BYOPC security simplified: Basic tools IT needs to manage PCs

BYOPC security can present problems: Securing PCs isn't the same as securing corporate desktops. Be sure you authenticate devices and enforce policies

This Content Component encountered an error

BYOPC security is an obvious concern that can restrain program adoption. If you allow employees to bring their own PCs and mobile devices, you should consider mobile security best practices, such as authentication, policy enforcement, isolating data, encryption and virtual desktop use.

Be aware of what end users agree to when installing software. If an employee unwittingly allows an application developer to download his entire contact list and your company lets that same employee download sales contact information, then valuable business information may leak.

Employees may be more lax about security on their PCs, laptops and other devices than corporate policies demand. Once employees start using their personal laptops for business purposes, their personal authentication practices become a BYOPC security issue.

Not only must you define authentication requirements, but you should also enforce them. The means for doing this can vary from one platform to another. For example, when an employee connects to the corporate network with a personal laptop, the employee can be required to authenticate with a two-factor authentication, such as a secure token plus a password. The company can then enforce authentication policies by an access gateway to virtualized application and desktop services.

Encryption is a powerful tool for protecting confidentiality of data, but it can create problems. If a company requires employees to use full-disk encryption, then some applications may no longer function. Selective encryption may be a better option. Virtualized desktop options can help isolate sensitive data to a sandbox environment, which is removed once a user's session ends.

Isolating data is especially welcome when IT must remove corporate information from a PC, such as when an employee leaves the company. If isolated data is maintained only for the duration of a session, there is less risk of data remaining on an employee-owned PC.

Policies should be enforced automatically. When you evaluate enforcement applications, consider the functionality offered, including the ability to do the following:

  • register devices;
  • configure devices remotely;
  • enforce password or authentication policies;
  • manage secure sockets layer certificates for device authentication; and
  • detect unregistered PCs on your network.

If you want to give workers access to enterprise applications but do not want to risk leaving sensitive information on their personal devices, consider the virtual desktop route. With a virtualized desktop environment, you may not need to register devices. Instead, you might allow any unmanaged device to access the network if it meets minimum standards. This approach allows you to use the same mobile device security policies and procedures with employee-owned PCs as with remote unmanaged devices employees use, such as PCs in a hotel business center.

About the author

Dan Sullivan, who holds a master's degree in computer science, is an author, systems architect and consultant with over 20 years of IT experience, with engagements in advanced analytics, systems architecture, database design, enterprise security and business intelligence.

This was first published in August 2012

Dig deeper on Mobile data protection and authentication software

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchEnterpriseDesktop

SearchVirtualDesktop

SearchVMware

SearchCIO

SearchSecurity

Close