The goal of every IT administrator is to not only recognize technological trends but to get out ahead of them in order to protect their company’s assets. Anyone who has worked in the IT security space for the last decade recognizes the direction that organizations are moving in when it comes to hardware and personnel. As workplace technology increasingly moves from enterprise solutions to consumer hardware, new and complex challenges have arisen. What IT professionals are currently experiencing is a struggle on two fronts: securing their networks in the face of a growing Internet of Things (IoT) and the expectation that personnel can Bring Their Own Device (BYOD) to work.
First, we must define what is meant by stating that many firms are moving from enterprise to consumer as far as the devices that are being connected to their networks for office functionality and employee productivity. IoT is exploding in both size and penetration. By 2020, it is believed that 25 billion IoT devices will be connected to networks worldwide. The IoT does not include devices like smartphones or laptops. Rather, they are internet connection-enabled devices such as smart thermostats, cameras, various appliances, and other devices one might describe as a gadget that gets integrated into your firm’s network.
On their face, these devices that make up the IoT may not appear to be a significant vulnerability. But we have seen that is not the case. IoT devices are perhaps the most exploitable device with network access due to their lack of built-in security features. As hackers, both ethical and unethical, have shown, with the right knowledge, a compromised device could lead to spying on or the shutting down of an entire facility causing immeasurable damage.
BYOD business practices bring their own risks. While not as nebulous, perhaps, as IoT risks, IT administrators know of the challenges regarding managing hardware that is not company issued. Employees expect to be able to connect their own devices to a firm’s network, especially their smartphones, for the sake of convenience and constant access. The numbers surrounding BYOD readiness are alarming. Only about 20% of surveyed companies had a signed policy in place regarding BYOD behavior. Of those employees who brought their own devices to work, about 18% said their IT department wasn’t aware they were using a personal device. And 28% of IT departments ignore BYOD behavior. With more access than ever to sensitive network resources, this is a dangerous practice.
As IT has gone more in the direction of consumerization, so too must security in order to face these modern challenges. Traditional security initiatives have proven to be too rigid, expensive, and therefore ineffective when dealing with the widespread visibility issues brought about by the IoT and employee personal devices seeking to have access to an organization’s network 24/7.
In order to efficiently face these problems, firms are turning towards a security consumerization model. That is, their solutions should provide security sustainability while requiring little maintenance and a payment structure that doesn’t balloon their budgets beyond what is reasonable. Additionally, these security solutions need to be able to handle the critical task of identifying, categorizing, and assessing every device that is seeking access to a network. Ideally, a sustainable security solution will both integrate with existing infrastructure and receive regular updates to combat threats that are recently identified.
What kind of solution meets all of this criteria? A cloud based NAC.