How to Spin Up a Robust BYOD Security Strategy for your Growing Remote Workforce

By Marc Gaffan. October 21, 2020

Before the pandemic, the trend of remote work had been slowly increasing. Most companies assumed employees would be working from the office most of the time. Similarly, some companies allowed employees limited remote access to the corporate systems from their personal devices (BYODs).

Following the COVID-19 outbreak though – offices around the globe were forced to shut down and send employees home, leading to a major challenge in enabling business-as-usual remotely and particularly in budgeting, acquiring and provisioning enough corporate devices to support so many remote employees. This led to a sudden spike in the need for employees and contractors to use their own personal computers as a solution to this problem. As a result, Bring Your Own Device (BYOD), or more accurately, Bring Your Own Personal Computer (BYOPC) which better matches the remote workforce movement, has since been more broadly adopted as a means to enable remote corporate access across the globe.

The workplace setup changed overnight, and thus, so did the risk landscape – most likely for the long run. The BYOPC model poses unique challenges for security standards, network access management, data security and the privacy of your employees. In fact, 70% of breaches start with an endpoint and so it isn’t surprising that the rise in implementation of BYOPC models, mostly used from home networks, has increased threats even further.

Finding the best BYOPC solution for a remote workforce

“Microsoft isn’t alone in allowing employees to permanently work remotely. Facebook is shifting tens of thousands of jobs to remote work, and up to half of employees could work remotely within five to 10 years” -The Verge, “Microsoft is letting more employees work from home permanently”.

Microsoft and Facebook aren’t the only ones.

Gartner predicts that emerging BYOPC solutions are expected to continue to grow in popularity and expand in capabilities over the next five years. And as noted in a Channel Research article, “…BYOPC is on the rise. As a result, businesses need to address a remote workforce in numbers they never before considered. And post-pandemic, the remote workforce/hybrid workplace will be a reality.”

And due to this sudden adoption of BYOPC, the risk landscape has changed at lightning speed – most likely permanently. In fact, according to a report from Upwork, “63% of employers have remote workers”. According to a recent survey from AT&T, “one in three (35%) employees are using devices for both work and personal uses, one in four (24%) are sharing or storing sensitive information in unsanctioned cloud applications, and almost one in five (18%) are sharing their work device with another family member.”

These numbers illustrate both the increase in the size of the remote workforce as well as the increase of the related dangers. With such a speedy trend in-play, enterprises need to enable employees and contractors corporate access from non-corporate-owned devices to the enterprise network by offering robust secure system access and corporate data protection with minimal impact on user experience and privacy. And they need to be able to do this for the long run as the number of employees and contractors working from home grows.

Upcoming webinar: Isolated Workspaces vs Traditional VDI, DaaS – which is right for your remote workforce?

Where traditional BYOPC programs are falling short

Most of the existing BYOPC solutions have significant security, user experience or cost challenges associated with them.

Allowing corporate access from a BYOPC using VPN

When accessing the corporate network from unmanaged devices using VPN connections, security risks increase because the device itself could already be infected. The solution to this exposure has often been to deploy endpoint security products on these non-corporate devices. However, by doing so the enterprise is effectively monitoring all activities on the users’ non-corporate device which also includes their personal activities and information which creates a significant liability for the enterprise. Another challenge that VPN connections create is the fact that by being connected to the corporate network the users are often being restricted to browse certain websites which are disallowed due to corporate restrictions. This means that the user cannot use their own device for personal use while connected to the VPN. In some cases enterprises will use split tunneling to allow the user to simultaneously connect both to the corporate network and directly to other non corporate destinations. However this results in connecting the corporate network with the internet with no security measures in place.

Allowing corporate access via a VDI or DaaS solution

A very common solution for allowing corporate access is using a Virtual Desktop or Desktop as a Service (DaaS) solution. With both these solutions, the user can access a virtual desktop that resides in a datacenter or a public cloud. There are several challenges that these solutions pose to both end users, IT organizations and security teams. Due to the fact that end users are remotely accessing a computer over the network, they are subjected to a very subpar user experience: They have no access to their remote virtual desktop when they are offline, when on a slow or choppy internet connection the rendering of their desktop can be interrupted leading to a “non-realtime” user experience. Furthermore, they are often unable to use peripheral devices such as USB devices or printers that are connected to the device from which they are accessing the virtual desktop.

From an IT perspective, these solutions are very costly as organizations need to purchase dedicated software to deploy and manage their virtual desktops, they need to provision the desktops with dedicated operating systems and they need to pay for all the compute costs associated with running the virtual desktops in their data center or cloud.
From a security perspective, while virtual desktops are considered quite secure due to the fact that the actual workload is remote, the users are still susceptible to credential and data theft via keylogging and screen capturing that can be performed from the host device from which they are accessing the virtual desktops.

Hysolate – A new way to enable robust BYOD/BYOPC program

As the first Workspace-as-a-Service solution, Hysolate enables companies to securely implement a BYOPC workforce model, while saving costs on hardware, licensing and adoption. We enable organizations to instantly create, and deploy a local virtual environment on user endpoints and manage them from the cloud. This virtual environment is clean of malware and completely isolated from the rest of the device, leveraging unmanaged personal devices without increasing security risks.

VPN, Zero Trust or any other form of access from the Hysolate Workspace to the corporate network can be performed with corporate endpoint security measures installed and enforced; corporate data is contained on the device in the isolated Hysolate Workspace environment and cannot be exfiltrated. Additionally, if the user’s device is infected at any time, thanks to the isolation, that infection won’t affect the corporate workspace, and IT can also choose to easily perform remote data wiping for additional assurance that data is secure.

Thanks to the completely isolated workspace, this also means you don’t need to worry about privacy protection liabilities. Users can enjoy a fast and native-like experience when accessing corporate systems from within their Hysolate Workspace on their own devices while also having access to their personal applications on their personal device. Just as corporate work and data are completely isolated and kept safe through the Hysolate workspace, so is the employees’ personal data kept private, since it resides directly on the device operating system and separate from the workspace. Users can browse freely, without worrying about big brother. Context switching is smooth and simple and virtually transparent to users.

With Hysolate, security teams can effectively cope with the many risks associated with remote work and provide their employees with an ideal user and remote working experience. Security and IT teams are relieved of the burden of managing so much hardware and operating systems, and they no longer need to worry whether employees will abide by policies because provisioning and adoption are easy. Costs are significantly cut: no need for advanced knowledge even for the IT staff, no need for special user training, no need for IT maintenance, and no need for individual operating system licensing. Hysolate provides you with a BYOPC security solution that saves costs and supports productivity.

Start your 14-day free trial and read more to learn how Hysolate can support your BYOPC strategy and strengthen your security posture fast.

About the Author

Marc is CEO of Hysolate, and has enjoyed a long and successful entrepreneurial and Cyber security career. Prior to joining Hysolate, Marc was the Chief Business Officer at Nexar, where he led sales, marketing, biz-dev, customer success and field operations. In 2009, Gaffan co-founded Incapsula and after its acquisition by Imperva, led the Incapsula business as CEO to $100 million in run rate, protecting millions of websites worldwide and many of the world’s largest enterprises and Telcos. Marc is a thought leader and has appeared before the US Congress, FDIC and Federal Trade Commission on cyber security and identity theft topics. He holds an MBA and a B.Sc in Computer Science and Economics from Tel Aviv University.

Share this article: