want to pick their hardware, apps and OS, and also have the freedom to set up anything they like, whenever they like.
This is hard enough for the IT security team, but BYOD can likewise greatly increase the quantity of devices accessing the network. Instead of a single desktop, with BYOD a user might have a desktop, laptop, cell phone and tablet. This is an attack surface gone crazy! Then there is the problem with smaller sized devices being lost or stolen and even left in a bar under a cocktail napkin.
So what do IT experts do about this? The first thing to do is to develop situational awareness of “trusted” client endpoints. With its minimalist and driverless agent, Ziften can supply visibility into the applications, versions, user activity and security/ compliance software which is really running on the endpoint. You can then limit by enforceable policy what application, enterprise network and data interaction can be performed on all other (“untrusted”) devices.
Client endpoints will usually have security issues develop, like versions of applications that are susceptible to attack, potentially harmful processes and disabling of endpoint security steps. With the Ziften agent you will be made aware of these problems and you can then take restorative action with your existing system management tools.
Your users need to accept the truth that devices that are untrusted and too risky need to not be utilized to access company networks, data and apps. Client endpoints and users are the source of a lot of malicious exploits. There is no magic with present technology that will make it possible to gain access to important business assets with a device which is out of control.