While employees love BYOD and having just one familiar device to manage their work and personal lives, IT departments must adapt their systems management strategy to keep up with the changing nature of these and other new devices to reduce the potential for data breaches.
Smartphones and tablets typically have different capabilities, operating systems and management interfaces than PCs and laptops. This—along with the addition of the assortment of new smart devices, sensors and objects connecting to networks—has created a completely different management landscape, one that we’ve started referring to as “any point systems management.” The challenge is that as all these “points” continue to increase the amount of data moving across the network, IT departments relying on multiple, isolated systems management solutions—network, firewalls, traditional endpoints, mobile devices, smart devices, etc.—won’t be able to identify all the potential threats, let alone prevent them.
As you assess the capabilities needed to overcome the challenges, these four best practices should inform your decisions.
1. Insist on centralized, consolidated visibility
You need a complete understanding of what’s on your network, how each device is configured and how it interacts with your environment. This information must be available through a single console to enable effective correlation and ensure timely alerting.
2. Create a plan and develop policies
Use your visibility to inform your policies. For example, if you discover that nearly all users have either Apple or Android devices, your organization can decide on the appropriate policy: support only those two types of devices or remain open to other possible phones and tablets. Or perhaps you detect that the latest release of an OS you support is causing problems for the network. Then can create a policy that users can’t upgrade to the new OS until the vendor fixes the problem. Ensure your policies account for what business users really need for their jobs. Frustrated users do whatever they can to circumvent overly restrictive policies.
3. Deploy technology to enforce the policies
If you have disallowed an OS, automatically prevent devices with that OS from accessing the network. If a device has an old version of virus software, you should be able to automatically update the application. As the number of devices continues to skyrocket, you can’t rely on manual processes. Your staff will never scale along with BYOD and the Internet of Things!
4. Keep employees informed
With BYOD—even with strong policy enforcement capabilities—you rely on employees to do the right thing. Making it easier for them to do the right thing by having fair and sensible policies and easy-to-use, self-service capabilities (e.g., to update virus software and device drivers) is key, as is education on the dangers to employee devices, data and the organization of doing the wrong thing.
Technologies from multiple vendors exist to help implement these best practices, and the time to enhance your “any point systems management” capabilities is now—before diversity and complexity lead to major and exploitable security gaps.