Written By Dr Al Hartmann And Presented By Chuck Leaver Ziften CEO
If you are not curious about BYOD then your users, especially your executive users, most likely will be. Being the most efficient with the least effort is exactly what users want. Utilizing the simplest, fastest, most familiar and comfortable device to do their work is the primary objective. Also the convenience of using one device for both their work and personal activities is desired.
The issue is that security and ease-of-use are diametrically opposed. The IT department would normally prefer total ownership and control over all client endpoints. IT can disable admin rights and the client endpoint can be managed to a degree, such as just authorized applications being installed. Even the hardware can be limited to a specific footprint, making it easier for IT to protect and manage.
However the control of their devices is exactly what BYOD advocates are fighting against. They wish to pick their hardware, apps and OS, and also have the flexibility to install anything they like, whenever they like.
This is tough enough for the IT security team, however BYOD can also considerably increase the quantity of devices accessing the network. Instead of a single desktop, with BYOD a user might have a desktop, laptop, mobile phone and tablet. This is an attack surface gone wild! Then there is the issue with smaller sized devices being lost or stolen or perhaps left in a bar under a cocktail napkin.
So exactly what do IT experts do about this? The first thing to do is to establish situational awareness of “trusted” client endpoints. With its minimalist and driverless agent, Ziften can offer visibility into the applications, versions, user activity and security/ compliance software which is really running on the endpoint. You can then restrict by enforceable policy what application, business network and data interaction can be carried out on all other (“untrusted”) devices.
Client endpoints will usually have security problems develop, for example versions of applications that are susceptible to attack, possibly harmful processes and disabling of endpoint security measures. With the Ziften agent you will be informed of these issues and you can then take restorative action with your existing system management tools.
Your users have to accept the truth that devices that are untrusted and too risky must not be used to gain access to organization networks, data and apps. Client endpoints and users are the source of a lot of harmful exploits. There is no magic with current technology that will make it possible to gain access to critical business assets with a device which is out of control.