What’s your NAC policy for BYOD?
Many IT organizations are wrestling with the security challenges represented by personal devices coming onto enterprise networks (BYOD). For most organizations, it isn’t a question of whether to allow personal mobile devices into the network, but how to do it safely and efficiently. Network Access Control (NAC) has proven to be a useful tool.
NAC lets you classify users and their devices, allowing you to automatically enforce security policies based on the type of device, the owner of the device, and whether the device complies with your security policy. Policies should also specify when remediation is appropriate and include what actions can be taken.
What policies do you have in place? I’d love to hear back from you.
Here are a few options that I frequently hear about:
- Remove any device from the network if it shows signs of hostile activity
- Disable applications that are not approved
- Block peripheral devices (memory sticks, tethered handheld devices) that are not approved
- Inform the user as to the nature of his device’s non-compliance, for example lack of antivirus
By setting policy, organizations can create NAC environments that increase trust and still allow the flexibility of BYOD in the workplace. By providing policy-driven remediation options, many more devices can be granted access to networking resources. In addition, integrating NAC with the trouble-ticket system can provide insight as to why devices are being remediated and provide an opportunity to refine policy for improved overall security and compliance