Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Tackling Security Acronyms That Start With BYO

With the myriad of smartphone, tablets, applications and network security devices — along with the growing use of virtualization and cloud services — all presenting an increasing volume of management and security concerns, network and security complexity remains a major challenge.

With the myriad of smartphone, tablets, applications and network security devices — along with the growing use of virtualization and cloud services — all presenting an increasing volume of management and security concerns, network and security complexity remains a major challenge.

Bring Your Own Device (BYOD) continues to be a hot topic/buzzword/challenge for organizations and there has been a lot of discussion on this issue… a LOT of discussion. While BYOD is something organizations must be able to address, this concept is being extended/evolved to a similar sounding acronym…. BYONBring Your Own Network.

BYOD Security ChallengesWhile BYOD is concerned with the risk from personal devices (i.e. a malware-ridden tablet, sensitive data unencrypted on a smartphone, etc.), BYON is a different type of risk. Let’s take a look at a commonality among most of the “devices” that are included in the BYOD conversation.

Smartphones and other devices (such as netstick dongles) enable a user to connect to the Internet via Wi-Fi hotspots. Many and Android and iPhone users (depending on carrier, plan or jailbreak status) have the ability to turn their phone into a WiFi hotspot. For iPhone users, (Settings>General>Cellular, make sure “Cellular Data” is on and you will find a “Set Up Personal Hotspot” option to activate).

While this is great in terms of getting access from basically anywhere, the concern is that depending on the setup and installed software, it could bypass an organization’s network perimeter security measures: firewall, URL proxy, e-mail gateway, etc. Data leakage and malware are real and significant risks facing the user and, most importantly, the entire organization.

BYON further disintegrates the traditional network perimeter, and although the more common security incidents will occur from ignorance, there is a great malicious risk where an insider or contractor can set up one of these hotspots and trick employees to use this connection instead of the appropriate corporate network connection — and in turn steal sensitive information.

These hotspot-enabled devices can be had for under $100 and can conveniently fit in your pocket. If the company’s security policy states that users are not allowed to access something, BYON gives users an easily accessible workaround. So the challenges are many, and here are a few recommendations to consider:

• Improving security awareness across the organization is an important first step in terms of BYON. The corporate policy should address this challenge and users should understand the risk of using an untrusted connection.

• Sweeping the airwaves to detect unauthorized hotspots is certainly possible but not easy because you need to be physically close to the hotspot. This will be an opportunity for security to respond and take appropriate actions.

Advertisement. Scroll to continue reading.

• Encrypting traffic is key. VPNs can facilitate encrypted tunnels between a remote device and the corporate network and ensure that traffic is directed through a company’s traffic filtering layers such as NGFWs, IPS, etc.

In the end, if you have a solid plan to address BYOD, then you should be able to extend that to cover BYON. Is it me or is it time for BYOB yet?

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.