How to secure the BYOPC? Widely democratized in recent months due to the unexpected and massive lockdown caused by the first wave of the Covid-19 epidemic, the BYOPC (Bring Your Own PC) concept is now becoming a real issue for the IT departments of organizations. For them, this practice provides as many organizational solutions as it generates security issues for the information system. While it is generally not recommended to let employees use their personal computers to access their organization’s applications and resources, today there are certain solutions that allow to secure this practice. What is BYOPC? BYOPC is a subset of the BYOD (Bring Your Own Device) concept that focuses on personal computers, including Windows PCs or Macs. This means that employees can use their personal computer to access their organization’s information system from their company’s premises, from home or in a mobile situation, either on a regular basis or exceptionally (in addition of using a professional computer). According to a Gartner study, by the end of 2022, more than 50% of companies will allow the implementation of a BYOPC policy, compared to less than 20% at the beginning of 2020. This perspective is a response to the generalized lockdowns of 2020. They have forced many organizations to allow their employees to access the information system from personal computers in order to overcome the lack of availability of laptops controlled by the IT department. In this way the continuity of their business is guaranteed. Which are the challenges for the security of the information system? In a BYOPC situation, the IT department of the organization does not “control” the employee’s workstation. If they do not use an appropriate solution for this specific situation, the IT department is not able to guarantee the integrity of the employee’s workstation. If a malware is present on the employee’s personal computer, it can easily spread throughout the entire information system as soon as the user connects to the organization’s resources. This was particularly true during the lockdown period, when the number of teleworkers has more than doubled in just a few days. A large number of these employees were forced to use their personal computers, given the lack of availability of professional laptops (controlled by the IT department). Therefore, during the lockdown period from March to May 2020, the number of cyber attacks exploded, largely due to teleworking and the porosity between personal and professional use of the same computer. The lockdown also allowed hackers to introduce themselves permanently and discreetly in the organizations’ information systems, in order to attack and ransom them several weeks or even months after entering the information system. Securing access to the IS from a personal computer Securing BYOPC is nevertheless possible, particularly by using a ZTNAZero Trust Network Access. The ZTNA is a name describing products that apply a "Zero Trust", or lesser privilege, policy in the area of external access. The objective is to provide strictly indispensable access to an external user so that he can carry out the necessary tasks within the framework of his work without giving him superfluous rights or access that could represent a risk for the security of the information system. Access policies are defined according to : the identity of the user, possibly reinforced by two-factor authentication mechanisms, its connection conditions, such as its connection location or the health of the terminal used for the connection. The ZTNA makes it possible to give very fine and granular accesses to the information system differentiated according to the user, whether he is an internal teleworker or a service provider. This approach strongly limits the risks of intrusion or infection of the information system.... (Zero Trust Network Access) solution, which is much better suited to BYOPC than VPNVirtual Private Network. VPN is a technology that simulates a local area network between two trusted networks. In practice this allows two elements (workstations, servers, printers, etc.) to communicate with each other even though they are not physically located in the same computer network. Since communication between these two networks passes through a public network in most cases, VPNs incorporate security mechanisms to ensure that communication between the two networks cannot be intercepted by a third party to ensure confidentiality. This technology is very practical in the context of companies deployed in several locations that need to share computer resources, such as file sharing. For ease of use, this technology has been adopted by IT departments in cases where teleworking is used by considering the remote user's workstation as an extension of the company's computer network even though this workstation is not part of a trusted network....: while VPN gives access to a network, ZTNA gives access to an application or resource, which allows a granular access and better partitioning of the organization’s information system. ZTNA is one of the essential building blocks in the Zero Trust chain. Applicable to all users (internal or external to the organization, using a controlled workstation or not), the use of ZTNA becomes essential when it comes to BYOPC. Systancia Gate, the ZTNA solution of Systancia, also available as a cloud service (Systancia Workroom session) allows to secure the BYOPC. A compliance check of the workstation can be enabled in order to validate, for example, the presence of an antivirus, a firewall or updates, to ensure the proper management of the workstation which is not controlled by the IT department. To go further and link secure remote access from an uncontrolled workstation and ergonomics for the user, it is also possible to combine ZTNA and VDI: Systancia Workroom desk allows any user (including those in a BYOPC situation) to access their virtual desktops and all their applications in a secure manner.