This article has been contributed by Stephen Midgley, Vice President Global Marketing at Absolute Software.
In this article Stephen explains how to securely navigate the BYOD landscape.
Recent research into mobile device deployment in the workforce showed that 7% of UK companies rely on ‘bring your own device’ to deploy devices in the workforce. 38% of companies offer a hybrid model, providing company owned devices alongside BYOD. What does this show? BYOD isn’t coming – it’s already here.
However, the research also showed that a third of businesses have no enforceable policy in place to manage these mobile devices, especially worrying given the variety of device deployment methods in the IT landscape.
With the number, and scale of ICO fines levied on public and private sector organisations in the last year, the financial cost as well as the potential damage to reputation of a data breach is not an issue to be ignored.
There are, however practical, concrete steps that allow efficient incorporation of employee-owned devices into a deployment whilst ensuring secure protection of corporate infrastructure and data.
Devices & Form Factors
To begin, you must select the types of devices and operating systems that you are willing to support. It is not possible to standardise management for mobile devices since each operating system and even the hardware itself can impact IT capabilities. For your Mobile Device Policy, here are the baseline criteria to use for assessing operating systems and device types:
Security |
|
Manageability |
|
Apps |
|
Based on these criteria, you should be able to define the list of form factors and operating systems you will support.
Next, you must create an environment that will support employee-owned devices during the enrolment process. The simplest solution is to set up a guest wireless network that is separated from the internal network. This can serve as the enrolment network for employee-owned devices. Once enrolled, your MDM solution should automatically evaluate and assign privileges based on the policies you have created.
Basic privileges include access to company email, company Wi-Fi, and VPN configurations. These privileges should be tied to a policy that defines the security requirements of the company. Devices that do not comply with the security policy should be blocked. For instance, devices that are jailbroken, rooted of have blacklisted apps installed.
Provisioning access through your MDM solution benefits the organisation and the employee:
The final component for IT readiness relates to management policies and restrictions to employee-owned devices. This is broken down into three basic considerations:
The most significant challenge associated with BYOD is the balance IT must maintain between respecting the privacy of the employee while securing the corporate network and any data contained on the device.
Since this is essentially collaboration between the employee and the organisation, it’s best to put it in writing.
This is a comprehensive document that should incorporate the specific requirements of your organisation, based upon guidance provided by various internal stakeholders including general legal counsel, IT, Human Resources, employees and others.
Each policy is unique but generally should address some or all of these aspects:
This is a simpler document with the sole purpose of acknowledging each employee’s acceptance and agreement of the terms associated with the corporate Mobile Device Policy. By accepting the terms, the employee acknowledges that IT will have the legal right and ability to secure their device and the data it contains if required.
The employee opt-in is important in order to mitigate any future scenario where an employee may claim they were unaware of the policy. Since employee acceptance allows IT to perform security measures including the deletion of some or all data from a device (depending on the nature of the corporate policy) potentially seizing a device, it’s important that the company can prove its right to carry out this type of security activity.
Employee agreements should be preserved and available for future access as required.
Now that you have all of the internal requirements identified and in order, you need to select the appropriate software application that will allow you to properly manage and secure corporate- and employee-owned mobile devices.
Similar to the criteria you applied while assessing the different types of operating systems and form factors, you need to ensure the solution you select is able to deliver some baseline and supplementary capabilities.
Platform Flexibility |
|
Administration |
|
Mobile Apps Management |
|
Security |
|
This article has been contributed by Stephen Midgley, Vice President Global Marketing at Absolute Software. In this article Stephen explains how to securely navigate the BYOD landscape.