The age of BYOD is here, and with it a myriad of threats and challenges so broad that some have called the phenomenon "Bring Your Own Disaster".
And it's easy to understand why. With devices that are often borrowed by socially active kids who load their own apps onto Mom's or Dad's iPhone, browse unsafe websites and lend your phone to their friends for "just a minute"
Boost Fertility New Invention Ups Success Rates.pdf
Network Security Threats within BYOD by Prof. Lili Saghafi
1. Network Security Threats within BYOD
By: Prof. Lili Saghafi
Conference on Communication and Network Security
(ICCNS 2014)
Milan, Italy, November 19-21, 2014
2.
3. Overview
• The age of BYOD is here, and with it a myriad
of threats and challenges so broad that some
have called the phenomenon "Bring Your Own
Disaster".
• And it's easy to understand why. With devices
that are often borrowed by socially active kids
who load their own apps onto Mom's or Dad's
iPhone, browse unsafe websites and lend your
phone to their friends for "just a minute"
4.
5. Mobility
• Along with the BYOD challenge of multiple
devices is where these devices go.
• Mobility is the other half of the BYOD equation,
and mobile devices connect to a broad variety of
networks—known and unknown, safe and
unsafe, secure and insecure.
• Also, with employees carrying on average three
or more devices, it's not unusual to see more
mobile browsers than PC‐based browsers
accessing internal websites.
6.
7. Network Security
• Unfortunately, mobility and BYOD are the
natural enemies of network security.
• With users increasingly accessing business
systems from the road or from home, just
identifying the ever‐growing network security
risks in this environment has become a
nonstop job, challenging virtually every IT
security organization.
8.
9. Mitigate Risk Factors
• How to control of the BYOD explosion and
mitigate risk factors before they impact the
enterprise is a quest.
10.
11. A-Modernize and Centralize Identity
and Access Management
• Organizations that haven't kept their identity and access
management systems up‐to‐date are particularly at risk.
• On top of mobility, social media and cloud applications can
introduce threat vectors in a variety of ways.
• A solid identity and access management system tightly
integrated with directory servers should be the first line of
defense against malignant access to enterprise services.
• Access to applications should be as strictly limited as
possible to reduce the risk of unauthorized users gaining
access as well as to prevent potential losses of intellectual
property, sensitive customer information, or other
regulated data.
12.
13. B-Security, Performance, Visibility
• In today's era of software‐defined everything, hardware still
matters.
• This may be especially true when it comes to
next‐generation firewalls (NGFW), which are quickly
becoming a staple in the security professional's larder.
• Not only must firewalls offer security protection without
impacting performance, they need to deliver visibility into
each and every application traversing the network.
• Regular threat protection updates to keep users a step or
two ahead of the bad guys and seamless integration with
enterprise authentication services can help stem the threat
that BYOD represents.
14.
15.
16. C-Consider Containerization
• You may not be able to stop the BYOD juggernaut, but
you can certainly put up some walls.
• Compartmentalizing trusted applications and company
data can be achieved using secure containers and
network access controls can prevent an untrusted
device from accessing sensitive parts of the network.
• This is especially important in situations where a BYOD
device is lost or stolen, or employee is terminated.
• Having company applications and information in their
own container greatly simplifies the task of sterilizing
devices without affecting employees' personal
applications or family photos stored on those devices.
17.
18. D-Know the Threats
• The threat landscape is constantly changing.
• New vulnerabilities emerge and security events occur daily.
• It is also virtually impossible to track the multitude of
advanced threats, including advanced persistent threats that
may be aimed at your enterprise's servers.
• Many of these threats rely on devices such as smartphones to
gain access or exfiltrate data.
• A comprehensive security intelligence and risk management
platform combining advanced threat research with correlation
of security events and vulnerabilities can ensure that
consistent policies are in force enterprise‐wide.
• This would enable reporting and trend analysis enhancing
transparency, and automated updates across all the security
appliances in the network.
19.
20.
21. E-Policy Is Not a Four‐Letter Word
• You're seeing devices being brought into the enterprise by
employees
• on every level and in every department, but is it happening in
accordance with established policies?
• A surprising number of enterprises that allow user devices
either do not have a BYOD policy or have one that is already
outdated.
• Without clearly set policies in place, it's nearly impossible to
effectively mitigate the risks that user devices bring along with
the convenience that they offer.
• Also important is training employees, partners, customers
and anyone else whose personal devices are granted access
to the network as to what those policies are, and that such
policies exist in the first place.
22.
23. F-You Can't Manage What You Don't
See
• Logging, monitoring and reporting of user device activity is
critical to understanding what, if any, risky behavior is
occurring on your network.
• Administrators should have full visibility into what users are
accessing from any device—whether company or
employee‐owned.
• Logging and monitoring tools should integrate with
network resource usage data such as Network Address
Translation (NAT) to get the full picture of BYOD traffic to
aid in compliance reporting.
• Reporting tools should have the ability to distinguish
between business‐oriented access and personal access for
recreational, gaming or other non‐company related activity.
24.
25. G-One Network Is Better than Two Or three
or more • Wired, wireless and guest networks are often independent of
each other.
• The need for each arose at different times to serve different
functions, so it's not surprising they ended up as autonomous
and often unaware of each other.
• Today, however, multiple networks typically entail multiple
management platforms with varying guest access applications
and are often driven by different directories.
• A unified wired, wireless and guest network infrastructure
reduces risk by utilizing a single policy in a unified manner
and, more importantly, offering a single pane of glass
management platform that enables visibility into wired,
wireless, BYOD and company‐owned devices as well as the
applications they are utilizing.
26.
27. H-Don't Let Rogue Apps in the Door
• Application marketplaces can present one of the bigger
challenges to security.
• Although authorized marketplaces from Apple, Google, and
Amazon are fairly safe, any phone or tablet with a QR code
reader can download a potentially dangerous application in a
heartbeat.
• Some vendors, like Apple, are more stringent than others in
policing applications offered in its marketplace, whereas,
others notably Google Android, are a bit more lax.
• And unfortunately, many applications for virtually every
device are little more than candy wrappers for malware.
• For several organizations, setting up their own application
marketplace represents the easiest way of ensuring that only
blessed applications end up on employee devices.
28.
29.
30. Conclusion
• It's clear that BYOD is here to stay. The economics it
offers are just too hard to beat and workers would
revolt if employers canceled BYOD programs.
• However, the security challenges of BYOD can easily be
mitigated by applying and enforcing policies, utilizing a
mobile device management solution to containerize
company apps and data, deploying a unifying network
infrastructure and utilizing the latest generation of
security platform and applications designed with
mobility and user‐owned devices in mind.