Pokemon Go may have been good for Nintendo, but more than a few enterprise-level security managers have a different opinion about the now-viral app. As to why, TechRepublic’s Brandon Vigliarolo offers several reasons in his post Pokemon Go: is it a BYOD security nightmare?

As Vigliarolo’s title alludes, the problem is deeper than the actual application and its immense popularity. To use a well-worn cliche, it may be the piece of straw that breaks the camel’s back. Securing BYOD, in particular, mobile devices, is fast becoming a problem of epidemic proportion.

“It’s clear there is no stopping BYOD, so the only possible solution is to deal with it,” writes SolarWinds’ Vinod Mohan in a Cyber Defense Magazine post. “But dealing with BYOD poses a great challenge for IT security teams at organizations, as they have to assess the various threats associated with it while also implementing proper security measures and policies to prevent security lapses and mishaps.”

Mohan goes on to mention the two most challenging areas related to BYOD involve networking the devices: dicey network access and network management mayhem.

Dicey network access

Most organizations have Wi-Fi, thus employees know the Wi-Fi access password. Unless there are systems (Mobile Device Management) in place to control what devices access the network, employees can easily connect their personal devices to the company network. “However, if the device is not equipped with the required level of malware protection, it can be potentially dangerous to network security,” explains Mohan. “Also, if the Wi-Fi password is exposed or leaked, any unauthorized outsider crossing over the organization’s Wi-Fi space can gain immediate network access and pose security risks.”

Network management mayhem

Before BYOD, security managers had a good idea of what devices were attaching to the company’s network; now all bets are off. “There are more IP-enabled devices to monitor, more IP addresses to manage, more IP conflicts to resolve, and more end-points to monitor network bandwidth usage,” adds Mohon.

Something else to consider: Within a few years it’s predicted there will be over over six billion IoT devices making connections to these same networks.

SEE: BYOD (Bring Your Own Device) Policy (Tech Pro Research)

Why current solutions are inadequate

Besides being overwhelmed by the influx of BYOD and IoT devices, there are concerns about the current security protection methods. Adrian Shaw and Ludovic Jacquin of HP Labs Bristol in their HP blog post mention that individual mobile devices are typically secured by installed tools (antivirus, personal firewall, parental control, etc.), but the approach is far from headache-free because:

  • Privileged access on the device is required
  • Appropriate protection tools may not exist on all platforms
  • Tool capabilities and semantics may vary across different devices
  • The security tools may consume too many resources

SEE: Securing Your Mobile Enterprise (ZDNet/TechRepublic special feature)

Introducing SECURED

Along with Shaw and Jacquin at HP Labs, scientists and engineers at several European research institutions and two major telecommunications companies came together to address the problem of securing BYOD and IoT devices. After three years of collaborative effort, the consortium members have their answer: SECURED (SECURity at the network EDge). The project is described as:

“An innovative architecture to achieve new protections from Internet threats by offloading the execution of security applications from network endpoints into programmable devices at the edge of the network, such as home gateways, enterprise routers, or servers.

The SECURED consortium members include Hewlett-Packard Labs, Telefonica I+D, Politecnico di Torino, the Barcelona Supercomputing Centre, Universitat Politècnica de Catalunya (UPC), the United Nations, VTT Technical Research Centre of Finland, and the Cypriot telco PrimeTel.

How SECURED works

Shaw and Jacquin, in their HP Labs post, offer this high-level view of SECURED:

“The architecture developed by the SECURED consortium creates a new, trusted and virtualized execution environment that allows different actors (e.g. single users, corporate ICT managers, network providers) to install and execute multiple security applications on any compatible Network Edge Device (NED) to protect the traffic of a specific user. This approach reduces the load on mobile devices, and guarantees both enforcement of user-specific and device-independent security policies and uniform protection across different devices and networks.”

Besides improving the security of computing devices attaching to an organization’s infrastructure, Shaw and Jacquin suggest that SECURED will facilitate the following:

  • Creation of trusted network security applications
  • Development of policy-based security configurations, with support for hierarchical and multi-source policies
  • Formation of security marketplaces to trade applications and exchange best-practice policies
  • Protection for IoT environments, where nodes typically have limited computational and communication capabilities

The SECURED project (Figure A) is described in more detail in these papers: Exploiting the network for securing personal devices (PDF) and Offloading security applications into the network (PDF).

Figure A

BYOD is here to stay

BYOD and IoT devices are here to stay. Platforms like SECURED should help those responsible for an organization’s digital security battle the inevitable issues.