As more organizations shift to a Bring Your Own Device (BYOD) policy, IT admins have their work cut out for them. BYOD essentially means that the device is owned by the employee or contractor, so IT needs to walk gingerly in how they control and manage the device. It’s essential for IT to draft a strong policy statement that makes it clear what the organization can and can’t do with each device. That policy should also outline responsibilities that each device owner has. With the cloud and BYOD, the challenge is preventing confidential corporate data from ending up on devices that aren’t owned by the organization. This type of situation where confidential corporate data ends up on personal devices is par for the course with BYOD.
Addressing BYOD Security
As an IT admin, you need to think through how you will deal with security issues with devices that you don’t own. There are a number of different tools and capabilities that IT admins can employ to support their BYOD initiatives. JumpCloud® Directory-as-a-Service® can play a key role in helping secure these environments.
- Know every device on your network – Leveraging Directory-as-a-Service to authenticate user and device access via your WiFi infrastructure is a key way to know exactly who is on your network. By leveraging DaaS’ RADIUS support, each device requires network credentials to access the network and as a result IT knows each device on the network and who owns it.
- Control user access to IT resources – Directory-as-a-Service can be leveraged to control access to devices, applications, and networks. Especially in BYOD environments, access to all IT resources should be tightly controlled. The use of cloud services is a positive in this context since access can be terminated at that level easily through DaaS. Network access also needs to be tightly controlled and should be done with unique credentials rather than a shared SSID and passphrase.
- Have the ability to remotely wipe corporate data – Depending upon your BYOD policies, you may or may not have the ability to remotely wipe corporate data from a user’s device. Ideally your policies would allow this security measure. Having the ability to remotely wipe data is far less about malicious employees or contractors and much more about devices being stolen. IT needs to have the ability to remotely wipe a device. Through Directory-as-a-Service’s command execution capabilities, IT admins can remotely wipe a device or certain data on the device.
Embrace BYOD, Securely
BYOD does represent both an opportunity and a risk for IT. As many analysts have stated, BYOD is going to be the future, so the more quickly IT can leverage tools and technology to lock down their data and networks, the better off the organization will be. If you would like to learn more about how JumpCloud’s Directory-as-a-Service can play a key role in BYOD, drop us a note.