By Ankur Chadda
Editor's Note: Occasionally, Enterprise Networking Planet is proud to run guest posts from authors in the field. Today, Ankur Chadda of network test and measurement vendor Spirent Communications discusses ways to patch the security holes and address the vulnerabilities created by BYOD.
BYOD is here to stay, with Forrester Research predicting that by 2016, 350 million employees will use smartphones to conduct work, and 200 million will bring their own devices to the workplace. Gartner, meanwhile, predicts that "over 30% of BYOD strategies will leverage personal applications, data and social connections, for enterprise purposes."
Despite BYOD's growing presence within the enterprise, however, organizations often fail to actively test for security holes created by BYOD. These risks are at best neglected and at worst completely overlooked, with no procedures in place to identify and then manage such vulnerabilities. Organizations must implement the right protocols for usage and security to satisfy the needs of their employees while safeguarding corporate data. Luckily, following some simple best practices will shore up network protection while allowing employees the flexibility to get work done in a variety of environments.
Key BYOD security challenges
Malware-ridden spam emails and phishing scams have moved from the desktop to the mobile world, creating a significant threat to mobile device users. Cybercriminals see BYOD as a market opportunity, since mobile endpoints are often less protected than corporate desktops, for which there is a plethora of well-designed and tested security products. Once they are able to access a compromised device, hackers can grab any sensitive corporate data on a victim’s personal phone or tablet or that can be accessed via the device.
The need for many staff members to always be connected to applications and email creates corresponding risks to—and strain on— the network, too. The myriad applications on users' devices raises the risk of malware, especially when it comes to applications available through unofficial outlets. IT departments are often tempted to combat these risks by publishing lists of approved apps, but in the BYOD environment, this is simply unrealistic. Many people have dozens of apps on their phone, from video poker games to event ticket brokerages and golf GPS rangefinders; generally, employees will simply ignore a command to limit which applications they can use on their own devices. And some users will utilize non-work applications on the corporate network, which can slow down performance considerably for more legitimate uses and compromise the network's security.
Testing to validate network performance and security for BYOD
Widespread adoption of BYOD can tax networks by increasing the sheer volume of users that are accessing systems and specific applications at any given time. Testing should be used to validate the ability of the various network security components to handle realistic traffic at high scale. Sending millions of users’ worth of traffic running various types of applications is the best way to mimic real-world conditions.
Malware, spam, DDoS and robustness against fuzz testing should all be a part of a firm’s security testing, too, as should tools to verify that the latest applications and protocols can be detected and that applications can be properly controlled through whitelisting. New applications are offered and adopted every day, so full BYOD security coverage demands the ability to detect the very latest apps and protocols.
Sophisticated testing with complete visibility and continuous monitoring is needed to pinpoint the risks of BYOD environments. Test solutions should be able to produce configurable and repeatable test scenarios, pull from an up-to-date set of known attacks, and stress the network at a very large scale.
Balancing performance and security in a BYOD environment
Companies should come to grips with BYOD not by focusing on controlling the devices, but by managing and securing their own information. Cell phones and tablets will often be lost or targets for thievery. Individuals will continue to install dubious applications or be tricked by elaborate phishing schemes. Employee will always find workarounds to get through any new BYOD policy. Companies should prepare for this inevitability by using the right tools to handle bandwidth demands, stand up to attacks, manage the risks of unknown apps, protect data while there are open connections to unsecured networks, and fundamentally protect the company from its own BYOD-loving employees.
BYOD policies should be as lenient as possible to allow people to work productively while safeguarding data. Liberal BYOD policies are especially important for the younger generation, whose members are deeply attached to their devices, seeing them as extensions of their personality. IT should embrace BYOD as a productivity driver and look to the latest sophisticated tools, such as real-world network testing, to ensure security measures are rock solid.
Ankur Chadda is a product marketing manager at Spirent Communications, the leader in network test and measurement covering the security and applications market.