Getting the BYOD basics right

As more and more organisations open their workplaces up to BYOD, how do IT managers strike a balance between security and freedom?

BYOD may be the next big trend in business technology, but the concerns it raises for IT managers are actually nothing new. In fact, IT professionals already have significant experience in dealing with the security and resource management challenges posed by rogue devices entering their technology environments. As more and more organisations open their workplaces up to BYOD, they’ll need to implement Mobile Device Management (or MDM) strategies that strike a balance between security and freedom for their co-workers and the C-suite. And while the idea of a comprehensive MDM strategy may seem dauntingly complex for most IT managers, they may find themselves already familiar with many of the fundamentals to effectively enabling BYOD – including basic logging, tracking, and analysis regimens – once they look past mobility’s current hype.

Nothing new under the sun

Mobile devices are now so prevalent that almost all businesses now recognise the need for some sort of BYOD policy. By the end of 2012, Australia had 7 million more mobile phones than people, according to the Budde Report. A study by AIMIA at around the same time found that almost a third of Australians use their smartphones for work as much (or even more) than for personal reasons – almost double the number who did so the year before.  Most organisations now realise that a mobility strategy which enables BYOD is no longer optional: it’s what employees expect of them.

What’s not so clear for many organisations is how to go about building that sort of strategy, particularly on the technical side of things. For IT managers, pressure to rapidly roll out an MDM strategy is only going to increase – often dramatically so – over the next few years. In many cases, employees are already bringing their own smartphones and tablets into the workplace, raising the potential for security and compliance breaches in multiple parts of the organisation. The scope and potential consequences of these risks are entirely unprecedented for IT.

Or are they? For years, IT managers have had to deal with the threat of rogue or uninvited devices compromising their systems and network architecture. Take faulty network hubs that end up shutting down entire switches, rogue access points or servers, compromised USB memory sticks: while the hardware in question may be different, the fundamental issue is the same as what IT managers now face with BYOD and MDM. Organisations need enough visibility to monitor, analyse, and identify threats to their IT infrastructure, regardless of where those threats might originate from.

A simpler approach to MDM

When devising an MDM strategy, IT managers should start with three familiar fundamentals: assessment, analysis, and active response. By applying a basic approach to logging, tracking and monitoring device usage, IT professionals will be able to maintain the same level of vigilance which they’d apply to any other device in the organisation, without becoming overwhelmed by the ostensible complexity of mobility’s multiple facets. While they may require specialist expertise in mobility further down the track – particularly in dealing with different OS types and implementation of mobile-specific functions like secure containers – IT managers can still use their existing competencies to give their MDM strategies a strong start.

First of all, an MDM strategy needs to assess what devices are already on the network and where they’re connecting to. IT professionals should consider deploying user device tracking or switch port monitoring software across their infrastructure: doing so will let them see which devices and users are connecting where and when, as well as alerting them to potential capacity issues for the switches which underpin any corporate network. They should supplement these tools with some sort of Log and Event Manager (LEM) which can track all activity across the network. In the event of a breach, staff can cross-reference their tracking and logging results to identify what device or user activity caused the problem, and how.

IT managers should then focus on analysing the impact of employee-owned devices on their IT infrastructure, particularly their network capacity. In many cases, they can do so with the network management tools that are already in place: SolarWinds NetFlow Traffic Analyzer, for example, allows our customers to monitor bandwidth and network utilisation across a range of device types (both mobile and fixed) in real time. Analysing resource use and user habits will reveal whether BYOD is the big security and bandwidth concern that it’s often assumed to be: in some cases, IT managers will discover that there are other, greater sources of inefficiency or security risk to be targeted in their infrastructure.

Finally, IT managers must consider how to actively respond to the inevitable threats that occur from greater workplace mobilisation. In many cases, standard responses will still be effective: closing off unnecessary ports, for example, or storing sensitive data in separate partitions from general information. Often, employees will be unaware of the impact their mobile device habits might be having on the network or systems: a quick conversation about why their behaviour might be making things harder for IT may be the simplest fix.

The best IT managers already conduct assessments, analysis and active response throughout their technological infrastructure, and have done so for many years. While MDM and BYOD bring new layers of complexity to securing the organisation, the fundamentals of best-practice IT – keeping thorough records, comprehensive monitoring, and simple frameworks for response – remain the same. IT managers need to look past the hype of mobility and stick to these fundamentals when putting together an MDM strategy. 

Chris LaPoint is the vice president of product management of SolarWinds