Company Owned and BYOD Devices
How are employees connecting?
In times where everyone who does their job from a computer is working from home, companies are being creative about making the environment available to the workers. Is the risk of a work at home environment being completely considered? We will examine the different scenarios:
Company Provided Workstations – In most cases, companies are providing laptop or desktop computers to their employees to work at home. When a company does this, they are providing the necessary security controls such as, a secure VPN or TLS connection, protection from malware, access controls, and device management on the provisioned workstation. With the use of a secure, encrypted connection the employee operates from a remote connection as if they were a node in the office. This technology has been in circulation for some time but is being leveraged now more than ever. This is clearly the most secure form of working in a remote environment.
Personally Owned Devices – In some instances, companies are allowing their employees to use personally owned devices to perform their job. When set up properly, this can still be a secure method of computing. However, the caveat is that the sessions that are established are done through a virtual session over a web browser that does not allow for the ingress or egress of data to the personally owned workstation. For example, a company my implement an email portal that does not allow the user to save messages or attachments to their local device. Similarly, users are not allowed to move files from the personally owned workstation to the company servers. The two primary reasons for this are Data Loss Prevention and Protection from Malware, respectively.
Companies that allow the ingress or egress of data to and from a personally owned device introduce an elevated level of risk.
Mobile Devices – The other popular method of remote work is through a mobile device or phone. Like the use of a desktop or laptop, company will want to ensure that if data is moved to or from a mobile device, it is done in such a way that the data cannot leak to an unsecured area of the device and non-company data can be moved from the device to the company computing environment.
How can the risks be mitigated?
The most secure methods of remote working are:
- Provide a company desktop or laptop with full controls and a VPN to connect
- When personally owned devices are used, ensure that data cannot be moved to or from the personally owned device.
Implement a full Mobile Device Management or Container solution to segregate company information assets from personal data.