Employees are increasingly using their personally-owned ICT devices at work, whether for personal or work purposes. Organizations with BYOD (Bring Your Own Device) schemes and policies typically insist that employee's smartphones, laptops, tablets etc. are secured and managed by IT, requiring the use of MDM (Mobile Device Management) software, AV (antivirus) etc.
So what happens as employees start bringing in their personal IoT toys (BYOT - Bring Your Own Things) in the same way - their fitness trackers, Google Glasses and other wearables, perhaps control pods for their home IoT systems, and so forth?
Good luck to anyone trying to insist that IT installs MDM, AV and all that jazz on a gazillion things!
One approach to BYOT security I guess is to prohibit all unapproved and unauthorized devices/things from connecting to corporate networks, at the same time preventing corporate devices/things from connecting to non-corporate networks (including ad hoc or mesh networks formed spontaneously between IoT devices, and public networks such as open WiFi, Bluetooth and cellular networks). Keep them logically separated, with strict enforcement using compliance measures, change and configuration management, network and device/thing security management and monitoring etc. (oh oh, I see dollar signs ticking up at this point).
Another approach is to deperimiterize - stop relying on network perimeter access controls, depending on device/thing security instead. Treat all networks as untrustworthy if not overtly hostile. Easy to say, tricky to do properly.
A third way involves the corporation providing open-access/public unsecured networks on its premises and encouraging employees to use those if they want to network their BYOS*. This has the advantage of logical separation at low cost, while employees (and contractors, consultants, visitors and assorted drifters) can connect up without the cost of 3G or other public networks. There may be legal wrinkles to this approach
Regards,
Gary (Gary@isect.com)
* "Bring Your Own Stuff" is the polite version, "Bash Your Old Ship" is slightly closer to the real definition.
No comments:
Post a comment