Article

Secure BYOD policies in the enterprise

Rorie Hood, Mobile security researcher
June, 2015
2 mins read

A device that has been compromised in some manner may lead to the compromise of the entire corporate infrastructure. Targeting and compromising an unmanaged and unpatched BYOD device in a coffee shop may prove easier and less time consuming than scanning and attacking the organizations external infrastructure in order to gain a foothold on the network.

BYOD devices will often not be subject to corporate security policies in the same way as company issued devices. This can result in devices running outdated software with known security vulnerabilities as the responsibility for maintaining the security of the devices is shifted from the organization to the device owners.

 

Mobile device management

One of the most effective methods of implementing and maintaining a secure BYOD policy is to require employees to register their device with a corporate Mobile Device Management (MDM) solution that provides access to the corporate network and internal services via network authentication.

 

This will allow the organization to enforce an MDM policy on the BYOD devices, while allowing the device access to specific corporate resources. MDM can often be configured to allow the user to un-enrol, should they no longer wish to participate in the BYOD program. A correctly configured MDM solution will remove any corporate data from the device upon unenrolment.

 

Summary

BYOD programs should always be implemented with caution. Appropriate steps should be taken in order to segregate BYOD devices from other devices on the network, especially those that hold sensitive data or perform critical operations.

 

The safest approach would be to provide the devices with an independent network that is separated from other devices in the corporate infrastructure. It is also advisable the BYOD devices are monitored in order to detect any threats to the network originating from unmanaged devices.

Sign up for the latest insights

We process the personal data you share with us in accordance with our Corporate Business Privacy Policy.

Accreditations & Certificates

F-Secure Consulting (F-Secure Cyber Security (Pty) Ltd) is a level 4 contributor to B-BBEE with a procurement recognition level of 100%. Learn more and download our B-BBEE certificate. Click here to read the press release.

Follow us
@fsecure_consult F-Secure-Consulting f-secure-foundry fsecurelabs