Defining & Enforcing BYOD Policy with Untangle
The rise of consumer mobile computing devices such as tablets and smartphones has lead to an increase in their use on private networks owned by businesses, schools, non-profit and government entities. Network administrators must balance the risks and rewards of allowing employee and visitor computing devices through their doors and onto their networks. Let’s take a look at some of the challenges associated with BYOD and how Untangle can help.
The BYOD revolution is being fueled by the flexibility and power of mobile computing. Suddenly, employees and students can be more productive – accessing email and apps anytime, anywhere – with a mobile device. This makes for a win-win situation, lowering organizational costs and increasing end user delight. It also allows greater choice in device type, whether users are simply more comfortable on iOS or Android; tablet, phablet or phone. Finally, it also theoretically cuts down on mobile device management (MDM) for organization-issued devices, relieving a time sink for IT.
The flip side of BYOD is hidden risks and their related costs which must be factored in to any evaluation of a BYOD program.
- Ability to bypass network policy rules that are only enforced on wired LANs.
- Inappropriate content being available onsite even if the device never meets the network.
- Once the device does meet the network, it brings all its vulnerabilities with it. Malicious apps and other malware may be present. Rootkits/jailbreaking can open doors.
- Productivity and bandwidth drains. Social media, gaming, video and other sites and apps can consume end user time as well as network resources.
- Data leakage and endpoint security issues. In the age of USB sticks, Dropbox and cloud backups, mobile devices are insecure endpoints with cloud connectivity. Devices may carry confidential and proprietary information, particularly after syncing with organizational email or other apps. A lost device can cause unlimited exposure.
- Mixing personal and private data. Sharing a device for personal and organizational use can blur the lines of demarcation. Some organizations with strict endpoint security may even choose partial or total remote wipes in the event of emergency, causing a loss of personal data.
- Tech support headaches. Where IT control ends, tech support headaches begin. Levels of help desk support for BYOD devices must be determined and communicated to end users.
The most important thing an organization can do is to develop and articulate a position around BYOD. Ignoring it won’t make it go away. Instead, bring together stakeholders from IT, legal, finance and compliance within an organization to weigh the pros and cons of BYOD within your specific context, then clearly define a policy. Evangelize it with end user education and communication – again and again.
The next piece of the puzzle it to figure out how to manage the point where BYOD devices meet your network. Untangle’s Captive Portal can help. Create a device-specific rack that’s more locked down than the rack you use for trusted, organization-owned LAN devices (that are hopefully audited and have client software protecting them).
- Captive pages can be displayed by operating system and/or device type.
- Show different captive portal pages to wireless and wired users.
- Only show a captive portal page if the user is not already known via some other method (like the Active Directory Login Script).
BYOD is here to stay. The worst policy is no policy at all. Starting where the device meets your network is a safe and sane strategy, but your organization will need to review its policies and evolve as technology and use cases evolve. Leading the discussion will get your organization into the BYOD mindset as it ascends the adoption curve.