Discover Performance

HP Software's community for IT leaders // October 2012
Subscribe

4 steps to securing the BYOD world

You can’t secure every device, and the day of limiting devices and platforms has passed. Don’t focus on devices—focus on the data, the apps and the users.

The bring-your-own-device era poses a massive security challenge: all those different devices and platforms. Mobile Device Management (MDM) solutions were designed to help tame the chaos, but may not accommodate every device that will touch your corporate network or, worse, invade your users’ privacy. That lack of comprehensive support leaves you with unmitigated risks.

Rather than dream of a turnkey solution to lock down all devices, focus on solid best practices for securing enterprise data. Taking the emphasis off of device-level protection lets your security teams tackle security with a methodical, layered approach. Such a strategy can equally protect mobile devices, laptops and wired clients, regardless of the devices your employees need to be productive.

A robust, data-centric enterprise security strategy has these four dimensions:

1. Know your users. We’ve moved past the days of fixed IP addresses. Today, a single employee might use a mobile smart device; connect to the corporate network using her own WiFi; log on from a coffee shop via an unsecured WiFi; use a badge reader to enter the physical campus; and sign in to salesforce.com, SAP and other enterprise apps. In one day, one employee can generate a dozen or more different IDs. Multiply that by total headcount, and it's easy to lose track.

To manage all these IDs and link them to the person they represent, you need one single view of the user. Consider consolidating user-rights monitoring into a single engine, such as a Security Information and Event Manager (SIEM). This offers a comprehensive picture of a user's activities from the time they badge in to work (whether virtually or physically), as well as each system, application and piece of data they access and how they use it.

2. Secure your apps. Employees use a wide variety of applications to get their jobs done, and only some of those apps reside on your enterprise servers. Thus, your app ecosystem comprises personal apps, third-party apps and SaaS apps in addition to enterprise apps. These apps can be thick-client, installable binaries, mobile apps or something browser-based. You need to understand the risks that each brings.

Some will need a full-scope SDLC (software development lifecycle)-based review process, while others will need governance and auditing to see that they meet compliance requirements. Make sure you have application monitoring and scanning tools, including manual processes where necessary, in place to help identify security defects in code written by third parties.

3. Secure your network. As you diligently track the IDs of every user interacting with your network, be equally diligent about whom (and what) you let in. At the airport, TSA agents authenticate people's travel documentation and screen both people and items for known risk factors. They also utilize behavioral monitoring to look for patterns that could indicate a threat. Bring similar strategies to your method for vetting users attempting to access your network. Put controls in place to keep out anyone whose behavior triggers an alert.

4. Have good visibility. Monitor activity across the enterprise to track and prevent negative events and breaches. Close performance monitoring is vital, as anomalies in network throughput and overall utilization can be clues to a security breach. When suspicious activity is detected, analyze all the digital fingerprints to identify the cause of the problem. Changes to configuration settings are a particular concern as this is a common hackers' tactic. Make sure you can track the origin of all configuration changes and have a system of alerts for unexpected changes as part of a strong change-management culture.

Bring your own … anything

BYOD is about saying yes—to whatever mobile devices and platforms your employees prefer. By taking your security strategy back to basics with an approach that vets enterprise data, traffic and users from four perspectives, you can take the anxiety out of saying yes, as well as change the perception of IT in general, and IT security in particular, as the buzz-killing department of no.

To learn more about how HP can help you implement a holistic, data-centric security strategy that won't leave you with mobility vulnerabilities, read about the Mobile Application Security Solutions from HP Fortify.


x

IT leader assessment

This tool evaluates the correlation between IT attributes and business success and, based on how your answers compare with average scores, will advise you where to invest in IT.

It is based on data HP collected from 650 global companies about a range of IT characteristics (server capacities, approach to information management, security, BYOD, etc.) and how they correlate to revenue gain. This assessment will compare your answers to the average scores in that study.

There are 12 questions that will require an estimated 10 minutes of your time. You'll receive a summary of your rating upon completion.



Let's get started
x

Please select an answer.
x

Analysis:

Your answer:
Your score:
Average score:
Revenue leaders' score:


x

Please select an answer.


x

Results

Your score:
Average score:
Revenue leaders' score:


Get detailed results:

Popular tags

Events

Discover Las Vegas 2014

Register for HP’s premier event for inspiration from industry leaders, the HP inside scoop, and a deep dive into tomorrow’s enterprise IT trends.


HP Software related

Most read articles

Discover Performance

Archive

Tweets @ HPSecurity