Minimize the Impact of BYOD and Improve Security

When today’s hacker and identity theft threats combine with the new challenges presented by the trend of ‘bring your own device’ (BYOD), companies must take decisive action to deliver secure, flexible and convenient authentication to employees and their devices alike.

Follow these 5 critical steps organisations can take to minimise the impact of BYOD and manage devices in a secure way.

Secure Access to Data

Today, users obtain access to their PIM data by simply entering their email address and their Windows password on their mobile device. Based on the settings of the Exchange Server, the device will either be automatically approved and the data synchronisation will begin or the device will be quarantined until manually approved by the administrator.

The automatic approval process presents a security vulnerability because the users are poorly authenticated only by their username and password (single-factor authentication). Alternatively, manual approval by the administrator presents the problem, especially in larger companies, of the system administrator knowing whether to approve a quarantined device or not. How does he/she distinguish between a valid user device and a hacker?

To authenticate the identity of the user requesting remote access to company systems and data, take the following steps:

Ensure authentication of the users accessing data.

If data is synchronised:

– Ensure that the device is authenticated.

– Link the device to a named user.

– Encrypt the transport of data.

If access is granted to centralised systems, the user must be authenticated.

Strive for Device Independency

If a company’s authentication policy is dependent on what specific device is being used to access company systems or data, then that strategy loses effectiveness. Therefore, it is imperative to make an authentication strategy as independent as possible, including independence from devices. By removing dependence on anything device-related from the authentication discussion, the strategy is centered entirely on controllable factors. This allows companies to permit access to services via server-side processes that authenticate the user regardless of the device.

Use Virtualisation to Minimise the Security Risk

The safest way to access centralised systems and/or data that is not meant to be synchronised is to use a virtualisation solution. No data is transferred to the device and no application accessing data is executed on the device except the application granting access to the virtualised environment. It is critical to always ensure the identity of the user.

Streamline Access with Multi-Factor Authentication

IT administrators should ensure that each new upgrade or addition affects access to critical programs as little as possible.

Advancements in remote access enable more and more employees to work from any location. The IT department is responsible for facilitating the ability of the remote workforce to perform its functions from outside the office environment, which means its authentication strategy must make it as easy as possible to safely access business applications from anywhere, at any time.

Using modern multi-factor authentication, administrators can adapt the level of security needed using contextual information, such as login behaviour patterns, geo-location, and type of login system being accessed. This allows end users the needed security with greater ease of use while working off-premise.

Embrace Context Intelligence

Most authentication solutions are simply based on two factors: something you know (a password) and something you have (a one-time passcode). However, looking at multiple factors surrounding each particular login, (ex: geo-location, network IP, type of system being accessed, time of login, etc.) can provide added security. All of these factors add context that helps determine the level of trust and whether the user should be authenticated or blocked.