CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Tackling Security Acronyms That Start With BYO

With the myriad of smartphone, tablets, applications and network security devices — along with the growing use of virtualization and cloud services — all presenting an increasing volume of management and security concerns, network and security complexity remains a major challenge.

With the myriad of smartphone, tablets, applications and network security devices — along with the growing use of virtualization and cloud services — all presenting an increasing volume of management and security concerns, network and security complexity remains a major challenge.

Bring Your Own Device (BYOD) continues to be a hot topic/buzzword/challenge for organizations and there has been a lot of discussion on this issue… a LOT of discussion. While BYOD is something organizations must be able to address, this concept is being extended/evolved to a similar sounding acronym…. BYONBring Your Own Network.

BYOD Security ChallengesWhile BYOD is concerned with the risk from personal devices (i.e. a malware-ridden tablet, sensitive data unencrypted on a smartphone, etc.), BYON is a different type of risk. Let’s take a look at a commonality among most of the “devices” that are included in the BYOD conversation.

Smartphones and other devices (such as netstick dongles) enable a user to connect to the Internet via Wi-Fi hotspots. Many and Android and iPhone users (depending on carrier, plan or jailbreak status) have the ability to turn their phone into a WiFi hotspot. For iPhone users, (Settings>General>Cellular, make sure “Cellular Data” is on and you will find a “Set Up Personal Hotspot” option to activate).

While this is great in terms of getting access from basically anywhere, the concern is that depending on the setup and installed software, it could bypass an organization’s network perimeter security measures: firewall, URL proxy, e-mail gateway, etc. Data leakage and malware are real and significant risks facing the user and, most importantly, the entire organization.

BYON further disintegrates the traditional network perimeter, and although the more common security incidents will occur from ignorance, there is a great malicious risk where an insider or contractor can set up one of these hotspots and trick employees to use this connection instead of the appropriate corporate network connection — and in turn steal sensitive information.

These hotspot-enabled devices can be had for under $100 and can conveniently fit in your pocket. If the company’s security policy states that users are not allowed to access something, BYON gives users an easily accessible workaround. So the challenges are many, and here are a few recommendations to consider:

• Improving security awareness across the organization is an important first step in terms of BYON. The corporate policy should address this challenge and users should understand the risk of using an untrusted connection.

• Sweeping the airwaves to detect unauthorized hotspots is certainly possible but not easy because you need to be physically close to the hotspot. This will be an opportunity for security to respond and take appropriate actions.

Advertisement. Scroll to continue reading.

• Encrypting traffic is key. VPNs can facilitate encrypted tunnels between a remote device and the corporate network and ensure that traffic is directed through a company’s traffic filtering layers such as NGFWs, IPS, etc.

In the end, if you have a solid plan to address BYOD, then you should be able to extend that to cover BYON. Is it me or is it time for BYOB yet?

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.