Until recently when we thought of computing devices, we usually thought of PCs and laptops. Today, with tablets and smart phones selling in the millions on opening weekend, we have a very different picture of what a computing device is.
If you’re not familiar with it, BYOD (Bring Your Own Device) is the idea of using a consumer computing device (such as an iPad or Surface RT tablet) to get work done, either in the office, at home, or on the road. Most of these devices were not designed to “get work done”, but instead to consume content (ex: checking email, reading news websites/apps, etc.). These devices are not managed, and may not have even the most basic security features enabled. This can spell disaster for any corporate network.
Let’s say an employee is using an Android tablet, infected with a virus, to make some changes to an Excel spreadsheet over the weekend. When the employee connects that tablet to the wireless company network on Monday morning, he/she could potentially not just spread the virus to other users, but also infect the servers hosting those users.
Here’s another example. An executive downloads several reports and documents (containing sensitive client information) to an un-managed tablet. If the tablet is lost or stolen, there is no way to ensure the information is secure.
These are just two examples, but if you think about it, I’m sure you can come up with dozens more pertaining to your corporate environment. When thinking about IT security we must plan for the worst possible scenario and expect the unexpected.
Remote Desktop Services (also known as Terminal Services) has been around for a very long time. The concept is that an end-user connects to a desktop on a server. In this scenario all applications and data are actually stored on the server and not on the end-user’s device. The only things that are passed between the end-user’s device and the remote desktop server are screen changes and keystrokes. By the way this can almost always be highly encrypted to help ensure security when connecting from insecure locations (such as public WiFi hotspots).
Microsoft Intune to manage devices
Microsoft Windows Intune is a cloud based central management solution for small businesses. It allows for centralized management of clients by utilizing: remote control, anti-virus, patch management, and even software deployment. This monthly subscription even comes with a license to upgrade all workstations to Windows Enterprise client. The latest iteration of Intune also gives us the ability to manage certain mobile devices, including the ability to remotely wipe the devices if lost.
GFI VIPRE Business Premium 6 Now Supporting iOS and Android
GFI’s VIPRE Business Antivirus 6 Premium was released within the past month. This new version of this enterprise class anti-malware software now provides protection for iOS and Android devices. Not only can you ensure these devices are clean from infection, but if lost can also be wiped from the central console. There are also some other neat features such as the ability to view a map of the last known location of the device, and sound an alarm to find it if misplaced.
Office 365 remote wipe
The latest version of VIPRE offers some pretty nice protection for iOS and Android users, but what if you’re using Windows Phone 7.x? Well, if you happen to be using Office 365 for your corporate email, then you automatically have support to remotely wipe any Windows Phone connected to an end-user’s Exchange Online account. When used it completely wipes all memory on the phone and sets it back to an “Out of Box” experience. I have personally used this feature a couple of times and can vouch for its effectiveness.
Keep data in the Cloud Instead of on your device
Once you have protected your consumer computing devices from malware, you now have to worry about the security of your corporate data. What happens if the device is lost or stolen. We already talked about remotely wiping the device using Office 365 and VIPRE Business, but what if a thief disables the communications for the stolen device? Now they have access to the devices’ memory by using a simple USB cable. An easy solution to this is to not store the data on the device in the first place. Services such as SkyDrive and SharePoint Online (also part of Office 365 or separately) allow data to be stored in the cloud, and only downloaded when needed for editing. When done editing, the changes are synced back to the cloud.
If you’re not familiar with it, SkyDrive Pro is the corporate version of SkyDrive, but includes central management for users and folders, and is based on the same technology as SharePoint Online.
No matter which methods you use to secure your BYOD devices, it is always suggested to encrypt the device or drive whenever possible.