What Is Bring Your
Own Device (BYOD)?

The BYOD concept is gaining popularity. Market experts state the fact that companies cannot avert personnel from using their own devices in the workplace, which is confirmed by many surveys and studies. The research is based on the pros of using this concept, such as growing performance, as well as workers' morale, and the creation of a flexible and attractive employer image.

Want to have an in-depth understanding of all modern aspects of Bring Your Own Device (BYOD) Security? Read carefully this article and bookmark it to get back later, we regularly update this page.

Many believe that BYOD can be an indicator for recruiting new employees, as almost half of job seekers look at the organization more positively if it adheres to this strategy. An increasing number of modern job seekers are choosing their own phones, tablets, and PCs for work purposes, creating additional headaches for digital security professionals. Many companies which utilize personal smart gadgets for work tasks are forced to introduce the Bring Your Own Device (BYOD) security policy.

The fast dissemination of the BYOD security strategy, the use of personal devices for work purposes in all sectors of the economy significantly accelerates the pace of mobilization of business processes. However, on the other hand, the question of information security arises. BYOD security, opening up opportunities to increase productivity and increase employee satisfaction with the company's IT infrastructure, has created a number of difficulties associated with protecting the enterprise network, as well as storing and transmitting the information.

This leads to the need for new methods and approaches to solve these problems. Today, in this regard, many companies are faced with the need to find a balance between employee mobility and business information security. This poses a number of new challenges for companies related to the efficiency of managing personal devices and ensuring the safety of their use.

Committing to BYOD
Security Efficiency

The most effective solution to ensure data security for BYOD devices is to provide access to the company's information assets using the remote connection of BYOD devices via terminal sessions to virtual Windows environments, which, in turn, are protected by a DLP system operating on the host, which ensures the prevention of uncontrolled data leaks from the host. Such Bring Your Own Device (BYOD) security method is called Virtual Data Leak Prevention (vDLP). Virtual DLP technology offers controlled remote access to corporate data, as opposed to local storage on BYOD devices in the MDM approach.

Virtual DLP consists of performing key security tasks:

• Safe data processing.
  When connecting to the corporate portal via a secure session, employees do not use applications for local data processing on the BYOD device, or the ability to use data is blocked at the context level. Thus, it is guaranteed that the corporate data of the company will not be spread beyond the controlled device.
• Safe storage of data.
  Protected corporate data can only be accessed in a virtual environment and, in the event of editing or other changes, can be saved only on the server or printed on printers on the corporate network.
• Data transfer control.
  DLP-system, operating in a virtual Windows environment, provides content filtering of the contents of files and data passing through communication channels, and contextual control of e-mail, Web sites, instant messengers, removable media, file resources and other channels.

While MDM systems play a significant role in securing a BYOD strategy, it should be re-emphasized that they do not serve the purpose of preventing data loss. A comprehensive and optimal Bring Your Own Device (BYOD) security strategy can be summarized as follows:

1. MDM systems are comprehensively used to control local applications on devices, remotely destroy data, provide reliable password protection for the device and encrypt data, etc.;
2. App - an application for remotely connecting a mobile device via the Internet to a virtual environment (for example, Citrix Receiver);
3. VPN - secure tunnel; a virtual Windows working environment (VM), in which applications and data necessary for operation are published and available;
4. DLP is a data loss prevention system that is integrated into the Windows virtual desktop environment and provides control over the data transmission channels available in this virtual environment to prevent data leaks from a BYOD device.

Thus, information security services can fully control the exchange of data between the corporate environment and a personal device, as well as peripheral devices, which is especially important, given that all these data transmission channels outside corporate boundaries become insecure and should be considered a threat.

Is the Bring Your Own
Device (BYOD) Approach Safe?

The security requirements include rules, practices, and governance policies to help companies manage employees' devices and ensure network security. Many different BYOD strategies have been proposed to the market to solve a number of BYOD security problems, but due to false marketing noise generated by competing manufacturers, many BYOD strategies existing on the market are not so effective.

Mobile Device Management (MDM), part of BYOD security, allows a company to remotely manage multiple mobile devices, no matter if they belong to either company or workers. Such management typically includes updating security policies remotely without connection to the organization network, distributing apps and information, and managing configuration to ensure that all gadgets have the necessary resources.

Some MDM solutions have a built-in ability to self-destruct all applications and info from an employee's device in case of a malicious unallowed removal of an MDM application from it. However, until BYOD devices become fully independent operating systems that are segmented at the physical level, the limitations of MDM solutions to manage the outbound data flows on devices will remain a fundamental problem, which MDM vendors diligently avoid discussing.

Many MDM providers claim that their solutions provide full protection against data leaks due to the presence of encryption and data destruction functions on the device. Yes, the strengths of MDM systems are the features such as strong password security of the device, encryption of on-board memory cards, or containerization of application data, controlled destruction of data from a smartphone or PC if a loss or theft occurred. However, in practice, at least the ability of remote data destruction can be realized solely when the gadget appears on the network and is detected by the controlling center of the MDM.

In reality, the very practice of storing data on BYOD devices creates a risk of data leakage, regardless of the presence of an MDM system agent on the device. Restricted data can simply be sent directly from the device over network links or to plug-in external printing and storage devices. Another problem associated with this myth is backing up company-owned data. If new documents and data are created on a personal device, the organization has to rely on the conscientiousness and honesty of the employee, hoping that he will take care of creating backups on his own or will timely synchronize the device with a working computer in the office.

How to Ensure Bring Your
Own Device (BYOD) Security

The BYOD security problem can be solved if there is a clear IT policy of the company, which spells out detailed security requirements for each type of staff member device that is used in the workplace and connected to the corporate network. For example, certain connections are possible only with a password, certain types of applications that can be installed on the device are prohibited, or all data transmitted through a personal device is encrypted. Also, BYOD security policy may include restricting the actions that workers can perform on their gadgets at work.

However, it is worth considering Bring Your Own Device (BYOD) security not as a separate direction in protecting devices and data used by the company’s staff, but as an integral element of comprehensive protection of your entire information system, where any weak point can make the entire system vulnerable. Therefore, we recommend using the consolidated approach to securing your information system using machine learning to significantly reduce costs and simplify cybersecurity.

BYOD security ideas:

1. Define protection priorities by illuminating the attack surface with Immuniweb Discovery, which makes an inventory or all your information assets, conducts security ratings, Dark Web monitoring, and checks for compliance with international data security standards.
2. Perform manual AI-driven mobile application penetration testing or web application penetration testing.
3. Ensure steady security monitoring and compliance through continuous penetration testing of your information system.

There is no universal tool that can eliminate all problems at the same time. The key to a successful Bring Your Own Device (BYOD) security can be a system approach concentrated on the use of effective practices in the field of information security technologies, security solutions for network infrastructure, and client software that support modern mobile technologies.

Additional Resources

• Learn more about AI-enabled Attack Surface Management with ImmuniWeb® Discovery
• Learn more about AI-enabled Application Penetration Testing with ImmuniWeb
• Learn more about ImmuniWeb Partner Program opportunities
• Follow ImmuniWeb on Twitter and LinkedIn