I recently posted a blog post on the Enterasys blog talking about the 8 types of BYOD. Essentially BYOD is made up of 3 attributes that related to LAN connection, Management and Data. It can range from essentially the same technical problems we have today with corporate managed devices on our networks and connecting to our data, to someone's "personal" iphone.
Each of these situations brings up a different problem and solution set required. In summary though it works out like this.
1. If it is on your network, you can control it with firewalls, network policy and SIEM tools.
2. If it is managed by you, then you can use MDM to protect yourself.
3. If it is accessing your data then authentication, like Okta, with automatic provision and de-provision can help.
The corollary to these are.
1. If it's not on your network, traditional network tools won't help. In other words a hardware appliance on my network has zero control over my 3g connected Android device.
2. If you can't manage the device, you can't control the device.
3. If it's not your data the best you can do is have a policy and react accordingly.
There is no protection from someone using their iphone, on their 4g data plan connecting to their facebook. The best you can do is watch and react appropriately.