BYOD – Take opportunities, limit risks
Many IT managers currently face the challenge of implementing private end-user devices into corporate networks. The reasons are manifold:
- Save costs for corporate notebooks
- Increase productivity through flexible working hours
- Motivate employees by letting them choose their work device
But the safety risks that result from opening the company network to private devices are even more diverse:
- Infiltration with malware
- Theft of access data Espionage on private PCs through Trojans
- Data abuse by attackers or users
- Loss of locally stored data in case a notebook gets lost
It has turned out in practice that, in most cases, the additional administrative effort caused by bringing in private devices knocks out the related savings:
- Installation and configuration of required VPN/client software on the end device
- Continuous monitoring of security measures on the private PC
- Support efforts due to malfunctions and caused by the installation of the access software
- Support efforts due to interruptions of the operating environment caused by the installation of private software
The challenge is therefore to find a solution that implements the advantages of BYOD (bring your own device) while meeting the highest security requirements and needing the less support efforts. To meet the highest data protection requirements, private usage must be absolutely separated from business usage.
How it works
Opportunities without risks
Once ECOS SECURE BOOT STICK (SBS) is plugged in, the private notebook or PC starts within an enclosed ECOS Secure Linux environment. The local hard disk and its local operating system are not triggered. All software required to set up a secure VPN tunnel and a connection to Citrix, Microsoft Terminal Server, VMware View or web applications is already stored on the stick.
Access to company servers is effected from within an enclosed and protected environment which excludes any malware infiltration and effectively prevents subsequent attacks. ECOS SECURE BOOT STICK also acts as part of a two-factor authentication. To successfully authenticate, both the knowledge of the login details and the possession of the personalized stick are required. Thus, spying on login data will be unrewarding for potential attackers. Booting the PC from the stick will not address the local operating system, hence, potential malware can’t be activated. Screen logging by Trojans is excluded too. Without the administrator‘s explicit approval, data can neither be printed nor stored on external storage media, thus prohibiting any data abuse by attackers or users. With the use of ECOS SECURE BOOT STICK, data will not be locally stored and therefore can’t be lost in case of a malfunction or even loss of the device.
Minimal administration efforts
All software required to access data and applications is already stored on the stick. The central configuration is effectuated through the management appliance. Consequently, no installation or configuration work on the private PC is necessary. Neither is the local operating system addressed nor will drivers or other files be loaded from the local hard disk. Likewise, no data will be stored locally. From the company’s point of view it is irrelevant whether the PC is equipped with a virus scanner and a hard disk encryption or not. The local hard disk will in no way be addressed. Hence, malfunctions caused by private software and subsequent support effort are excluded during the official usage of the PC. The rigorous separation of private from business usage also excludes any modification of the company software by private installations. Using ECOS SECURE BOOT STICK ensures that the private usage of the PC is entirely decoupled from its business usage. The stick contains both the operating system and the software required for official use. ECOS SECURE BOOT STICK can therefore be considered as company hardware and the home PC as private periphery.
Learn more about ECOS SECURE BOOT STICK.