Failing to properly manage BYOD in the enterprise poses a big risk, according to NETSCOUT.
As Bring Your Own Device policies become more pervasive, they bring a number of challenges for organisations, the company says.
“Doing nothing is not an option, because the problems caused by any failure to lead and manage BYOD pose too big a risk,” says Amit Rao, director – APAC channels, NETSCOUT.
“Further, the growth of shadow IT can lead to financial penalties in today’s highly-regulated world if sensitive data is lost, stolen or shared insecurely with unauthorised people,” he adds.
Meanwhile, Rao says the risks of service disruption due to malicious activity are high.
“Reacting passively to internal security issues, including those posed by BYOD, is not an option for IT professionals, especially when there is a risk of BYOD making cyber attacks on the organisation easier,” he says.
“Business is all about trust, but trust is about more than just policy and good management; it’s also about having the technology in place to ensure that data is secure.”
How organisations can put themselves back in the driving seat of user-driven digital transformation, according to NETSCOUT:
1. High-speed Wi-Fi. Mobile devices themselves are only part of the BYOD challenge. The trend towards Wi-Fi-only access can only grow, now that the 802.11ac high-speed networking standard offers multi-station connectivity at data transfer speeds of up to 1Gb per second. But faster access and throughput also means the risk of faster and more extensive data breaches, if organisations fail to consider the full security implications of unmonitored Wi-Fi access via BYOD.
2. New work cultures. Most organisations would be foolish to stand in the way of staff wanting to use their own devices for work, not least because of the incoming generation of young millennial employees. IT professionals need to support the business if they want to progress in their own careers, and capitalising on young people’s skills, knowledge, and commitment is far more important to the business than pushing them towards an increasingly outmoded desktop IT model. At the same time, constantly upgrading to the latest mobiles would place an intolerable burden on most organisations’ finances. BYOD is the pragmatic solution in many cases.
3. Management and policy. In most organisations the role of IT leadership has already changed towards playing a more supportive and enabling role in the business: the IT function as business enabler, not technology purchaser. In a world of collaborative tools and cloud-based platforms and services, the IT department’s focus is shifting towards policy, service management, compliance, and security all made possible by standards-driven technologies. Standards are important, as in a device and platform-agnostic world, data needs to remain readable and accessible to authorised users, regardless of which device they use. IT professionals should see BYOD simply as an extension of digital transformation in the workplace.
4. Network stresses. Network performance can be the most obvious impact of BYOD. The speed of change means that the device that an employee uses today may not be the device they use tomorrow, which means engineers are hitting a moving target in terms of network performance. In that environment, taking an holistic, forward-looking view is the only realistic option. After all, IT teams and network engineers need to maintain network performance, speed, reliability, and uptime for all, and not just for those employees who want to use their own devices. IT teams’ culture of ‘making do today’ needs to be replaced with one of planning for tomorrow by stress-testing the network for the future demands of next-generation devices.
5. Network surges. There are stresses and strains on all networks at peak times of the day and throughout the business cycle, which may put an unwanted drag on network performance. If IT professionals can monitor the network for surges, for example, in the middle of the night, which might suggest a hacking attack, then security and performance can be properly managed and maintained, whatever the load on the network.
6. The internal security challenge. There are two sides to the on-premise security challenge. The first is what happens when the IT team helps visitors log on to the network as guests. This means ensuring that they’re logged out again afterwards, without access credentials being stored on their devices. Meanwhile, open guest access via a second insecure WLAN may mean that data flowing to and from the user’s device can be intercepted, something that network administrators may never spot without a network monitoring tool.
7. Bring Your Own Cloud (BYOC). A related threat is the ad hoc use of public cloud storage and collaboration platforms, such as Box and Dropbox, particularly when users are mixing and matching their own cloud solutions.
8. ‘Bad actors’. Mobile devices are often lost or stolen, and employees will often move on to other jobs. In either case, there is a real risk that sensitive data may still be lurking on devices or in personal cloud accounts. It’s essential that a mechanism exists for revoking access privileges.
9. Device-level management. Highly-distributed organisations want to standardise their IT, along with the experience of using it, across all of their local branches. On a day-to-day practical level, however, most companies can ill afford to put skilled WLAN specialists in every branch or office, which makes remote network monitoring and management all the more important, as well as remote management of the devices themselves. This is especially challenging in the case of BYOD, since most consumer devices lack proper diagnostic interfaces.
10. Inventory management. IT departments are responsible for making sure that all corporate software is properly licensed and up to date. In the cloud-enabled world, rolling updates take care of more of this process than in the recent past. However, it’s a lot more difficult in the BYOD environment, due to the lack of homogeneity in users’ operating systems and apps, especially when corporate applications have been installed on employees’ own devices.
“Legacy network management systems just don’t cut it in the world of BYOD, and neither do the plethora of vendor-specific tools that may come with some enterprise applications,” Rao says.
“It’s all about identifying problems proactively rather than chasing down problems once they have occurred,” he explains.
“When this happens, BYOD can truly be an asset to the organisation, not a brake on network performance and security.”