Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO
If you are not curious about BYOD then your users, specifically your executive users, probably will be. Being the most efficient with the least effort is exactly what users want. Using the most convenient, fastest, most familiar and comfortable device to do their work is the primary aim. Also the convenience of using one device for both their work and individual activities is preferred.
The problem is that security and ease-of-use are diametrically opposed. The IT department would typically prefer total ownership and control over all client endpoints. IT can disable admin rights and the client endpoint can be managed to a degree, such as only authorized applications being installed. Even the hardware can be restricted to a particular footprint, making it much easier for IT to secure and manage.
But the control of their devices is what BYOD supporters are fighting against. They want to pick their hardware, apps and OS, as well as have the flexibility to install anything they like, whenever they like.
This is hard enough for the IT security group, but BYOD can likewise considerably increase the amount of devices accessing the network. Instead of a single desktop, with BYOD a user may have a desktop, laptop computer, cell phone and tablet. This is an attack surface gone wild! Then there is the issue with smaller sized devices being lost or stolen or perhaps left in a bar under a cocktail napkin.
So what do IT specialists do about this? The first thing to do is to establish situational awareness of “trusted” client endpoints. With its minimalist and driverless agent, Ziften can provide visibility into the applications, versions, user activity and security/ compliance software which is in fact running on the endpoint. You can then restrict by enforceable policy what application, enterprise network and data interaction can be performed on all other (“untrusted”) devices.
Client endpoints will invariably have security problems develop, like versions of applications that are susceptible to attack, potentially hazardous procedures and disabling of endpoint security steps. With the Ziften agent you will be warned of these issues and you can then take corrective action with your existing system management tools.
Your users have to accept the reality that devices that are untrusted and too risky should not be utilized to gain access to organization networks, data and apps. Client endpoints and users are the source of the majority of destructive exploits. There is no magic with existing technology that will make it possible to access important business assets with a device which is out of control.