Would you rather have something for free or pay for it?
Dumb question right? A free ticket to watch the Seahawks pummel I mean battle the Broncos in Super Bowl XLVIII beats paying $2,100 per ticket any day – unfortunately, not a choice you or I will likely have to grapple with anytime soon.
However, when it comes to wireless networking, this is a question we face all the time. Do I jump on the coffee shop’s complementary network after ordering my quadriginoctuple-frap, or do I use my provider’s network and eat into my data plan?
I would hazard to guess that most of us choose the free option – especially if we are going sit there and nurse that beverage all day – a choice that is repeated every day at coffee shops all around the world. In fact, we have gotten so used to making this choice as customers that we expect Wi-Fi access everywhere, including at work.
And, while an increasing demand for wireless networking may not be breaking news, many organizations still struggle when it comes to successfully deploying wireless networks in a secure manner.
So, in the spirit of the Super Bowl example above (nice work Hawks), I would like to present what coaches often call the fundamentals – only here I’ll talk about five fundamentals of securing your wireless network.
And, I’ll use roman numerals.
But no X’s or O’s.
I. Have a Plan
If you rush out, buy a couple of wireless access points and chuck them on your network, you’ll likely just make things worse. Instead, take time to understand your goals and consider some important pre-deployment questions such as:
It’s also a good idea to draft a network usage policy and have users sign it as this can help to encourage self-enforcement.
II. Implement Access Controls
Segmenting the WLAN (e.g. by VLAN), creating security policies for different SSIDs, enabling station separation, enforcing MAC control lists and user authentication can all help to ensure WLAN users, devices and traffic are only allowed to access intended resources.
III. Synchronize Wired and Wireless Networks
Make sure your wired and wireless security policies don’t conflict. If an access policy is being enforced on your wired network, ensure you are not circumventing it with your WLAN policy.
IV. Use Strong Passwords
Create strong WLAN access passwords and change them regularly. Some strong password creation tips can be found here.
V. Monitor, Adjust, Repeat
Regularly use monitoring tools and review traffic logs to see what’s happening on your network. This will help to ensure policies are being enforced as expected, identify new traffic types and applications to allow/restrict and recognize emerging threats.
To learn more about how WatchGuard can help you to deploy a robust and secure WLAN, check out our wireless page here.
Every industry has its unique set of network security challenges. In retail there’s dealing with credit card data and PCI compliance. In healthcare you need to deal with patient data and privacy requirements. Suffice it to say, the education sector has challenges that one might not initially consider and yet are very challenging in their own right.
Public school budgets are often strained today, forcing many IT managers to ‘do more with less’ and with growing security threats and booming IT innovation this is especially challenging. And while larger universities and campus-based schools may have larger budgets, they have larger challenges. Here are five network security challenges facing schools and campuses today:
1. Bring Your Own Device (BYOD) – The growing use of tablets and mobile devices by educators and students as they move to new ways of teaching and learning creates numerous network security challenges. BYOD device management is now a major need in districts and at campuses across the country. Just like any corporate organization, schools now need to think about network access policies, managing passwords more carefully, and understand how mobile devices are connecting to their networks.
2. Web 2.0 – Today’s students are more connected through social media than ever before and the Internet is playing an increasing role in education as teachers use it as part of their teaching arsenal. IT managers need to be able to allow access to certain sites and applications while restricting others. Finding this balance is not an easy challenge and requires new network security tools like Application Access Control.
3. Secure Remote Access – Student and teacher collaboration are playing an increasing role in education in today’s connected world. Today, students collaborate on projects and teachers provide feedback through cloud-based tools and by accessing school networks. IT managers need to be able to provide secure remote access to the tools that teachers and students are connecting to.
4. Multi-Point Access Solutions – Today, especially in campus environments, it’s not uncommon to have tens of buildings all connected to a single network. Being able to manage a distributed environment and its inherent security challenges needs to be simple and intuitive.
5. Identity Management – IT managers today need to be able to ensure that only authorized students and teachers can access computer and network resources. It’s through identity management that schools are able to effectively manage their acceptable usage policies and provide adequate control over access to applications.
There are many other challenges that education sector IT managers face, but these five are prevalent today and yet weren’t that long ago. Fortunately there are network security companies offering highly sophisticated unified threat management (UTM) tools and solutions, like WatchGuard. They’re flexible, powerful, robust, affordable, and can go a long way in easing the network security challenges facing schools and campuses. And, because the threat landscape is always changing, UTM solutions need to be designed to be able to easily add new network defense capabilities through security subscriptions, so costly hardware upgrades are not necessary.
Just like Principals and Superintendents, school district Network Administrators are facing the challenges of having to do more with less. Many school districts only have a small handful of IT personnel to begin with, their budgets are being reduced and they’re dealing with challenges to network security management. On top of all this, new challenges are putting a strain on networks, including:
These are challenges that, just like corporations, require smart network security solutions that do more than just stop spam or encrypt email. The Cascade School District just outside of Salem, Oregon has five campuses throughout rural Willamette Valley that serve 2300 students with a staff of 300. According to Michael King, their Network Administrator, things were getting a bit out-of-hand:
The IT department employed a mix of point solutions, each with its own management needs. “We were using ISA 2006, Windows Server, Websense for web filtering, and Barracuda for anti-spam and load-balancing, and there were big expenses for each. Yet, we still couldn’t even do things like HTTPS, which is incredibly important these days with Facebook, Google, et cetera. And, it kind of defeats the purpose to even have a web filter in place if the students can bypass it.”
Cascade School District today is leveraging most of the best-of-breed UTM security services on our XTM Next-Generation Security Platform, which includes URL Filtering, Application Control, AntiSpam, AntiVirus, DLP and IPS. This allows their IT team to meet emerging security challenges mentioned above and faced by their district (explosion of mobile device usage by students and staff, application access control to key educational and online resources, and streamlining remote access for staff). Application access control also gives them a new tool to proactively prevent cyber bullying by controlling access to popular bullying platforms such as Facebook, SnapChat or Kik Messenger. They also are able to monitor traffic on its wireless networks and throttle down users who start to bog down the network.
In addition to meeting all the challenges to network security management, the school district is projected to save approximately $24,000 in fees and maintenance and a boat load of time by consolidating these numerous point solutions into one UTM security appliance.
With cloud computing and BYOD permeating almost every organization, shadow IT is beginning to make its way onto the radar screens of business leaders inside and outside of the IT department. The truth is, however, that shadow IT has been around for decades and is not necessarily a bad thing.
Shadow IT are systems and solutions built without the approval of the organization, and they are often innovative, potential prototypes for future IT-approved solutions. The problem is that while creating real value to an organization, they are often built without key network security management protocols in place; namely reliability, documentation, control, security, and budget.
So why the hype and why now? While shadow IT has been around for a long time, the volume and velocity of applications and cloud solutions, not to mention low cost (often free) is multiplying rapidly, creating an IT snowball effect. In fact, according to a PricewaterhouseCoopers’ Digital IQ survey, at 100 companies that PwC considers top performers, IT controls less than 50 percent of corporate technology expenditures – and we’re talking pretty large companies here with typically strict IT policies in place. This is in drastic contrast to ten years ago, when the Dachis Group estimates that only 10 percent of IT spending took place outside of IT. At smaller organizations where IT departments are even less influential, this shadow IT snowball effect is even more rampant.
So what can IT departments do? The answer is securing the network and protect the organization from outside threats. Containing the growth of shadow IT may not be an option, but reducing outside threats is. Select a strong, multi-function Unified Threat Management (UTM) system that goes beyond a simple firewall to deliver strong network security management, and make sure it has these FIVE key elements:
Without question, BYOD and the cloud is accelerating shadow IT, but strong network security can reduce and eliminate the inherent risks. As a leader in network security, we work to develop solutions to enable a safe and productive BYOD ecosystem. By enforcing a practical policy, we believe that organizations can enable workforce productivity, foster goodwill and trust across the organization, achieve compliance demands, and maintain strong security–without sacrificing flexibility.
Just when you think you’ve got your BYOD device management policies nailed down, the game shifts again. Recently, the term BYOX (or BYOA: bring-your-own-anything) has forged itself into IT vernacular to characterize the phenomenon by which employees not only use any device, but also any application, content, or service to accomplish their work. When these activities occur beyond the oversight, or explicit authorization, of the IT department, they are commonly referred to as “shadow IT.”
Shadow IT has been around for quite some time, but BYOX adoption is exploding fast and permeating organizations to the point of no return. In fact, PricewaterCoopers (PwC) estimates 15% – 30% of IT spending now occurs outside the IT department budget. Today’s workforce is imbued with the mindset that, for any task–“there is an app for that.” Illustrating this, Netflix recently found that its employees were using 496 smartphone apps, generally for data storage, communications, and collaboration; while Cisco Systems found that its employees were leveraging hundreds of apps, as well as services for shopping and personal scheduling.
It’s been argued that BYOD can increase employee productivity, and an iPass survey of 1,100 mobile workers suggested that employees who use mobile devices for both work and personal needs put in 240 more hours per year than those who do not. BYOD and BYOX can also result in higher employee satisfaction and greater worker collaboration. All these benefits aside, there still needs to be tools and processes in place for network security management and data security… and there are.
Embrace the benefits of BYOD and BYOX and consider these FIVE network security management protocols:
BYOD, BYOX, shadow IT… these aren’t going away, and will likely only continue to proliferate your organization as more apps, devices, and cloud tools become available. These five network security management protocols can help get you started. For more information and five more tips, download the whitepaper – Illuminate Shadow IT and Securely Manage BYOX.
In our last blog post – 4 IT Risks and Challenges with BYOD Device Management – we highlighted some things that IT needs to be aware of when it comes to maintaining control of network security in a BYOD environment. We closed with the fact that IT must face the reality that BYOD is here and they need to enforce a BYOD strategy as part of their service to the organization. So what can you do, and where should you start?
Here are 5 BYOD device management strategies you can use to secure your corporate network and prevent data loss:
With the future of computing swaying more and more toward mobile, you’ll face an uphill battle against BYOD adoption, so embrace it. But remember that communicating your BYOD policy, and updating it as needed, is critical.
For more information on BYOD device management and mobile device security solutions, check out our recent whitepaper – BYOD: Bring Your Own Device – or Bring Your Own Danger? You’ll also find 5 more strategies for managing BYOD effectively in your organization.
Make no mistake about it – BYOD is here to stay. A 2011 IDC survey stated that 40 percent of devices used to access business applications are consumer-owned, up 30 percent from 2010 while Gartner published a report that by 2014, 80 percent of professionals will use at least two personal devices to access corporate systems and data. So BYOD is the new workplace reality. In the end, there are multiple reasons – from cost reductions to increased employee efficiencies – that support corporate adoption. IT must, however, take into account the risks and challenges associated with BYOD device management.
In many ways, BYOD started at the top. Senior executives who wanted to work from home and abroad were among the first to demand that IT enable access to corporate resources from their personal devices. Because these C-level exceptions were relatively infrequent, IT could manage risks associated with the requests.
The trickle down from this exception quickly escalated, and many organizations have been caught off guard without a BYOD policy in place. And, because consumer devices are so diverse in capability, form factor and function, IT departments can be frustrated with efforts to develop a scalable and manageable plan on how to allow or deny specific consumer devices into the organization.
Unquestionably, BYOD challenges long-standing IT controls to minimize and mitigate risk. And, as businesses explore how to adopt BYOD, the risks associated with it must be examined. Here are 4 risks and challenges inherent in BYOD device management.
1. Data loss. Data loss can vary, and the consequences can be extreme. For example, a recent study by the onemon Institute estimated that a data breach could cost a company about $200 per compromised record, based upon a variety of factors including the cost of lost business because of an incident; legal fees; disclosure expenses related to customer contact and public response; consulting help; and remediation expenses, such as new security technology and training. Additional costs can also hamper the bottom line… as an example, a retailer that experiences a data breach may have to pay for credit monitoring services for customers, payment of legal settlements, and PCI DSS information controls for up to 5 years.
2. Viruses entering the corporate network via consumer devices as well as intrusion attacks. Granted, the industry is at a nascent stage of targeted intrusion attacks via mobile devices, but the expectation is that hackers will be able to break out of device browser “sandboxes” and get access to other device functions. This could easily lead to directory harvest attacks or new types of BYOD-driven botnets.
3. Policy enforcement. With so many devices available to the consumer, IT departments are simply ill equipped to create device-by-device BYOD device management policies. Due to the wide range of devices, it is critical for IT to be able to identify each device connecting to the corporate network, and be able to authenticate both the device and person using it.
4. Insufficient insight into what’s happening in their network. Without being able to see what is going on in the corporate network, IT is hindered in its ability to protect business and information assets. That lack of insight (both in terms of logging and reporting) supports the adage that “you can’t protect what you don’t know.”
There are a myriad of challenges that IT faces in order to deal with BYOD device management. Some of these are risk-management challenges; others are empowerment and usage challenges. Nonetheless, IT must expect to adopt and enforce a BYOD strategy as part of its services to the organization.
Employees increasingly use personal devices, including, tablets, smartphones, and laptops, to accomplish their work faster, more flexibly, and from anywhere. Yet, while BYOD (Bring Your Own Device) offers more control and independence for workers, it can reduce the control organizations have over securing their networks.
Endpoint protection and robust encryption are generally mandated on company-owned devices, but personal devices often lack these safeguards. Moreover, devices used for personal computing and messaging, when off the company grid, lack the protections of the network firewall, leaving the entire organization exposed to hacker exploits, or malware infection, when the device re-connects to the network.
More than a quarter of companies reportedly lack security requirements for smartphones.1 However, companies that do implement security policies for mobile devices still face the threat of employees trying to bypass these requirements. A Ponemon and Websense joint survey highlighted just that—59% of respondents claimed that employees circumvent or disengage security features such as passwords and key locks.2
Lost Personal Devices: A Data Minefield
In the case of a lost or stolen personal device that stores company-owned data, an employee may be unwilling to have their device data wiped remotely. In fact, only 55% of mobile workers report having remote wipe enabled on their smartphones, and just 30% on their tablets.”2 The inability to rapidly dispose of sensitive data, particularly unencrypted data, exposes organizations to considerable risk.
What You Can’t See, Can Byte You!
A Mobilisafe study encompassing 130 million device connection events reported that over a third of the devices with network access and/or corporate data went inactive for more than a month.3 The presence of so many personal devices used for work that are unaccounted for, and that may retain sensitive data and user credentials, poses a latent threat to organizations.
Outdated Firmware and Version Control
The sheer number and variety of personal devices and operating systems that may be in use across an enterprise poses daunting challenges for IT. Mobilisafe found that 71% of mobile devices contained high severity operating system and application vulnerabilities. Mobilisafe theorizes that severe vulnerabilities could be reduced 4-fold simply by updating firmware.3
Malware Breeding Grounds
Smartphone users routinely download music and games, access applications, and execute files with minimal regard to file source or authenticity. Ponemon and Websense reported that, in a one year period, 51% of surveyed organizations experienced data loss resulting from employee use of insecure mobile devices.2
With all the potential pitfalls, it’s easy to understand why some people more cynically refer to BYOD as “Bring Your Own Danger/Disaster.”
Taking BYOD Head-On
Organizations that try to ban personal devices outright, may repel productive and creative workers, or induce employees to work outside the rules.
A successful BYOD security policy should strive to:
As a leader in network security, WatchGuard Technologies develops solutions to make your BYOD environment a safe and productive ecosystem. By enforcing a practical policy, we believe that organizations can enable workforce productivity, foster goodwill and trust across the organization, achieve compliance demands, and maintain strong security–without sacrificing flexibility.