BYON: The Next Big Security Risk

Bring Your Own Networking (BYON) appears to be the newest “Bring Your Own” fad given the drastic increase in remote work.  When one looks around there is not a lot of information out there. It is no wonder when considering how similar BYON and BYOD (Bring Your Own Device) are. They both can boost productivity, cut cost, and spread the need for network resources out to include outside networks. Just as BYOD has its own unique challenges, so does BYON.  NIST SP 800-124, section 2.2.3 indicates that “…organizations should plan their mobile device security on the assumption that the networks between the mobile device and the organization cannot be trusted.”

BYON can expose an enterprise network to risks that it would not face otherwise. Let’s go over an example of one situation a company could face.  Employees are working from home and can connect to corporate resources using multiple connections. This could be a home broadband network, a company VPN connection, or a mobile hotspot. What this allows an employee to do is work in three different realms at once.  While this is allows for greater productivity, Michael Tucker believes that it may be exposing companies to new risks. An employee can open a document on one connection, work with a database on another connection, and be manipulating cloud data on the other. The problem with this scenario is that external networks with limited controls are difficult to secure.

By using multiple connections, a security incident is of higher likelihood when network traffic and computing resources are not properly secured.  Through PT Network Attack Discovery, Positive Technologies disclosed that 97% of sample networks showed suspicious activities and 94% of networks were out of compliance with IS policies.  Imagine if an employee or vendor is downloading confidential data over an insecure network. There is a possibility that someone unauthorized is listening to your traffic and could steal or alter the data in transit. The corporate network is also more susceptible to viruses and malware that might be contracted during communications on an external network. This could spread the malware from all devices connected to the unsecure network to the enterprise network itself.

This all sounds scary and perhaps insurmountable, but it is not. According to a Tech Republic interview with SysAid CEO Sarah Lahav, the best defense is a good BYOD policy. Now there is a lot of information about that!

According Chris Witeck, senior director of product marketing at remote access provider iPass, there are many steps that can be taken to help secure this fast-growing trend, among them not allowing unauthorized access. This can be done by creating policy using a mobile device management (MDM) software like Citrix Endpoint Manager. This solution allows a company to secure endpoints while providing a centralized computing experience.

Out of some of the more popular articles regarding this subject, the most common and effective solution is end-user education.  Educating users will instill and awareness of proper security practices. There can be consequences for breaking these security practices as well, which might also serve as a good deterrent for improper behavior.

In the end, there are a lot of good things about BYON.  It provides greater employee satisfaction and lower corporate costs to name a couple. There are also significant security threats.  Using proper security policies and end-user education, the threat of a data breach is greatly reduced.

Leave a Reply

%d bloggers like this: