Tip

BYOPC security simplified: Basic tools IT needs to manage PCs

BYOPC security is an obvious concern that can restrain program adoption. If you allow employees to bring their own PCs and mobile devices, you should consider mobile security best practices,

    Requires Free Membership to View

such as authentication, policy enforcement, isolating data, encryption and virtual desktop use.

Be aware of what end users agree to when installing software. If an employee unwittingly allows an application developer to download his entire contact list and your company lets that same employee download sales contact information, then valuable business information may leak.

Employees may be more lax about security on their PCs, laptops and other devices than corporate policies demand. Once employees start using their personal laptops for business purposes, their personal authentication practices become a BYOPC security issue.

Not only must you define authentication requirements, but you should also enforce them. The means for doing this can vary from one platform to another. For example, when an employee connects to the corporate network with a personal laptop, the employee can be required to authenticate with a two-factor authentication, such as a secure token plus a password. The company can then enforce authentication policies by an access gateway to virtualized application and desktop services.

Encryption is a powerful tool for protecting confidentiality of data, but it can create problems. If a company requires employees to use full-disk encryption, then some applications may no longer function. Selective encryption may be a better option. Virtualized desktop options can help isolate sensitive data to a sandbox environment, which is removed once a user's session ends.

Isolating data is especially welcome when IT must remove corporate information from a PC, such as when an employee leaves the company. If isolated data is maintained only for the duration of a session, there is less risk of data remaining on an employee-owned PC.

Policies should be enforced automatically. When you evaluate enforcement applications, consider the functionality offered, including the ability to do the following:

  • register devices;
  • configure devices remotely;
  • enforce password or authentication policies;
  • manage secure sockets layer certificates for device authentication; and
  • detect unregistered PCs on your network.

If you want to give workers access to enterprise applications but do not want to risk leaving sensitive information on their personal devices, consider the virtual desktop route. With a virtualized desktop environment, you may not need to register devices. Instead, you might allow any unmanaged device to access the network if it meets minimum standards. This approach allows you to use the same mobile device security policies and procedures with employee-owned PCs as with remote unmanaged devices employees use, such as PCs in a hotel business center.

About the author

Dan Sullivan, who holds a master's degree in computer science, is an author, systems architect and consultant with over 20 years of IT experience, with engagements in advanced analytics, systems architecture, database design, enterprise security and business intelligence.

This was first published in August 2012

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.