Secure BYOD
(Bring Your Own Device)

Ensure the management and security of employee-owned devices is aligned with compliance standards such as PCI DSS, HIPAA, and GDPR.

Protect your IT infrastructure from vulnerabilities while respecting employees’ privacy rights. Implement clear policies, segmentation, and isolation to separate personal and corporate data.

Our software solution leverages the Windows OS. No USB drives or dual-booting required.

De-risking BYOD

A Bring-Your-Own Device model is increasingly common as organizations reduce hardware costs and improve scalability.

However, it is important to note that employee-owned devices can expose organizations to security risks, as IT teams usually have less control over these devices compared to corporate-owned devices.

ThinScale de-risks BYOD by giving IT teams the control to ensure employee-owned devices have parity with the organization’s cybersecurity posture.

How does ThinScale make BYOD secure?

Employee launches secure, isolated, and IT-managed session on any personal Windows device, logging them out of their personal user profile.

Employee is logged into a separate corporate user profile within a secure workspace with no admin privileges, where they can access VDI / DaaS (or locally saved apps).

Apps, services, and URLs can be whitelisted or blacklisted within this secure workspace, to prevent malware or unapproved services from running (even scheduled command prompts).

All data created during the secure session is saved to a hidden, BitLocker encrypted temporary drive that cannot be accessed or read by unapproved processes.

This prevents the infiltration and exfiltration of data, and all data created during the secure session can be set to self-delete when the session ends, with a clean volume at the start of the next session.

USB-peripherals can also be whitelisted or backlisted to allow headphones and keyboards, but block external storage devices, for example.

When the employee is finished working, they close the secure session and are logged back into their personal profile on the device exactly as it was.

Key security features

Secure isolated sessions

Launches a secure, compliant, IT-controlled and configured session on any Windows device where users can access their virtual workspace

Stops malware before it starts

Execution Prevention stops unauthorized applications, services and malware from running on the endpoint

Data encryption and leakage prevention

Data is saved to a temporary drive that is inaccessible to unauthorized processes, and all data can be set to delete after each session

Control access to VDI / DaaS

Access to the corporate network is only possible when a secure session is running, giving your IT team total control over its cybersecurity posture

Secure Remote Worker is compatible with major VDI / DaaS vendors

Frequently asked questions

Learn more about our secure BYOD solution

When the secure session is launched, will it stop background services and apps from running on the device?

This behaviour can be configured by the IT team, giving you full control over what services and apps are allowed to run during the secure session. When the secure session ends, any background services or apps that had been running prior to the session will be resumed.

What if there is already malware on the device before the secure session is launched?

If malware is already running on the device, then it will be stopped as soon as the secure session is launched. This includes screen-scrapers and keyloggers which sit on the endpoint. Only IT-approved services and apps can run during a secure session.

What happens if the user tries to access the corporate VDI / DaaS outside of a secure session?

As long as the VDA is deployed, they will not be able to be to do this. ThinScale’s VDA (Virtual Desktop Agent) checks each time there is an attempt to access the VDI / DaaS to ensure that the secure session is running on the device. If it is not, the connection is blocked.

What about an employee’s personal privacy, is any personal data visible to or accessible by the IT team?

No. ThinScale’s Dual Persona technology enforces complete segregation between personal and work-related data, with zero chance of contamination in either direction.

What happens if/when the employee leaves the company? 

ThinScale’s solutions can be remotely wiped from the device by your IT team, removing the ability to launch a secure session and revoking access to the corporate network. This is crucial when managing a remote / WFH workforce.

Does ThinScale host the management platform for this solution?

No. The client hosts the management platform within their own data centre.

Continue your research

Compliance reports

All ThinScale solutions are regularly pen-tested and help maintain compliance with PCI DSS, HIPAA, and GDPR. Read our compliance reports from Coalfire.

Read

Product information

Want to learn more about the product? Read our technical datasheet to understand the key features and benefits in more detail.

Read

More use cases

What else can ThinScale do for you? Check out our full list of use cases.

Read

Ready to see ThinScale in action?

ThinScale is the all-in-one solution for endpoint security and management at scale. Our products simplify IT challenges and protect remote, on-site, and hybrid workforces.

Products

Solutions

Resources

Company

VDI / DaaS Security

Security Features

Compliance Reports

Why did HFS Researchers choose ThinScale as a Hot Vendor?

See all videos

Why Zero Trust Security beats Antivirus everytime

3rd party contractors are a ticking time-bomb for IT security

Secure BYOD
(Bring Your Own Device)

Our software solution leverages the Windows OS. No USB drives or dual-booting required.

DE-RISKing BYOD

How the product works

KEY security FEATURES

VDI / DAAS COMPATIBILITY

De-risking BYOD

How does ThinScale make BYOD secure?