Fortinet Blog | News and Threat Research

BYOD – Lessons From The Past

In a recent survey of people in their 20’s conducted by Fortinet, the majority of respondents stated that bringing their own device (BYOD) to their workplace was a right and not a privilege. http://blog.fortinet.com/study-gen-y-would-break-rules-for-byod/ And nearly a third said that they would contravene a company’s security policy that forbids them to use their personal devices at work or for work purposes. Surely, a client-centric approach to BYOD will face difficulties when so many workers will actively seek to work around corporate strictures. While there is a role for VPN and Mobile Device Management clients, network security should form the cornerstone of your BYOD security strategy. Simply put, since all traffic needs to pass through the network, organizations of all sizes need to look to the network as the best place to deploy security in a BYOD world.

As with any technologic shift, IT professionals should look to the past to learn how to successfully and securely integrate new technologies. The move to BYOD is no exception: - 1980’s –The First PCs Productivity improvements resulting from applications such as Lotus-123 and desktop publishing applications, such as Adobe Photoshop and Illustrator led individuals to bring PCs into their departments. Once IT was tasked to support these new computers, LANs came into being and network security became commonplace. - Mid-1990’s – The Internet Revolution Network security became critical. The most successful organizations were able to securely utilize the Web for improved information flow, better customer relations and faster decision-making. Firewalls and VPNs became commonplace. - Mid 2000’s – Web 2.0: The Web moved to a 2-way communication medium. Application layer security and application control at the network level became increasingly important as webification of app traffic began. - 2010’s – BYOD and the Consumerization of IT: Network security is once again critical to secure adoption of new technologies. A number of different network security technologies become critical to successful deployment. These include (but are not limited to) network-based antimalware, VPN termination and two-factor authentication, antispam filtering, Web and URL filtering, wireless guest-access, application control and data loss prevention (DLP). - The Future: More and more devices will need to attach to the network as machine-to-machine communications become commonplace. Client-based security will play a minimal role as all this machine-to-machine traffic moves through the network.

So, as we’ve seen, in each situation, network security is the key ingredient in successful adoption of new technologies. Judging from the past, client-based approaches will play a small role in protecting corporate assets. There has ALWAYS been a strong network component to IT security and the weight of protection needs to be placed on the network and not the client. Today is no different.

There are many reasons why this is so:

• Personal devices are becoming more heterogeneous with a variety of different hardware and operating system platforms. The ‘personal’ nature of such devices and the fast evolution of the devices make platform standardization extremely difficult and judging from end-user survey results, likely to face strong opposition. Here’s a link to a story that further explores mobile device fragmentation: http://blog.fortinet.com/lessons-learned-from-humpty-dumpty-2/
• Most organizations need to deal with ad-hoc attachments to their networks from both the WAN and the LAN. The network security layer is the best place to apply policies based on the identity of the user. An organization cannot expect to successfully deploy clients on every person’s device that requires access to information.
• A network security centric approach to BYOD gives organizations the flexibility to provide end users a variety of approaches to endpoint security. From simple VPN connections to virtual desktops to company-owned devices, the network security layer remains the one point of control for both the WAN and LAN.

The breadth of security technologies provided by network security is critical in a BYOD world. These include application control, network-based antimalware, Wi-Fi security, VPN, two-factor authentication, data leak protection, URL filtering, spam filtering, stateful firewalling, intrusion prevention, VDOM and ADOM technologies, and the list goes on. Most of these technologies provide protection that can only be achieved on the network. And, last but far from least, the network security device is the best place to create and enforce policies. It’s the one place that security professionals own and can control.

For more information on Fortinet’s BYOD solution, visit our BYOD solution page and download the ‘Enabling Secure BYOD’ solution guide under Tech Insights. http://www.fortinet.com/solutions/byod.html