Context-Aware Security: A Key to Successful BYOD

Featured article by Neal Foster, Executive Director and General Manager of Mobility and Integrated Solutions, Dell Software

Many IT departments continue to resist the idea of “going mobile,” especially if it involves bring-your-own-device (BYOD) strategies, because they worry about increasing the potential for security breaches and network attacks. Despite this, most organizations are finding it impossible to ignore the potential productivity gains that mobility offers, and many others are dragged toward BYOD by tech-savvy executives who have the power to demand it.

How can IT give users what they want and protect data assets at the same time? By implementing context-aware security. Context awareness is something most of us practice every day. For example, if you leave your car unlocked in your garage but lock it in a parking lot, you’re practicing context-aware security. Your decision is based on the situation, the context. The benefit of this approach is that you can set the right balance between the ease of not having to lock your car against the need to prevent theft or vandalism.

When it comes to mobility management, context-aware security balances the ease with which users can access network services against the need to prevent data breaches and protect private and sensitive information. A successful mobility strategy is based on granting access only to authorized users and trusted mobile devices—both corporate- and personally owned—by enforcing specific security policy requirements.

A context-aware approach to BYOD recognizes that the situation of mobile users can change dramatically depending on location, network connection, time of day, device used, data they are attempting to access and company role. Let’s say a user is trying to access sales reports on a server at the corporate office. What is the context? What is the user’s role in the organization? Is the user at a location near the office, such as a coffee shop, or in a remote country or location? If remote, does that person regularly travel there? Is the access attempt during the workday or the middle of the night? Is the person using a virtual private network to secure the transmission? Does the personal device have a secure enterprise workspace on it? Has the device been jailbroken?

The answers to these questions and others create the context that can then be used by the BYOD solution to decide how to handle the requested access—whether to decline it, allow it but with restrictions on what data is accessible, add a second or third step in the verification process, change the level of encryption for data in transit, or add other controls.

Technology requirements for a context-aware mobility strategy

Here are the key components for constructing a context-aware security strategy for BYOD:

1. Agents and sensors

The first requirement is the ability to detect and transmit the context of a mobile user, the device and network connection. Typically, this is accomplished by a software agent that reads the data accessible by the device operating system and attached sensors (e.g., GPS coordinates, cell tower, local time, applications running on the device, etc.) and checks for security information such as jailbreak or root status, device ID, certificate status and OS version. The agent then sends this data to the BYOD solution and receives the necessary information to enforce the company’s mobile security policy.

2. Analytics

By leveraging business intelligence, an analytics solution takes the raw contextual data and distills it into consumable information and insights about the environment of the user and the device.

3. A Policy engine

A policy engine enables each organization to set specific policies that achieve the proper balance between a particular user’s productivity (access rights) and the risks associated with a particular dataset. A robust solution will enable very granular and nuanced policies based on the roles and habits of users in the company, time of day, location, type and status of a device, data being accessed and even the threat context at the time (e.g. a release of a new worm, such as Heart Bleed or a threat against the company).

4. Full integration with key systems

An enterprise BYOD solution must be easily integrated with the key systems fueling the network security infrastructure, including firewall, VPN, identity and access management (IAM), human resources, data encryption, data access permissions, etc.

Context-aware security is a key enabler of successful BYOD. Such a solution makes it possible for IT to satisfy the sometimes conflicting demands of business users and compliance officers. It will also enable CIOs to face a mobility-enablement journey with much greater confidence.

Neal Foster oversees the strategy, definition, development and launch of integrated solutions that leverage Dell’s products to deliver added value. As leader of Dell’s Mobility Solutions portfolio and Powerboard products, he simplifies the operations, management and security for customers that are transforming their businesses to adopt new technologies.

Prior to Dell Software, Neal held senior leadership roles in product and business development, software engineering, marketing and general management in multiple multinational companies and technology startups, such as Motorola and Lucent Technologies. He was also technical lead and part of several teams in the development of patents. Neal has more than 15 years of experience in the technology industry. He is passionate about building great consumer experiences that change the way people interact as well as how they share information and services.

Neal holds a bachelor of science in computer and electrical engineering from Rutgers and an MBA from Wharton. He is a father of two and an ultra-marathoner based in Austin, Texas.