How to secure the BYOPC?


Widely democratized in recent months due to the unexpected and massive lockdown caused by the first wave of the Covid-19 epidemic, the BYOPC (Bring Your Own PC) concept is now becoming a real issue for the IT departments of organizations. For them, this practice provides as many organizational solutions as it generates security issues for the information system. While it is generally not recommended to let employees use their personal computers to access their organization’s applications and resources, today there are certain solutions that allow to secure this practice.

What is BYOPC?

BYOPC is a subset of the BYOD (Bring Your Own Device) concept that focuses on personal computers, including Windows PCs or Macs. This means that employees can use their personal computer to access their organization’s information system from their company’s premises, from home or in a mobile situation, either on a regular basis or exceptionally (in addition of using a professional computer).

According to a Gartner study, by the end of 2022, more than 50% of companies will allow the implementation of a BYOPC policy, compared to less than 20% at the beginning of 2020. This perspective is a response to the generalized lockdowns of 2020. They have forced many organizations to allow their employees to access the information system from personal computers in order to overcome the lack of availability of laptops controlled by the IT department. In this way the continuity of their business is guaranteed.

Which are the challenges for the security of the information system?

In a BYOPC situation, the IT department of the organization does not “control” the employee’s workstation. If they do not use an appropriate solution for this specific situation, the IT department is not able to guarantee the integrity of the employee’s workstation. If a malware is present on the employee’s personal computer, it can easily spread throughout the entire information system as soon as the user connects to the organization’s resources.

This was particularly true during the lockdown period, when the number of teleworkers has more than doubled in just a few days. A large number of these employees were forced to use their personal computers, given the lack of availability of professional laptops (controlled by the IT department). Therefore, during the lockdown period from March to May 2020, the number of cyber attacks exploded, largely due to teleworking and the porosity between personal and professional use of the same computer. The lockdown also allowed hackers to introduce themselves permanently and discreetly in the organizations’ information systems, in order to attack and ransom them several weeks or even months after entering the information system.

Securing access to the IS from a personal computer

Securing BYOPC is nevertheless possible, particularly by using a ZTNA (Zero Trust Network Access) solution, which is much better suited to BYOPC than VPN: while VPN gives access to a network, ZTNA gives access to an application or resource, which allows a granular access and better partitioning of the organization’s information system. ZTNA is one of the essential building blocks in the Zero Trust chain. Applicable to all users (internal or external to the organization, using a controlled workstation or not), the use of ZTNA becomes essential when it comes to BYOPC. Systancia Gate, the ZTNA solution of Systancia, also available as a cloud service (Systancia Workroom session) allows to secure the BYOPC. A compliance check of the workstation can be enabled in order to validate, for example, the presence of an antivirus, a firewall or updates, to ensure the proper management of the workstation which is not controlled by the IT department. To go further and link secure remote access from an uncontrolled workstation and ergonomics for the user, it is also possible to combine ZTNA and VDI: Systancia Workroom desk allows any user (including those in a BYOPC situation) to access their virtual desktops and all their applications in a secure manner.