BYOD strategy and mobile device security remain a top IT priorityEmployee-owned smartphone use for work purposes continues to expand, and the governance, risk and compliance implications of the trend are beginning to take hold. According to a recent survey by Search Compliance, "security" was cited by 96% of respondents as being among their top concerns regarding bring your own device (BYOD)/consumerisation of IT.
"Compliance" was the second-ranked top BYOD/ consumerisation concern in the survey, taken by 773 IT professionals during Search Compliance's April 24 virtual conference, The State of Cyber Security 2013.
Do you provide a BYOD strategy or not?
Many businesses either put their heads in the sand or sit on the fence…
Managing mobility in the enterprise is a relatively new and rapidly transforming business discipline. Enterprise mobile management (EMM) is an emerging holistic approach that incorporates and transcends mobile device management (MDM), mobile app management (MAM) and other software for managing mobile assets. The shift is away from merely managing the assets themselves and toward transforming business through mobilizing the enterprise. Mobile management began by focusing on MDM, but subsequently expanded to include application management, as enterprises realized that managing only the devices themselves was not enough. While MDM helps address authentication and security, success with mobility also depends on apps that are lightweight, secure and easy to manage, distribute and use.
A Growing Focus is now on Content
A growing trend is the shift toward being able to manage mobile content as well as mobile apps. Given the huge growth we expect as tablets become more widely used in enterprises is the need to manage content that is part of a mobile worker’s job. Mobile security is a top priority in gaining managed control over smartphones and tablets in business, whether the devices are company-owned or BYOD. Content stored on those devices is a critical exposure, and protecting the intellectual property of the business demands a mobile content strategy. Although newer smartphones with modern OSs have device-level encryption to protect content, significantly more is needed to protect sensitive documents and valuable corporate intellectual property.
Enterprise Mobility: The Business Imperative
For enterprises, the multiple elements of mobile and mobile management are rapidly becoming part of the strategic business foundation. Managing mobile devices and controlling BYOD have been important priorities behind the MDM segment, but increasingly a holistic approach to mobility is required. As enterprises make mobile an integral part of how their systems are designed and how their business runs, mobile management that addresses mobile devices, the mobile app lifecycle, and mobile content in an integrated way becomes a priority.
BYOD isn’t a synonym for “free for all.” Once an organization decides to let employees use their own mobile devices and PCs for work, it must put a BYOD policy in place to control this usage.
The details of any bring your own device (BYOD) policy will be specific to a given organization, but most policies cover the same basic questions:
- · How should users protect their devices?
- · What data and applications can and can’t be accessed?
- · And what happens when a user loses a device or leaves the company?
BYOD can be confusing, because it involves different kinds of devices, use cases and users. To create a clear and simple BYOD policy, IT and other business decision-makers should consider the following issues:-
First and foremost, it’s vital to specify which functions a given user can access, and what general behaviours are acceptable. It’s important to protect the organization from users who may have, for example, illicit materials on their devices, or information that may be proprietary to another firm.
It’s probably not reasonable today, because of support costs and the sheer number of devices available, to allow any arbitrary smartphone or tablet on the enterprise network. A relatively broad range of platforms -- for example, Android, iPhone and BlackBerry -- is usually sufficient.
Some BYOD corporate strategies will pay for users’ devices and monthly services, either partially or in full. A BYOD policy should explain exactly what charges the organization will and won’t reimburse. Third-party services and software can provide detailed accounting of phone (and sometimes data) usage, but it may be easier to simply reimburse a pre-specified percentage of users’ monthly bills. Your organization may need to modify its accounting systems to support this critical function.
Applications and security
Whitelisting and blacklisting apps is a popular technique that, while certainly not fool proof, helps to maintain the security and integrity of enterprise IT resources (to say nothing of the handset itself). If your organization takes this approach, the BYOD policy should explain that IT has the authority to prohibit the use of certain apps. The overall software configuration of the handset is a key variable in successful mobile IT operations, so the BYOD policy should also cover the use of antivirus apps, other security software and firewall settings.
“New mobile technology and new user models requires a new breed of management -- that's what you should be thinking about as you move forward.”And for the Marketing: If you want someone to come in and remove all the vendor marketing hype reach out to CCServe Ltd and have a chat.