Is BYOD a Nightmare for IT Security or a Dream Come True?

Tuesday, June 19, 2012

Megan Berry


While you still may be debating whether or not to allow employees to use their own smartphones or tables for work, many organizations realize that they may not have a choice.

The primary motivating factor for a formal BYOD program was employee demand, according to HDI, and employees are going to use their own devices with or without approval.

Though it may seem that the risks of unsecured devices are a security nightmare, with the right tools, companies can work BYOD to their advantage.

Tool #1: A written mobility policy

This is an absolute must to protect the company’s network and its data. The parameters of the program must be clearly defined so everyone will benefit from the freedom of a BYOD workplace.

Besides listing which devices are allowed, here’s what a policy should include:

  • Who gets to bring their own device? Is it open to all employees or a select few based on their job responsibilities?
  • Who pays for it, the company or the employee? Or does the employee receive a monthly stipend?
  • State that the company has a zero-tolerance policy for texting or emailing while driving, and that only hands-free talking while driving is permitted.
  • Are devices with cameras and video-recording capabilities allowed on-site? (In some cases, it is possible to disable these features remotely.)
  • What are the consequences for not complying with the policy?

Start by writing a basic policy then expand it to address all employees with varying job requirements.

Training sessions with employees that review the policy in person, including a question and answer period, are much better than passing out copies of the policy to everyone.

Remember that the policy should be updated as new devices and apps become available. Everyone should be kept in the loop too.

Tool #2: Mobile Device Management (MDM) software

This possibly could be done with the company’s existing tools, for example Network Access Control software, Active Directory, MS Exchange, WiFi or VPN. If you need to get new software, make sure you do your research according to the company’s mobile operations and size.

You have options for MDM applications. For example,

  • Email management
  • Document/content management
  • Regulatory compliance regarding data and privacy
  • Automated provisioning
  • User self-enrollment
  • Reporting capabilities, and
  • Mobility expense management

Don’t forget to investigate:

  • Can the application separate corporate data from personal data on the device?
  • Can it remote lock/wipe only corporate data?
  • How does it protect employees’ privacy?
  • What encryption methods and protocols does it use?

Tool #3: IT Staff Training

Managers must get input from the support staff to find out:

  • How familiar they are with the devices, operating systems, and platforms
  • If they can activate the security features of those devices
  • If they know how to troubleshoot connectivity issues
  • If they can identify apps that can provide secure data access on mobile devices
  • If they can develop apps to provide secure data access if needed
  • What knowledge gaps need to be filled, and
  • If you need to hire additional staff.

Try buying a few of the devices they will support for them to train on. Set up test environments and let them learn on their own devices as well.

A well-written mobility policy, appropriate MDM software and effective training can turn BYOD into a dream come true for companies looking to shield themselves from the outside risks. Both companies and employees can benefit from a BYOD program.

If you would like more information and bonus network security tips, check out our original story.

Cross-posted from IT Manager Daily

Possibly Related Articles:
Enterprise Security
Information Security
Enterprise Security Risk Management Training Mobile Devices Employees Policies and Procedures BYOD Mobile Device Management
Post Rating I Like this!
azpher holt I characteristics your point..but when a boss is rude to me, I don't take it. I don't like a horrible form of cardiovascular exercise primarily when I'm with my 2 year old (which is always). I love the expertise of buying from a boutique
Yuri Andrew Good blog and best information I'm going to subscribe it
Yuri Andrew I personally feel this content valuable information that's presented in an interesting fashion. The points mentioned here are special and well provided.
Page: « < 1 - 2 > »
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.