News

Industries

Companies

Jobs

Events

People

Video

Audio

Galleries

My Biz

Submit content

My Account

Advertise with us

Network access control an essential in BYOD environments

According to Michael Morton, mobile security expert at Securicom, the crux of mitigating the IT security risks associated with the unbridled connection of unmanaged personal devices to corporate networks is tight Network Access Control (NAC).
Network access control an essential in BYOD environments
©goodluz via 123RF (3)

"The advantages of Bring Your Own Device (BYOD) environments are widely touted. Employees' productivity is empowered because they are allowed to use their devices of choice to do their work on the move, and companies reap the benefits of a most cost effective alternative to provisioning devices.

"On the other hand, companies are now only starting to recognise the risks to IT security associated with allowing employees to access corporate networks using devices that are not managed and typically do not have adequate security. Controlling devices' access to the corporate network is fundamental to protecting it," he says.

Managing mobility

Control technologies must be in place to allow or disallow access based on the user and device credentials. A Network Access Control (NAC) technology should be implemented but it should ideally work with a robust and effective mobility management solution. A mobility management solution will provide the basics like password protection; remote wipe-clean and lock functionality; device encryption; anti-malware; jailbreak detection. Premium solutions also support VPN configuration and management; offer data loss prevention; tools for monitoring and reporting on the mobile device environment, and importantly support access control to company networks and printers.

Once a device connects to the corporate access point, the NAC solution sends the mobile device's details to the mobility management platform via Application Program Interface (API) integration. The mobility management platform then does a host check to determine if the mobile device is enrolled and adheres to corporate policies. Once the platform gives the go ahead, the NAC allows the device to connect with its pre-defined allowed access.

Blocking risky functions

Brenwin Traill, Securicom's Firewall Team Leader also strongly recommends some form of authentication on the network once a mobile device connects. "This will provide IT with valuable information about who is connecting to the network and what they are accessing. Employees should only be granted the minimum level of access required for them to be productive."

With an effective mobility management solution and NAC technology, companies can go as far as blocking certain, risky functions on employees' devices from connecting to the network - such as the camera or voice recorder.

"Companies may want to stop certain functions from accessing the corporate network if they have the potential to compromise the security of business intellectual property or secrets. In BYOD scenarios, IT cannot simply go ahead and block the camera on the device as it is owned by the employee. However, with NAC technology that works with a mobility management solution, companies can utilise geo-fencing which allows IT to block functions and applications from being used when a device enters the geo-parameter of the network. Once the device is removed from the location all functionality is restored. This level of control that balances employee privacy and productivity with the company's security needs is just not possible without the right kind tools," explains Morton.

Best practice in managing network access

He concludes: "Companies need to formalise device usage and network access rules with a mobility policy. IT needs to spend time with business to determine what corporate access is required in the different departments and fields. Once access requirements have been determined, IT will need to look at the different flavours of mobility management out there and choose the one that meets their requirements.

"A mobility management solution will provide IT with a centralised console where they can create all the individual policies, enforce them, and deploy them securely to all the required devices. It is the best practice way to properly and prudently manage network access control in a BYOD scenario."

Let's do Biz