我们生活在一个时代,企业的 IT 部门仍在努力适应安全领域的自带设备或 BYOD模型。(Bring Your Own Device or BYOD)在我们关于BYOD实施的文章中,我们谈到了两种可能性:一种是员工使用公司拥有的设备,另一种是组织使用员工拥有的设备。在后一种情况下,安全问题更多,员工可能不同意在他们不在办公室时对事情进行审查。因此,他们开始使用自己的网络,而不是办公室网络。他们也将自己的网络带到办公室。会对企业的安全产生什么影响?本文着眼于什么是自带网络(Bring Your Own Network)或BYON以及它如何影响企业的安全?
什么是自带网络或BYON?
BYON代表自带网络(Bring Your Own Network)。为了节省成本和提供更好的员工福利,一些组织允许其员工在办公室使用自己的网络。官方网络和VPN(VPNs)通常的设计方式是,在组织中工作并使用这些网络的人无法访问某些可能会妨碍生产力的网站。但似乎是最新趋势,初创公司和类似组织正在为员工提供没有网络或VPN的服务。相反,他们为员工用于连接和使用Internet或Intranet(Intranets)的网络付费。或者在某些情况下,本地组织网络和员工的数据载体都存在。
组织的网络可用于访问与该组织有关的数据,而数据载体可用于Internet上的任何内容。如果涉及内部网,员工可以使用自己的数据载体登录。
这里也可以设想第三种网络。可以将移动设备设置为热点,其他移动设备可以使用该热点连接到Internet或Intranet 。在我写这篇文章的时候,我并不真正理解BYON的概念,对我来说,这是一个严重的安全问题,而不是任何形式的员工福利或组织的储蓄。让员工使用组织网络来浏览他或她想要的东西,而不是让他们使用他们的蜂窝数据或互联网(Internet)加密狗来访问互联网(Internet)会好得多。至少,这样一来,公司的机密就不会被泄露出去。
BYON 的安全风险
在互联网(Internet)已成为信息搜索中心的世界中,存在许多技术,并且每天都在设计以“使”人们提供他们的个人数据。你知道网络钓鱼。你也知道社会工程学。在网络钓鱼的情况下,犯罪分子会尝试使用不同的诱饵来收集您的个人数据。在社会工程中,犯罪分子与您的一名或多名员工成为朋友,并开始“提取”与您的组织有关的数据。也就是说,这两种方法结合起来——如果你的任何员工上钩了——对你的组织来说可能是灾难性的。
不仅如此,使用蜂窝数据进行组织工作可能会带来另一个问题。无法保证您员工的移动设备与他或她正在访问的网站之间的连接是加密的。如果没有加密,犯罪分子可以轻松检查正在传输的数据以及如何使用这些数据为自己谋取利益。例如,一旦他们登陆Intranet,有人使用未加密的蜂窝数据登录,他们可能已将登录凭据提供给窥探您组织的人。这样一来,您的数据隐私就可以达到员工可以访问您的数据库的程度。
如何实施——让员工负责(How can it be implemented – Make the Employee responsible)
到目前为止,不同组织用来实施BYON的唯一方法是:
- 教育员工使用自己的互联网(Internet)连接的风险
- 让员工对发生的任何数据泄露负责
第二个对您组织的员工构成更大的威胁,他们更愿意使用公司网络。这意味着您必须为他们提供一个本地网络,只要他们在办公室,他们就可以使用他们的网络。他们可能会小心地使用蜂窝网络进行其他工作,例如在空闲时间浏览。
在我看来, BYOD(BYOD)的整个实践是错误的,因为它允许员工将组织数据带回家。此外(Add),如果一个组织允许将自己的网络用于BYOD,这种情况可能会随时破坏组织数据的所有隐私。这是一颗炸弹,从最近的数据泄露中可以明显看出,部分员工的一个简单错误可能会给整个组织带来可怕的损失。
BYON 的其他问题
自带网络带来(Bring)的许多其他问题包括 IT 支持无法配置员工的网络;如果其中包括审查某些网站,任何员工都不会同意。
IT 支持无法解决员工自己的网络问题,因为它们可能与不同的数据载体有关。对于故障排除,员工将不得不致电他们正在使用的数据服务提供商。这里的一个选项可能是为所有员工提供一个单一的数据载体计划,但我不知道它有多可行。几乎(Almost)每个人都有自己的最爱,因此有些人可能不同意更换他们的网络提供商。
如果有的话,很难跟踪哪个员工正在使用公司Intranet上的哪些资源。员工的责任将受到限制,因为没有任何万无一失的方法可以让管理员知道谁的粗心导致数据泄露。在选择BYON(BYON)之前,该组织可能必须对此进行详细计划。
这些是我对BYON是什么、相关的安全问题以及在需要时如何实现它的看法。除非您希望您的员工在办公室玩一些在线游戏,否则我认为不需要 BYON 。(BYON)但这是我自己的看法。
我很高兴知道您的意见,因此,将等待您的意见。(I would be glad to know your views and hence, will be waiting for your comments.)
What is Bring your own Network or BYON?
We are living in an era wherе the IT departments of businesses are still trying to fit in the Bring Your Own Device or BYOD model in a secure arena. In our article on BYOD implementations, we talked of two possibilities: one where the employees use company-owned devices and one where the organizations use employee-owned devices. The security issues are more in the latter case where the employees may not agree to get things censored when they are not at the office. So instead of the office network, they start using their own network. And they bring their own networks to the office as well. What effects would it have on the security of the companies? This article looks at what is Bring Your Own Network or BYON and how it affects the security of businesses?
What is Bring Your Own Network or BYON?
BYON stands for Bring Your Own Network. For saving on costs and in form of better employee perks, some organizations allow its employees to use their own network at the office place. The official networks and VPNs are generally designed in a way that people working in the organization and using those networks, cannot access certain websites that may hinder productivity. But in what seems to be the latest trend, startups and similar organizations are providing employees with no network or VPN. Instead, they pay up for the network the employee uses for connecting and using the Internet or Intranets. Or in some cases, both the local organizational network and employee’s data carrier is present.
The network of the organization can be used to access the data pertaining to that organization while the data carrier is used for anything on the Internet. If there is an intranet involved, the employee can use his own data carrier to log into it.
The third kind of network can also be envisioned here. A mobile device can be set up as a hot spot and other mobile devices connecting to the Internet or Intranet using this hotspot. As I write the article, I do not really understand the concept of BYON, as for me, it is a serious security issue rather than any kind of employee perks or savings for the organizations. It would be much better to let the employee use the organization network to browse what he or she wants instead of allowing them to use their cellular data or Internet dongle to access the Internet. At least, that way, the company secrets won’t be let out.
Security Risks of BYON
In a world where the Internet has become a hub for information seeking, many techniques exist and are being designed each day to “make” people give out their personal data. You know about phishing. You also know about social engineering. In the case of phishing, criminals try to collect your personal data using different baits. In social engineering, the criminal befriends one or more of your employees and starts “extracting” data pertaining to your organization. That is, combined, both the methods – if any of your employees take the bait – can prove disastrous to your organization.
Not only that, using cellular data for organizational work may provide another problem. There is no guarantee that the connection between your employee’s mobile device and the site he or she is visiting is encrypted. Without encryption, criminals can easily check out what data is being transmitted and how to use it for their own benefit. Once they land upon the Intranet where someone logged in using their cellular data without encryption, for instance, they may have given out their login credentials to someone snooping on your organization. With that, goes the privacy of your data to the extent the employee could access your database.
How can it be implemented – Make the Employee responsible
As of now, the only method different organizations are using to implement BYON are:
- Educate the employee about the risks of using own Internet connections
- Making the employee responsible for whatever data breach occurs
The second one is more of a threat to the employees of your organizations and they would prefer to use the company network. That means you have to provide them with a local network they can use with their networks as long as they are in the office. They may use cellular networks – with care – for other works such as browsing during the free time.
In my opinion, the entire practice of BYOD is misplaced as it allows employees to take home organizational data. Add to it, if an organization allows usage of its own networks to BYOD, the situation can blow up all the privacy of organizational data anytime. It is a bomb ticking and as evident from recent data breaches, a simple mistake on part of an employee can be a terrible loss for the entire organization.
Other Problems With BYON
Among the many other problems that come with Bring Your Own Network are that IT support cannot configure the employees’ networks; no employee would agree to that if it includes censoring some websites.
The IT support cannot troubleshoot issues with employees’ own networks as they may be related to different data carriers. For troubleshooting, the employee will have to call up the data service provider they are using. An option here could be to provide a single data carrier plan to all the employees but I do not know how feasible it would be. Almost everyone has their own favorites and hence some may not agree to change their network providers.
It would be hard to track which employee is using what resources on the company Intranet if there is one. The liabilities of employees will be limited as there won’t be any foolproof methods that would let an admin know whose carelessness caused a data breach. The organization may have to plan out on this at length before they go for BYON.
These are my own views on what is BYON, what are the security issues related to, and how to implement it if required. I do not think BYON is needed unless you want your employee to play some online game in the office. But that is my own view.
I would be glad to know your views and hence, will be waiting for your comments.