By: Paul Facey, Advanced IT Technician
Remote work became a necessity for many businesses this year due to the COVID-19 pandemic. With much of the workforce using their own devices to do their work, many employers have taken a new look at what is known as a bring your own device (BYOD) environment. This is nothing new – some companies had already enabled a BYOD environment pre-pandemic. As it suggests, BYOD means employees are allowed to use their own devices (i.e. laptops, tablets, smartphones) for work. A BYOD Environment is a compromise between the organization’s needs, the total cost of ownership, and the risks the organization is willing to accept or mitigate.
While this is a good fit for some organizations, it is not for all. For others, a combination of the two is what works best. In any case, a good understanding of how information is secured and stored, as well as the limitations of the applications involved (not all applications support a distributed environment) is critical to developing the organizations BYOD environment, if one is possible.
What to Consider
There are benefits and challenges to going BYOD.
- Reduced cost to employer
- User is familiar with the device/equipment (phone, etc)
- Can isolate Corporate data using a Terminal or Remote Desktop Environment (RDP) if primary user portal is a web interface
- Flexibility – employees can work from anywhere with an internet connection
- User-provided equipment may not meet minimum system requirements
- Employers cannot set rules for privately owned equipment
- Active Directory enforcement may interfere with a user’s personal preferences
- There’s risk of mixing personal and corporate data, unless users are using RDP or Terminal Sessions (Recommended)
- User may uninstall corporate security features provided by employer
When a company is considering implementing a BYOD policy – whether by choice or necessity, there are several items to consider:
- How are users going to be accessing corporate data?
- Terminal/RDP Local server (more secure)
- Microsoft Azure Environment (many options)
- Direct Access on Local Server (easiest for users to steal/compromise data if using BYOD)
- Web Interface/Portal (most secure for BYOD model)
- What are the security requirements of the data?
- Does data need to be maintained locally?
- Can it be maintained off site either by a vendor (Web Based Apps) or Web Storage (Azure, Amazon Web Services)?
- How much control does the organization want over the user PCs?
- Complete Control (user has direct access to data)
- Minimal Control (users connect through web interfaces or terminal/RDP sessions)
- What are the user’s applications hardware requirements?
- General Data Entry/Web Based Apps – minimal PC requirements $
- CAD / Drafting/Photoshop – more powerful PC requirements $$$
When users provide their own equipment, they have the right to install or remove whatever software they choose. The organization cannot control what web sites or apps employees install outside of the work environment or what external devices they connect (HDs, thumb drives, etc).
If a system becomes infected with a virus or other malicious software, how does the organization prevent the user from infecting the rest of the corporate network? Even if the organization provides the user with AntiVirus or Antimalware software, what prevents the user from uninstalling it?
How to protect your network
If an organization is using Remote Desktop Connections (RDP) or Web Based portals, the security risk to the network is greatly reduced (as is the hardware needs of the user devices). These types of connections also lend themselves to working remotely, however, the initial investment to set them up can be significantly higher. In the case of environments like Microsoft Azure, this expense is usually monthly-based as well as usage-based, so the cost can fluctuate from month to month, but resources can be allocated or reduced quickly if needed.
Networks Plus is experienced in setting up and maintaining a broad range of environment types. We support environments that are completely organization-owned, from the user PC to every Server, as well as environments where users provide their own equipment (Laptop / Desktop) and work completely remotely in a cloud-based environment. We also have experience in managing a hybrid environment of the two: some users work remotely while others are onsite using organizational equipment. We are positioned to provide both the onsite needs of the customer as well as to deploy and support cloud-based environments through our Azure partnership.
Give us a call to talk about your needs.