credit: Free Photos / AIX
The National Cyber Security Center has updated guidance for organizations operating the Bring Your Own Device (BYOD) initiative.
The updated recommendations include warnings to businesses and public authorities. “No matter how well-configured the solution is, BYOD alone cannot perform all of an organization’s functions securely.”
Also, before reading the advice, organizations that have already “granted administrative access to company resources to BYOD users” are instructed in the guidelines to “immediately revoke that access and then return.”
The NCSC recommends that BYOD be used in this case to describe the business use of computing equipment owned and managed by employees.
“If you’re happy to allow traditional full device management of your own devices… [this] Release companies effectively. “
Before implementing BYOD, companies are encouraged to “determine the best approach for their organization.”
To this end, the NCSC outlines five key actions that need to be taken, starting with “determining objectives, user needs and risks”.
As part of this process, organizations need to consider whether the use of employee-owned equipment is a temporary measure or a long-term intention. Other issues to consider are business characteristics that may participate in the BYOD program and the types of equipment involved.
The second action that cyber agencies recommend is “policy-making” for BYOD plans. The policy should take into account tasks performed on the employee’s device and internal services accessed through an external machine. Organizations also need to question how well the desired policy objectives are met.
The third action of the NCSC is to “understand the additional costs and implications”. This may include increased expenditure on support and new liabilities.
The next step is to consider the “deployment approach”. The NCSC guidance outlines the main advantages and disadvantages of the five most widely used methods for adopting BYOD. Virtual Desktop and Remote Desktop. bootable operating system. mobile device management; and mobile application management.
The final action advised by the NCSC before switching the green light on the use of staff equipment is to “implement technical controls”. This process depends on the method you choose to enable access.
Example: For web browsers, controls may include some form of multi-factor authentication, but new applications in mobile device management approaches may require device compliance monitoring and whitelisting.
In a blog post announcing the new guidance, NCSC senior forum researchers said that at the start of the coronavirus crisis, many organizations had adopted the “just make it work” spirit to enable BYOD. Rice field. I have created some issues that now need to be addressed.
“Like many other technology solutions, [BYOD] It started with a utopia dream free of danger. With the tool of your choice, you can do what you need, anytime, anywhere,” the blog says. In fact, the threat is quite omnipresent. “
Furthermore, he added: “BYOD solutions and approaches are evolving and have many features and controls that help protect users and organizations while enabling and empowering employees. The catch is this: effective and secure For this to happen BYOD must be done properly. Do it right because the new guidance provides an overview of the technical controls available for the different types of BYOD deployment. I can.”
Source link NCSC warns organizations: “BYOD alone cannot perform all tasks safely.”