Wi-Fi security risks
"Wi-Fi is a really vulnerable back door in the BYOD context," warned Michela Menting, senior analyst with ABI Research. "There is usually no policy management on personal phones, and users are not restricted in what they can do there. This is a massive problem if you allow connections to the enterprise Wi-Fi. You could let anything onto the network that way--malware, keyloggers, spyware, and trojans," she told FierceMobileIT.
"If your personal device can serve as the way in for malware, it can allow data to be taken out as well. And all of this is outside the purview of the IT staff," Menting observed. Spyware on a personal phone could enable a hacker to get the user name and password, and then log onto the network, she said.
Menting said that network security is one of the most "underrated problems" when it comes to BYOD.
Sapien noted, however, that there are "authentication tools that are available" to help secure access to the Wi-Fi network. "In addition, firewalls can be set up between Wi-Fi networks so that the employee network can be separated from the contractor network," he observed.
"There is the management of the Wi-Fi network, the security and access to it and the approved use of it. Approved use is the corporate policy about how the employees and others use the network and what sites they can access," Sapien said. "That also relates to the broader BYOD policy," he added.
Rudd of Strategy Analytics noted that there are application-level security measures to restrict access, to certain applications and data, to general Wi-Fi users.
"Wi-Fi security remains a top concern for enterprises. These are devices going across Wi-Fi networks. When they come in, the user may have a device with vulnerabilities picked up on a public Wi-Fi hotspot or other public network, and when they bring those devices into the corporate Wi-Fi, there is always the possibility that that vulnerability may infect the enterprise network," Mehra said. Network policies need to spell out who gets access to what resources on the network, he added.
"Before they get the Wi-Fi infrastructure, I would advise IT organizations to look at implementing and rolling out a fine-grained policy that is shared with the entire employee base. Once employees have a clear idea what the organization's BYOD and IT policy is, they will have a better understanding and leads to improved user satisfaction with the Wi-Fi infrastructure," Mehra concluded.
The BYOD trend is here to stay. To cope with the additional burdens and security risks posed to their Wi-Fi networks, enterprises need to develop robust networking testing, planning, management and security. Otherwise, the increasing demands will overwhelm the Wi-Fi network, costing the enterprises time, money and productivity.