Meanwhile, today’s security teams are grappling with the “any-to-any problem”: how to secure any user, on any device,located anywhere, accessing any application or resource. The BYOD trend only complicates these efforts. It’s difficultto manage all of these types of equipment, especially with a limited IT budget. In a BYOD environment, the CISO needs to be especially certain that the data room is tightly controlled.
-- Cisco 2014 Annual Security Report
A while back I was chatting with my colleague about BYOD (Bring Your Own Device) at lunch. I stated that we would need to pay more attention to the BYOD, as it had started to put more stress to our policy, network, and security. My colleague rolled his eyes and said the BYOD was nothing new; people had been bringing laptops to the company's network FOR YEARS.
The next morning, as soon as I saw him, I told him that the BYOD situation was different nowadays. I said that back in the old days, only certain persons brought ONE laptop PER PERSON to our network, but now EVERY person easily would have multiple devices to bring in. I counted mine: a Blackberry, an iPhone, an iPad, and a MacBook Pro. That colleague had the same number of devices, but lucky he left his iPad home for his son, so he brought in one less that day.
Many organizations has found that the wireless subnets that were designed a couple years ago always ran out of IP addresses; they have to constantly expand the wireless network scope. Not only the sudden increase of the number of devices in the network troubles the organizations, but also the organizations realize that they have to face the challenge, the complexity, of securing the network and their valuable data from the mobile devices. The traditional NAC doesn't seem to be able to handle this new trend. MDM comes into the picture, but is it mature enough?
According to the data of the mobile OS market share, Android currently dominates the market, followed by iOS. The problem is that a large percentage of Android devices still uses outdated releases. These devices are subject to security vulnerabilities. The information security of many organizations are solid and well-protected from outside but really weak from inside. Now more and more vulnerable devices are brought directly to the inside network. I'm sure you get the picture.
Does your organization face the same challenge? How does your organization protect itself from the BYOD? By both policy and MDM? Do you think the current MDM solutions are good enough?
I am looking forward to reading your stories and comments.