Updated CESG BYOD security guide boosts VAR chances

Government information security guidelines have been updated to target BYOD and remote working challenges

CESG -- the national technical authority for information assurance -- and the Centre for the Protection of National Infrastructure have released guidance for BYOD and remote working, opening up a new angle for channel sales.

The UK government's new guidance notes published 6 October outline appropriate practice and risk minimisation actions for organisations with a BYOD policy, with particular reference to remote working, specific platforms and device types.

Graham Jones, UK country manager at security VAD Exclusive Networks, confirmed that this new guidance suggests a broadened area of opportunity for the channel -- going beyond resellers helping customers work out what technology they need but actually giving VARs a chance to start customer conversations about BYOD policy, remote working and security.

"On BYOD we came up with something ourselves a year ago, so I think with this initiative, it is about time," Jones (pictured, right) said.

"It can become quite scary when people realise how many applications in the cloud their people are accessing. We've been a bit scared ourselves, actually. You might think they're accessing five -- but you don't know what your staff are using. I think the record in one study was about 400 apps."

The CESG notes give channel companies a chance to open a few more doors to a conversation that can educate customers about the challenges out there and how to deal with those issues, Jones said.

He added that such a conversation also works well against the backdrop of initiatives such as Exclusive's own Cyber Attack Remediation and Mitigation (CARM), which helps end customers find the right combination of offerings from different vendors to deal with their own individual circumstances.

There is a focus on mitigation rather than absolute prevention of breaches, and a recognition of the complex, hybrid environments now in existence as well as the dependency of organisations on their mobile devices, related device data, and business continuity.

The CESG guidance applies to any type of BYOD software product running on a personally owned device, including: container applications on personally owned smartphones; bootable USB media on home PCs; and remote desktop or remote application products.

Related notes describe 12 areas of focus for end user device security.

They include: assurance of data in transit; assurance of data at rest; authentication; secure boot processes; platform integrity and application sandboxing; application whitelisting; malicious code detection and prevention; security policy enforcement; external interface protection; device update policy; event collection for enterprise analysis; and incident response.

Additionally, specific advice is given on implementing BlackBerry Secure WorkSpace, Excitor G/On OS and Windows to Go environments.