10:13 AM
Connect Directly
Repost This

BYON: New Acronym, Same Problem

Bring Your Own Network is a new name for an old threat, but it emphasizes an important rule: unsecured data is at-risk data.

First came BYOD. Now there's talk of BYON, or Bring Your Own Network, a new twist on mobile threats. BYON broadly describes an increasing number of devices – be they laptops, tablets, or smartphones – that link to corporate content via external networks, ranging from free access points at airports and cafés to the hot spots users can create ad hoc by tethering a mobile phone's cellular connection to some other device.

But before you hit the panic button--and before you let your CIO start writing checks to vendors waving the BYON flag--recognize that BYON isn't new. The basic concern behind BYON predates any "bring your own" lingo, stretching back to the day enterprises first allowed employees to take corporate-issued, WiFi-enabled laptops out of the office.

"The same solution to BYOD solves BYON: Stop worrying about the devices and start securing the DATA!" wrote Mike Davis, CEO of Savid Technologies, a security consultancy, in an email. Whether one is relying on a Starbucks connection, using a 4G MiFi hotspot, or linking via corporate WiFi, he asserted, "Data is data and must be secured properly."

In an interview, Chris Witeck – Senior Director of Product Marketing at iPass, an enterprise mobility provider, offered similar sentiments. BYON is "not necessarily a new problem," he said, noting that "with mobile devices, phones, and tablets, you're dealing with greater numbers" but that the central issue is "something that's been around since the first days of remote access."

Given the ubiquity of open wireless networks, IT should assume every device and external network can pose a threat, and implement security tools and policies on four levels--data, device, application, and network.

BYON risks, then, are like the sequels in a horror movie franchise; the villains keep coming back, sometimes in greater numbers, and with new cast members to torment--but the guiding principle is usually the same: stay awake and you'll be safe from Freddie Krueger, resist hormonal urges and you'll survive the psycho slasher, secure your data and you'll be much less likely to suffer intellectual property theft.

So how can a business ensure its BYON policy adequately secures corporate data? Witeck said that the risk of theft differs a bit according to device. Viruses are a bigger concern for laptops whereas lost devices are a larger issue for phones and tablets. In general, however, the solution starts with something that's not new either: encryption.

Enterprises can harness resources such as VPNs to facilitate encrypted tunnels between a remote device and the corporate network. VPNs can also ensure that traffic is directed through a company's traffic inspection layers, such as intrusion prevention systems, malware scanners and next-generation firewalls.

Witeck said the rise of cloud computing provides a potential complication because one doesn't have to access a VPN to reach cloud applications. He countered, however, that many reputable cloud services can activate encrypted channels or otherwise integrate VPNs, giving businesses many secure providers from which to choose.

Companies can also use software to encrypt data stored on mobile devices. They can also take advantage of mobile device management software, which include features such as remote wipe capabilities to remove data from a phone or tablet if the device is lost or stolen. InformationWeek Reports recently released a buyer's guide on BYOD that covers 40 products. View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
11/5/2012 | 8:37:27 PM
re: BYON: New Acronym, Same Problem
"""Stop worrying about the devices and start securing the DATA!"" as you write is the real key to BYON and BYOD. An example is at our hospital, our doctors started texting patient info to admin and other doctors which is a data related HIPAA issue. We ended up getting a secure texting app that is HIPAA complient (Tigertext), which is a good solution for BYON and BYOD because it is about securing the data, and can work on any network or device."
User Rank: Apprentice
10/23/2012 | 2:38:34 PM
re: BYON: New Acronym, Same Problem
The discussion seems to be around being able to wipe personal mobile phones of corporate data, or forcing particular security policies on employee owned devices. This seems fine when there is a choice of a company device or use your own, you might want to allow some restrictions on your personal phone for convenience. If there is no choice of this type however this strikes me as just a new way of offloading cost from the company to the employee by forcing employees to use their own phones for company business.
Hot Topics
IT Certification Exam Success In 4 Steps
Amy Arnold, CCNP/DP/Voice,  4/22/2014
Edge Devices Are The Brains Of The Network
Orhan Ergun, Network Architect,  4/23/2014
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Twitter Feed