Thinking BYoD? Make sure to protect the endpoints first

BYoD is helping organizations to cut costs and keep employees productive, but if devices are unmanaged, they represent a threat to the secure corporate perimeter. In this article, Dave Waterson, CEO at security specialist, SentryBay, explains why it’s time to adopt a zero-trust approach combined with real-time endpoint protection to secure the unified remote access cyber security stack.
BYoD is helping organizations to cut costs and keep employees productive, but if devices are unmanaged, they represent a threat to the secure corporate perimeter. In this article, Dave Waterson, CEO at security specialist, SentryBay, explains why it’s time to adopt a zero-trust approach combined with real-time endpoint protection to secure the unified remote access cyber security stack.

With the continued uncertainty around the best ways to manage the ongoing impact of COVID-19, business leaders are under pressure to implement flexible policies that can support working practices amid constant change. Some employees are back in the office, others have adopted a more hybrid approach, many are still remote. The location of employees, however, is no longer the key issue. How they remain productive, able to communicate, and secure, wherever they happen to be is now the priority for businesses.

To this end, BYoD and BYoPC policies are expanding rapidly. Long before the pandemic, these models that encouraged employees to use their own smartphones, tablets and laptops to carry out their work tasks had changed workplace culture permanently. According to Statista, in 2018, 45% of UK businesses enabled BYoD, and of these 60% were finance or insurance firms.

Since then, that number has grown exponentially, with the pandemic driving the adoption of BYoD culture rapidly throughout North America, which an IndustryARC report shows now accounts for more than 28% of global market share, followed by APAC and Europe.

For the many organizations that invested heavily in secure corporate laptops in recent months to serve their distributed workforces, the adoption of BYoD has brought significant savings in CAPEX. However, there are two major considerations that all businesses must address as they expand their BYoD policies, and they are security and compliance.

Vulnerability of unmanaged endpoints

Any device that is unmanaged and accesses the corporate network can potentially admit malware. Whether it’s from the personal applications used by employees and which lack security rigor or the downloading of games and apps from unchecked sources, the risks of data theft or viruses infiltrating sensitive company information is significant. If the device is lost or stolen and falls into the hands of cybercriminals, the lack of security will make it a doddle for them to hack corporate accounts.

And the lack of control associated with unmanaged devices has another downside: it renders the company non-compliant with a wide range of important regulations, including GDPR, PCI-DSS, HIPAA, FFIEC layered security and of course, internal infosec requirements. Interestingly, in a poll that we carried out on Twitter recently, more than half of respondents admitted that their current infrastructure had either failed Payments Council Industry (PCI) assessments or their company was non-compliant with PCI DSS – clearly this standard alone is difficult enough to comply with, without the added complexity of BYoD.

Addressing the issues

Turning unmanaged devices into secure endpoints that pose no threat to corporate data is not difficult, but it does need addressing urgently if companies embark on BYoD policies. The best approach is to adopt multiple layers of complementary solutions and services that work together to block cyberthreats and proactively manage gaps in compliance.

The first, and most important step is to take a zero-trust approach to every endpoint that will connect with the company network. The motto “Never trust, always verify” is a useful reminder. Zero trust literally means that every user (and their device) is treated as a threat by default, even those that are already inside the network. They cannot be granted access to the system at any level until they have been verified.

It is a measure of how important zero trust has become, that in the Spiceworks Ziff Davis 2022 State of IT report, which surveyed more than 1000 technology buyers in North America and Europe, 65 percent of companies in Europe said that they were implementing or planning to use zero trust security solutions within the next two years.

The next step is to think beyond the old stalwarts of internet security, anti-virus software and securing the wireless network with virtual private networking (VPNs). These are all important and play their part, but none of them is a complete solution for managing today’s threat landscape.

Instead, enterprises should look to deploy dedicated software and solutions that can ‘wrap’ data and applications securely to neutralize the threat of cyberattack particularly from keyloggers, screen grabbers and similar malware.

Key loggers and screen grabbers are the attack vector through which sensitive data is most often, and most easily, stolen, and unsurprisingly, both these forms of malware use unprotected endpoint devices to get into corporate networks. If a keylogger is installed on a remote endpoint device which has a lower security posture than it would have within a secure network, cyber-attackers can gain full access as the user logs-in and to everything the user enters at the keyboard or displays on the local device.

This is why software that protects data entry on unmanaged devices, particularly those that work with remote access apps like Citrix, VMWare, WVD, web browsers and Microsoft Office applications, is an essential part of the layered approach when considering BYoD.

All organizations of any size need to understand just how much they should do to secure their BYoD policies from the word go. They cannot just rely on two-factor authentication, a VPN or standard anti-virus solutions. Unless data is protected as it is entered from the keyboard or onto the screen, it opens a gap in the corporate armor which makes the company vulnerable to a security breach, and also to non-compliance. 

READ MORE:

BYoD is the route of choice for many businesses as they negotiate the road forward. To make it work however, business leaders must ensure they do not sacrifice security and compliance in the drive towards cost savings.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

An image of BYoD, IoT, Thinking BYoD? Make sure to protect the endpoints first

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

Addressing Regulatory Compliance in Government-Owned, Single-Use Devices

Nadav Avni • 26th March 2024

Corporate-owned single-use (COSU) devices, also known as dedicated devices, make work easier for businesses and many government agencies. They’re powerful smart devices that fulfil a single purpose. Think smart tablets used for inventory tracking, information kiosks, ATMs, or digital displays. But, in a government setting, these devices fall under strict regulatory compliance standards.

Advantages of Cloud-based CAD Solutions for Modern Designers

Marius Marcus • 22nd March 2024

Say goodbye to the days of clunky desktop software chaining us to specific desks. Instead, we’re stepping into a new era fueled by cloud CAD solutions. These game-changing tools not only offer designers unmatched flexibility but also foster collaboration and efficiency like never before!

What are Multi-core Safety-Critical Avionics?

Wind River • 13th March 2024

A multi-core processor is a type of central processing unit that integrates multiple individual processing units onto a single chip. It supports different cores executing their tasks simultaneously, for quick and enhanced overall performance. Multi-core processors nowadays support safety-critical avionics. Find out more about what multi-core processors are, what multi-core safety-critical avionics are, and how...

Why Transition from 4G to 5G+ vRAN/O-RAN?

Emily Goldshteyn • 13th March 2024

The journey from legacy to 5G doesn’t have to be off-putting. It is a process that, if approached strategically, can make your company a pioneer in the digital age. Virtual and Open RAN, which come with broader choices of technology options and greater flexibility, are giving service providers greater opportunity as they transition their networks....