Even if you aren’t, chances are your users, especially your executive users, are. Users want to be highly productive with the least effort possible on their part. They want to use the fastest, easiest, most familiar and comfortable device to do their work. They also like the convenience of one device for both their business and personal activities at their fingertips.
As is usually the case, security and ease-of-use are diametrically opposed. IT typically would prefer complete control and ownership over all client endpoints, due to the greater control that can be exercised. Admin rights can be disabled and the client endpoint can be controlled to a certain degree, such as having only approved applications installed. Even the hardware can be restricted to a particular footprint, making it easier for IT to control and secure.
But IT control is what BYOD proponents are rebelling against. They want freedom of choice in their hardware, OS, apps; freedom to install whatever they like, whenever they like.
As if this were not a sad enough state of affairs for IT security, BYOD can also greatly increase the number of devices accessing the network. Instead of one desktop, with BYOD a single user might have a desktop, laptop, tablet and smart phone. Attack surface gone wild! Plus, the smaller the device is physically, the more likely it is to be lost, stolen, or left in a bar under a cocktail napkin.
What’s an IT pro to do? Well, first you can establish situational awareness of “trusted” client endpoints. Ziften provides a minimalist, driverless agent that can provide visibility into the user activity, applications, versions, and security / compliance software actually running on the endpoint. Then you can restrict by enforceable policy what enterprise network, application and data interaction can be done on all other (“untrusted”) devices.
Even trted client endpoints will invariably have security issues develop, such as versions of applications that are vulnerable to attack, potentially harmful processes and disabling of endpoint security measures. The difference is, with the Ziften agent you will be made aware of these problems and corrective actions can be taken with your existing system management tools.
Users will need to accept this reality: devices that are too risky and untrusted should not be used to access enterprise networks, apps and data. Client endpoints and users are the source of most exploit vectors. Current technology provides no magic that will make it possible to access critical corporate assets with an out-of-control device.