Five tips for simplifying BYOD

Industry Insider
Tools

Guest post by PJ Gupta

There is no arguing that BYOD is here to stay. Employees will bring all types of new mobile devices to work, and they will use them in their day-to-day work no matter how great your concerns are.

Instead of fighting the practice, smart organizations are cautiously embracing BYOD for the sake of gains in productivity, flexibility and employee satisfaction. But the practice is certainly not without its risks. Companies need to implement well thought-out mobile device security and BYOD policies that do not get in the way of the pace of work but also do not compromise information security.

Here are five tips for CIOs who are wrestling with how to best implement a formal BYOD program.

Protect enterprise data and apps

The primary goal of BYOD management in the enterprise is to safeguard data and applications while allowing the organization the flexibility and efficiency gains of BYOD. To achieve this, security policies and mechanisms must be put in place for enterprise data access from personal devices. Tight control on who has the privileges to run what enterprise apps from what device helps minimize the risk of data loss or corruption. To protect sensitive information, time window and location-based fencing can be enforced for access control.

Secure the device

When an employee is walking around with an access point to your crown jewels such as intellectual property and confidential information, precautions are needed to thwart unauthorized access, malicious attacks or inadvertent disclosure due to device loss or theft.  Locking down the corporate data on device via multi-factor authentication, access control, containerization and capabilities to track and remotely lock and wipe containers on the device provides the gatekeeper protection you need.

Ensure personal privacy

Earn the trust of your employees by implementing a privacy policy that will only allow monitoring of the work container on the personal device. Personal communications, contacts, apps and data should be out of bounds for any monitoring application. Limit location tracking to the boundaries of the work location, except in the case when a device is lost or stolen.  Avoid rigid policies in "blacklisting" and blocking apps on the device. Allow apps to run on the device while securing the workspace using geo-fencing controls. Also, ensure that personal device content is not wiped without employee permission.

Automate enrollment policies

Simplify BYOD enrollment by using employee credentials for authentication and configuration settings for enterprise access, including the use of VPN and secure HTTPS sessions. A cloud-based enterprise mobility management solution makes user self-enrollment easy via link provided by centralized push, email or text. To protect against malware or virus attacks, security policy should ensure that devices are running an approved OS version with all the security patches included. An EMM solution also brings the capabilities to detect and quarantine infected or compromised devices for a broad range of IOS and Android devices, including jail broken iPhones and rooted Android devices. Enforcing security policies for end point protection on BYOD devices is a critical first step for securing corporate access.

Monitor and take action

Real-time monitoring of data access and audit trails help contain the risks associated with BYOD access to enterprise data. Alerts and notifications to the user and admin upon security policy violations should be automatic and corrective actions must be pursued. Analytics on usage patterns and logs relating to enterprise data access and business-related communications can reveal threats and potential security breaches that can be addressed pro-actively, preventing breach or loss.

About the Author:

Pankaj (PJ) Gupta is the Founder CEO and chief architect at Amtel, a pioneer in cloud-based enterprise mobility management solutions. Amtel is an early adopter of subscription based software-as-a-service business model. Visit the company at www.amtelnet.com.

Related Articles:
The year of BYOD cooperation, opportunity
Most BYOD firms are clueless about common mobile security threats
Many businesses are ill-prepared to handle BYOD device security

Filed Under