Securing BYOD (Unmanaged Device) Access
When enabling secure access for BYOD (Bring Your Own Device) or unmanaged devices, two primary options are available within the Netskope ecosystem: Clientless NPA and the Enterprise Browser (EB). This article explains when to use each solution and their respective benefits and limitations.
1. Clientless NPA (Browser Access for Private Applications)
Included in: ZTNA Private Access package
- Use Case: Immediate go-to for Proof of Concept (PoC) when the requirement is strictly secure access to private web applications without installing an agent on the user’s personal device.
- Best For: Basic, secure connectivity to internal web apps.
- Benefits:
- Seamless experience
- Already included in your ZTNA package
- Limitations:
- Provides zero trust connectivity
- Lacks deep “in-browser” data controls
- No posture checks for the unmanaged device
2. Netskope Enterprise Browser (EB)
The Gold Standard for BYOD
If requirements extend beyond simple access—such as securing SaaS apps or enforcing granular data protection—the Enterprise Browser is the recommended solution. EB creates a “Corporate Window” on an unmanaged device.
Why Choose EB Over Clientless NPA?
- Advanced Control: Full control over browser configuration and extension management
- Data Leakage Prevention (DLP): Restrict operations like copy/paste, printing, and screenshots
- Encrypted Downloads: Ensure downloaded data remains encrypted and under corporate control
- Device Posture (Upcoming): Verify device health and security posture before granting access
Note on Universal Reverse Proxy (URP)
EB is considered the first choice for BYOD scenarios. URP is available as a fallback solution for cases where installing the Enterprise Browser is not an option.