With the advent of BYOD, it seems like just yesterday that a new mobile movement was making waves through enterprise organizations across the globe. BYOD offers new opportunities for increased productivity, but it also raises a slew of difficult security questions. While many IT pros are still wading through the repercussions of this mobile onslaught, a fresh, new user revolution is creating similar buzz (and similar problems).
Bring your own network, or BYON, has piggybacked on the success of mobile device integration to expand the sphere of influence that users have over their work environment, allowing them to set up and connect to their own personal networks if the available network doesn't suit their needs. With its growing popularity, here are some tips to help you protect your network infrastructure.
Defining the Relationship
The first step towards corralling the proliferation of user networks within your organization's environment is to define where you stand on the issue. You may look at BYON and see an opportunity to enhance flexibility for users and increase productivity. Conversely, you may find your environment too sensitive (due to data restrictions, user agreements and other security concerns) to allow foreign networks to integrate with business processes. Decide what your stance will be on the use of personal networks, and make sure that your users understand where you draw the line.
If you decide to allow user networks in your environment, the next step is to tackle the logistics of how far they can reach into business processes and vice versa. To do this, you'll need to develop a digital and physical policy to govern how devices and applications interact with these networks. As you create your policy, it's important to have a clear understanding of both the goal of BYON in your environment — if you're allowing it, it must have a purpose — and the potential consequences of integration. If, at any point, the consequences (be they financial, security or productivity risks) outweigh the projected benefits of the technology, it's a good idea to go back to basics and revisit your stance on allowing user networks at all.
An Inseparable Duo
At its core, the growth of BYON is closely tied to the proliferation of BYOD due to their inherent reliance on each other. Without network connectivity, bringing mobile devices into the workplace would be just short of useless. Similarly, creating a personal network without a device to connect to it would be rather fruitless. As such, you can't expect to manage one without first managing the other.
Along the same lines, as you build a security strategy to deal with the inevitable introduction of user networks (because it will happen, regardless of your official stance on the matter), it's imperative to understand that the reasons why users opt for BYON are nearly identical to the reasons why they choose BYOD — usually, entertainment or convenience. With that in mind, creating a secure network environment will be much easier if you include viable outlets that cater to these user motivations within your authorized enterprise network, and ensure that users know how to access them. Doing so will prevent the need for users to rely on their own technology.
It's also a good idea to keep in mind that BYON doesn't necessarily require BYOD in every scenario. With the growing popularity of ISP hotspots, users could also leverage existing networks from the surrounding environment. Plan accordingly.
When All Else Fails
Unfortunately, no matter how clear or well rounded your policy is, as long as humans are involved, it will be broken — inadvertently, or not. For this reason, having a comprehensive solution in place to monitor your network environment for potential threats is a must. That way, rogue networks and devices that don't conform to your predefined policy can be handled in a secure and automated fashion.
This will also increase visibility by keeping you informed of changing network topology and how devices or apps are accessing the network. As a result, network monitoring should always be an integral part of any BYO deployment.
Educate Your Users
When you examine your security strategy, you'll find that every risk begins and ends with the users themselves. The better trained and equipped they are to understand the technology and associated risks, the better they'll be able to avoid the pitfalls. By educating users not only on your organization's policy, but why it was created, they'll be better able to make the right judgment call when the time comes.