With the myriad of smartphone, tablets, applications and network security devices -- along with the growing use of virtualization and cloud services -- all presenting an increasing volume of management and security concerns, network and security complexity remains a major challenge.
Bring Your Own Device (BYOD) continues to be a hot topic/buzzword/challenge for organizations and there has been a lot of discussion on this issue… a LOT of discussion. While BYOD is something organizations must be able to address, this concept is being extended/evolved to a similar sounding acronym…. BYON – Bring Your Own Network.
While BYOD is concerned with the risk from personal devices (i.e. a malware-ridden tablet, sensitive data unencrypted on a smartphone, etc.), BYON is a different type of risk. Let’s take a look at a commonality among most of the “devices” that are included in the BYOD conversation.
Smartphones and other devices (such as netstick dongles) enable a user to connect to the Internet via Wi-Fi hotspots. Many and Android and iPhone users (depending on carrier, plan or jailbreak status) have the ability to turn their phone into a WiFi hotspot. For iPhone users, (Settings>General>Cellular, make sure “Cellular Data” is on and you will find a "Set Up Personal Hotspot" option to activate).
While this is great in terms of getting access from basically anywhere, the concern is that depending on the setup and installed software, it could bypass an organization’s network perimeter security measures: firewall, URL proxy, e-mail gateway, etc. Data leakage and malware are real and significant risks facing the user and, most importantly, the entire organization.
BYON further disintegrates the traditional network perimeter, and although the more common security incidents will occur from ignorance, there is a great malicious risk where an insider or contractor can set up one of these hotspots and trick employees to use this connection instead of the appropriate corporate network connection -- and in turn steal sensitive information.
These hotspot-enabled devices can be had for under $100 and can conveniently fit in your pocket. If the company’s security policy states that users are not allowed to access something, BYON gives users an easily accessible workaround. So the challenges are many, and here are a few recommendations to consider:
• Improving security awareness across the organization is an important first step in terms of BYON. The corporate policy should address this challenge and users should understand the risk of using an untrusted connection.
• Sweeping the airwaves to detect unauthorized hotspots is certainly possible but not easy because you need to be physically close to the hotspot. This will be an opportunity for security to respond and take appropriate actions.
• Encrypting traffic is key. VPNs can facilitate encrypted tunnels between a remote device and the corporate network and ensure that traffic is directed through a company's traffic filtering layers such as NGFWs, IPS, etc.
In the end, if you have a solid plan to address BYOD, then you should be able to extend that to cover BYON. Is it me or is it time for BYOB yet?