BYOD is here. Have a strategy

Sponsored By: Rogers

The bring-your-own-device (BYOD) revolution isn’t coming soon. It has already swept through the enterprise and is firmly entrenched. Users want to work on a device that has a user interface that suits them, that gives them seamless access to their personal contacts and data, and, let’s face it, that looks cool.


The Enterprise Connectivity Series
Future-proofing your business

Why managed Wi-Fi makes sense for business

Reducing the cost and complexity of network security

How upgrading your network can deliver a competitive advantage

Keeping it simple: Tackling infrastructure complexity

Three ways businesses can shed the burden of managing mobile devices and data

There are risks associated with bringing personal, consumer-grade devices into the corporate network. Employees could be offloading company data into their own smart phones, tablets or laptops; that data can be exposed through the loss or theft of a device, with the possibility of huge privacy and security fallout. Users could download apps that compromise the security of their devices, exposing the enterprise network to exploitation. It’s critical that you have a corporate BYOD strategy.

Here are two strategies that don’t work:

  • Insisting that users keep their personal devices off the company network.
  • Not having a formal BYOD user policy.

It seems, though, that most enterprises are going with the latter. An August 2014 study by Software Advice found that only 39 per cent of companies had a BYOD policy. That same report found that more than half of employees had downloaded company files to their devices, and only 49 per cent regularly installed security patches and updates.

So … what goes into a good BYOD policy, one that will minimize your enterprise’s exposure to liability and compromise?

Data handling may be the most critical. Ideally, company data should stay on the company network, but that’s a practical impossibility—without it, people can’t do their jobs. Any data that leaves on a personal device must be encrypted.

Devices must be secured by a password of a particular length and strength. Only approved apps can be installed. Device operating systems must be kept up-to-date. And a policy must spell out exactly what the consequences are for contravening these conditions.

You can see the problem here, right? All these conditions assume compliance by the user. The IT department can’t go around checking every device. So there’s more to a strategy than just policy. There’s also policy enforcement.

That’s where a mobile device management (MDM) solution can help. An MDM solution can monitor, secure and support BYOD users over the air. It will push out security updates and patches, or poll devices to make sure they’re up to date, quarantining them if they aren’t. It can distribute applications. Used in conjunction with a custom enterprise app store, you can also make sure only approved apps are installed. And in case of loss or theft, an MDM solution can remotely wipe device memory.

Another technology that can be used in conjunction with MDM is virtual desktop infrastructure (VDI). In a VDI environment, applications and data actually live on a data centre server, not the end user device. The smart phone, tablet or laptop essentially becomes a thin client—the data and processes never leave the data centre. When the device isn’t connected, the data and applications aren’t available.

 

Provisioning of devices is another element of a BYOD strategy. There are several approaches: You can leave the selection and purchase of the device entirely up to the users, allowing them to use devices they already own; you can subsidize the purchase of approved devices; or you can supply them to the users, giving them the option of a number of different devices. There’s an obvious advantage of comfort and control with the latter two approaches, as you’re dealing with the devil you know.

Whatever approach you take, one thing is clear: not having a BYOD strategy is not an option.

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Sponsored By: Rogers

Dave Webb
Dave Webb
Dave Webb is a technology journalist with more than 15 years' experience. He has edited numerous technology publications including Network World Canada, ComputerWorld Canada, Computing Canada and eBusiness Journal. He now runs content development shop Dweeb Media.