Citrix Chief Security Strategist: BYOD Calls for Network Rethink

Since it’s called BYOD, bring your own device, you might think it’s all about, well, the device. Think again. The impact of BYOD on corporate networks and data security is profound. For a thorough, yet succinct exploration of this topic, take a look at this Executive Viewpoint with Kurt Roemer, Chief Security Strategist, Citrix.

Here’s the gist: When BYOD emerged onto the scene about seven years ago as employees started bringing their iPhones, iPads and Android devices to work, a shoe was thrown into the works of enterprise governance. By not using enterprise networks, those users bypassed the security architecture put in place by IT – a security architecture that had taken years to get right.

Instead of relying on a solid, proven architecture, it is now necessary to assume that the devices, applications and networks of BYOD users are under attack and must be constantly verified. Roemer’s recommendations:

• Encrypt all application and network traffic.
• Use mutual authentication — require client-side certificates for administrators and sensitive applications.
• Use two-factor authentication where appropriate.
• Put strong logging and audit policies in place.

Well and good, but what about the user experience? Superior ease of use and greater functionality are why those devices showed up in the first place. To make the experience seamless, the security technologies should be automated. For example, a micro-VPN should kick in when a person picks up a device and launches an application.

“That way they’re only going to the servers they should and to the applications they should. The data is protected without any additional user intervention or device configuration. And everything is fully logged for information governance and regulatory compliance,” says Roemer.

With the Citrix mobile workspace solution, when a user opens up a mail or Web app, the solution initiates a microVPN on the mobile device, enabling the user to access corporate network sites or resources. Check out this link for more on MicroVPNs.

What happens on the server is part of it also. “Mobile back-ends must have security as part of the profile, specifying the application security, the network security and security for critical services like DNS to be automatically configured,” Roemer says. Meanwhile, on the mobile devices, containerization keeps local data safe and interfaces with the enterprise network for authentication, single sign-on, encryption management and telemetry.

There’s a lot to it. But automation ensures the user a secure, seamless and above all, productive experience. It’s a comprehensive architecture for BYOD in which the network, as it should, plays a central role.