Blue Coat Labs

Labs Blog

BYOD and the need for Mobile Application Controls

BYOD and the need for Mobile Application Controls

Tim Chiu

BYOD is one of the latest buzz words in security.  In case you aren't completely caught up with the news, BYOD stands for "Bring Your Own Device".  It refers to the proliferation of smartphones and tablets that employees are bringing into work and attaching on to the organization's network.  One analyst estimates the average employee owns 2.4 devices that they bring into work and connect to the corporate network.

This brings a number of challenges to the organization, including how to enforce corporate policy on these devices, which may not be managed by the organization's IT group.  While typical web-access and web application policy may be enforced by the secure web gateway or proxy when the device is on the organization's network, there's the issue that mobile applications that are downloaded from app stores, typically do not use the same websites, URLs and even commands as their web based counterparts.  A secure web gateway that's not mobile application aware isn't going to be able to enforce policy on the Facebook or Twitter app on the smartphone or tablet, even if it can enforce policy on the Facebook and Twitter web pages.  For an organization that's concerned with enforcing corporate policy on the enterprise network, having a secure web gateway that not only recognizes URLs used by mobile applications, but one that has fine grained control over operations in mobile applications is key to being able to offer custom access to specific parts of applications as needed by different groups or individuals in the organization.

Mobile application controls are similar to web application controls, in that they offer the ability to limit access within an application, such as the ability to allow users to read a twitter stream, but prevent the ability to "tweet" out a message from the corporate network, which may contain confidential or secure location information.  These controls can also prevent downloading and/or uploading of files on certain applications, like the file sharing application "Box".  That's important to make sure the device doesn't get infected and helps to prevent data loss of corporate information and assets.

The other challenge BYOD brings is around performance and bandwidth.  While the secure web gateway may have enough performance and bandwidth for one device per employee, what happens when there's three devices in use by the employee and all three are checking and updating email and Facebook at the same time?  These devices also have a bandwidth challenge when they download updates to their operating system and applications.  For example, for Apple devices, iOS updates have been rather large lately, and if every iOS device downloads their updates during work hours, these updates can very quickly overwhelm a WAN link. BYOD only promises to increase the number of devices on the network as the tablet and smartphone market continues to grow. 

It's time to make sure your secure web gateway has up to date technology to handle BYOD and mobile applications, as well as enough capacity to handle the coming increase in bandwidth requirements.  This may be a good time to look at bandwidth saving technologies as well, including object caching for bandwidth savings and stream splitting for video, one of the biggest hogs of network bandwidth.  Blue Coat's ProxySG appliance solution offers web and mobile application control, along with bandwidth saving technologies like caching and stream splitting today to meet the challenges of managing web access in today's BYOD world.  In addition, Blue Coat Cloud Services offer the same web and mobile application controls giving IT administrators the option of using a cloud based service for their secure web gateway needs today for their organization, branch offices, and/or remote worker.