Tech Thursday: How To Secure BYOD Mobile Devices

Companies have embraced BYOD -- Bring Your Own Device. Giving your users the ability to use the tools that they choose to stay connected on the go helps them to be productive and flexible on the go.

But BYOD brings with it a different set of security challenges that system administrators need to address. Letting users connect their email and sync files to personal phones and tablets means that you’ll need to keep those devices secure in order to protect company data.

Assess the Risks - Balanced with Usability

Providing external access to any service comes with its risks. Like a gate into a city, enabling EAS, remote desktop, or any other external service provides a weak point which intruders could use to get into your network. But if you choose carefully which services to provide, and how to protect them, you can make sure that your users have the access they need to get their work done.

Many of these services are web-based. Rather than exposing a web server to the outside world, consider using a dedicated load balancer or reverse-proxy appliance to provide additional security. They will handle authentication as well as some basic intrusion detection and prevention (IDP), which will keep the servers behind them secure.

Control Which Devices Can Connect

Many of your users like to be on the bleeding edge of mobile tech. But others might not be so interested in keeping up. Older versions of Android and iOS may contain bugs and security flaws that could be used to compromise your data. So, it’s a good idea to control which devices may be used to connect to the services you offer.

For example, Exchange ActiveSync (EAS) can be configured to only allow certain user agent strings to sync email. All others can be quarantined for your approval, or denied outright. To learn how to configure these policies, check out this Microsoft TechNet blog post.

Enforce Mobile Device Security Policies

When your users access their email or sync other data to their phones and tablets, the data that lives on those devices needs to be protected. Both Android and iOS support full-device encryption based on passcode security, and it's good practice to require that your users enable it as a condition of accessing company data on their devices.

For the most control and flexibility, a Mobile Device Management (MDM) solution can be used to push these settings. But EAS can also be used to enforce these policies to some degree on all modern phone OSes as well. For information on how to set this up, check out this TechNet article.

By following these guidelines, you can give your users the flexibility they need to get their work done from anywhere, while also keeping your network and data secure.

E-N Computers is a full-service IT managed service provider, helping companies in Virginia and Washington, D.C. solve their tech problems. Contact us today to find out how we can empower your mobile workforce.