To protect your network and your data, you need complete and proactive enterprise visibility, says Paul Wright, Manager of Professional Services and Investigation Team, Middle East, India and Africa, AccessData.
The prevailing movement, labelled the ‘Consumerisation of IT’ or Bring Your Own Device (BYOD), will continue to shift the way employees interact with enterprise applications and information, which raises considerable security challenges to any organisation.
These devices may include an array of tablets, including Apple and Android smartphones, “Wintel” laptops, and devices we have yet to see. For some organisations, such as universities, the array of user devices may be unlimited, and therefore their grasp on securing data may be tenuous for quite some time. Other organisations will be in a better position to leverage policy to control the devices allowed and to ensure they have the ability to investigate these devices as needed.
Employee productivity and flexibility, reduced operational costs, ease of employee provisioning, and organisational agility ensure that BYOD is here to stay. However, to make BYOD viable, organisations rely on two key ingredients: authentication and policy. Authentication ensures that the right individuals and devices are allowed access to the appropriate resources. Policy ideally defines what is allowed from a usage perspective, establishes the organisation’s right to investigate employee-owned work devices, and outlines any security applications that are required to be installed on the employee devices.
Much of the industry conversation revolves around an organisation’s ability to monitor and examine employee-owned devices. Due to legal questions and privacy requirements, many organisations still do not have BYOD policies, as described above. However, whether an organisation has successfully implemented a concrete policy or not, the fact is the most critical elements in securing your enterprise against BYOD threats is enterprise visibility and remote remediation capabilities. If you can’t see what’s happening on the computers, servers and shares across your enterprise, as well as within network communications, you can’t effectively defend yourself against any threat, let alone those originating from employee-owned devices.
BYOD programmes increase risk and compound the challenges organisations struggle with every day. Unfortunately, many of the threats that increase with the introduction of a BYOD program are often not preventable.
Theft or loss of sensitive data
How do you prevent personally identifiable information from being copied onto uncontrolled devices? What stops a user from utilising their phone camera to snap an image of sensitive content?
Breaches of acceptable use policy
Can users of BYOD devices access internet sites that violate acceptable use policies designed to limit risk? For example, BYOD users may be more likely than corporate users to fall victim to a phishing attack, resulting from a visit to a malicious website.
Introducing employee-owned devices to the enterprise exponentially increases the opportunities for malware exploits. Many of these exploits are new and undefined, which means they are not caught by traditional, signature-based tools. So how do we increase our ability to detect?
Malware, in particular, is a growing concern, as the exploits targeting BYOD are increasing in frequency. It was discovered that “Find and Call” was actually a dangerous address book harvester, freely available on the protected Apple App Store. Then there’s the Android “Marketplace,” based on the Google open-source operating system, which more or less invites malware development. Furthermore, BYOD includes windows-based computers not owned and controlled by the enterprise but used by the employee primarily for work. Can we rely on users to update their anti-virus, anti-malware and patch levels? Hardly.
While the ability to forensically examine, monitor and remotely secure BYOD devices is critical, the most effective approach to addressing the increased risk presented by the BYOD trend is to keep eyes on the enterprise. Proactive host and network monitoring, and integrated analysis of that data allows organizations to detect and remediate data leakage and malware, even when its missed by IDS, DLP and other traditional preventative tools.
Inside the enterprise, proactive steps that look for policy violations, vulnerabilities and irregularities should include:
- Regularly scheduled audits of servers and computers across the enterprise to identify confidential or classified data.
- Enterprise scans to identify malicious code that anti-virus and IDS may have missed.
- Network traffic capture and forensic analysis.
Depending on the BYOD model, organisations may implement a mobility management solution that focuses on applications, information, policy, devices, and so on. However, despite the approach to handling BYOD devices, there remains a real need to ensure that employees are complying with BYOD policies, that there is protection against data leakage, that inappropriate or inadvertent network access is not happening, and that corporate assets remain free of malware. This is not possible without complete and proactive enterprise visibility.