In a recent interview, Bill Shute told FierceMobile IT that regulated firms "struggle with how they give remote employees and agents access to content, specifically how do they govern that content." Shute's firm, Viewpointe, is a private cloud service provider offering solutions for financial services firms and other regulated industries. Viewpointe is one of many firms trying to answer the question of how regulated industries and BYOD can work together.
The reasons for the continued growth of BYOD are as numerous as the number of organizations adopting BYOD policies. Will Kelly, from TechRepublic, published a list of 5 reasons why BYOD survived 2014 and why it will grow in 2015. The first two go straight to the bottom-line:
 |  |
More cloud means more enterprise mobility, especially BYOD | Businesses are relying more on contractors versus employees |
The plethora of mobile data management (MDM) solutions on the market has made it simple for companies to institute a BYOD policy that works for mobile devices, but what about laptops? There are certainly MDM offerings that provide laptop management, but few that do so in a comprehensive yet flexible manner. There are some offerings on the market that handle remote workers, as well as on-premises devices, but they often lack an in-depth security posture assessment. There are other products that provide better security posture assessment, but they often lack the flexibility to work with both company-owned and personal assets.
It seems incongruous that there are increased adoptions of BYOD while at the same time there aren't any clear solutions for all scenarios. Many companies find themselves purchasing multiple tools to manage BYOD security by picking and choosing certain components from each in order to meet their overall strategy. Others purchase a single solution and adapt their own policy to meet what the solution can provide.
As cyber-crimes continue to increase in frequency and impact, the investment in security is quickly escalating to executive-level visibility. Every new massive corporate hacking event in the news causes some executives to think "we can't let this happen to us". For organizations without a CISO, this request is probably sent to a CIO or VP of IT with little bandwidth and even less budget for additional security measures — especially BYOD-related security.
So, how do organizations meet the needs to secure all of their various laptops? With remote workers, contractors, temps on campus, executives, and both company and privately owned devices, it can be difficult. The best security methods are tried-and-true and will stop all but the most targeted attacks.
Here are ten items to check that will dramatically improve the security of laptops:
Require that all laptops run a high-quality antivirus (anti-malware) program
Ensure that all antivirus installations are using up-to-date signatures
Require that real time protection be enabled at all times
Require the laptop's hard drives to be fully encrypted
Check that all laptops require a password in order to unlock the device
Check that antiphishing protection is enabled in all of the laptop's browsers
Require that the operating system to be patched with the latest security updates
Prohibit users from running risky software, like peer-to-peer file sharing
Check for any infections that may have been missed by the installed antivirus software
Make sure the device has an active software firewall
So, after creating a device security baseline like this, how can it be monitored and enforced? One way to enforce these device security practices is to use a purpose-built continuous monitoring tool like Gears. It is specifically designed to provide simple yet powerful security configuration monitoring for Windows and Macintosh computers.
And while Gears can be configured and ready to monitor all of your PCs in less than hour, it's most effective when combined with secure access solutions for completely automated enforcement. Gears can be quickly integrated with SSL-VPNs, NACs, next-generation firewalls, UTMs, VDI and even SaaS applications to automatically gate access to corporate resources according to the laptop's security compliance status.
By creating a Gears policy that matches your organization's HIPAA, SOX or PCI-DSS requirements, you can meet regulatory compliance requirements without expensive industry-specific software solutions. The unique architecture of the Gears product easily allows remote monitoring and compliance auditing for situations like branch offices, or registered investment advisors. This can help automate the compliance and auditing requirements for the SEC's rule 30 of regulation S-P (17 CFR 248.30).
For example, you can easily cover the HIPAA Security Standards compliance policy for PCs with Gears:
- User authentication §164.312(a)(2)(i)
- Automatic device lock-out §164.312(a)(2)(iii)
- Disk and data encryption §164.312(a)(2)(iv)
- Audit controls §164.312(b)
Gears management is cloud-based, with a small agent deployed on the endpoints for monitoring and remediation. Because there are no servers required to install or run the application, Gears can be configured for your company in less than an hour. And because it's free for up to 25 devices, you can even create a proof of concept without any capital expenditure. Go to www.opswatgears.com and click the 'Sign Up For Free' button to create your account and get started.
If you're interested in learning more, feel free to contact us for more information about specific integrations, our roadmap, and how Gears can work for you.
Meeting HIPAA compliance standards is important for protecting medical records. To learn more about how Gears can help you protect remote and other employee devices you can read our white paper, Reasons for the Popularity of Medical Record Theft. The white paper covers various solutions for protecting medical record data including multi-scanning, email security and the protection of endpoint devices (through Gears), along with research on why medical records have become increasingly valuable for cyber criminals.
