ConnectWorld – Making the most of BYOD
by Raj Sabhlok
Enterprise IT is entering the era of ‘bring your own device’ (BYOD), whether it likes it or not. A 2012 Forrester Research report found that 54 per cent of North American and European firms have deployed BYOD programs for smartphones and tablets. Indeed, Forrester claims that “mobile is the new face of engagement”, predicting 200 million employees will bring their own devices into the enterprise by 2016.
Given the trends, IT executives will be best served by getting ahead of the BYOD curve rather than fighting a losing battle that prohibits employees from using their personal devices at work and, in particular, using those devices to access the corporate network. But don’t just give in to BYOD because it’s a dominant IT trend. Rather, embrace BYOD because it brings key enterprise advantages, including:
• Cost savings – BYOD eliminates costs associated with device procurement. These are employee-owned devices, after all; capital expenditures and reimbursement for employee smartphones or tablets are unnecessary.
• Improved collaboration and productivity – Employees working with their own, personal devices are more likely to carry them inside and outside the office and, consequently, use their devices more often, for both work and personal tasks.
• Improved employee morale – Employees typically blend personal and professional lives, at home and at work. Having one device that supports both lives simplifies that juggling act and supports work/life balance.
Of course, BYOD isn’t all upside. The biggest concern facing the enterprise is security and, in particular, data breaches. For instance, if an employee loses her smartphone, any corporate data on that phone is at risk of being compromised. While the BYOD security risk is no different than the risk associated with corporate-owned mobile devices, the fusion of personal and work information on a single BYO device means that device is more likely to get lost or stolen because it’s more likely to be with the owner at all times – at home, at work, and everywhere in between.
Embracing BYOD, then, means adopting effective strategies that encourage its benefits and mitigate its risks. To that end, companies need to determine the device types and operating systems that are acceptable for the network. Companies also need to determine what data the devices can securely access. If any data is exposed via an enterprise application, the application should authenticate the user, encrypt the data and prevent backups. Other considerations include security practices such as pass code policies and anti-virus as well as data protection policies such as disabling device applications that read device data or transmit data to the cloud and removing data from devices that are lost or belong to employees who leave the company.
ABCs of BYOD success
In addition to the strategies above, each company must consider how it will handle the myriad of day-in, day-out tasks associated with BYOD. In most companies, the first task is enrolling the BYO device, identifying it as a candidate for accessing the network and network resources. A member of the IT department or even the user, via self-service facility, can enroll the devices.
The IT department will manage the enrolled devices; a key part of the enrolment process is installing a profile on the device that applies and enforces the company’s relevant security, data protection and other policies.
Due to the overlapping personal and professional nature of BYOD, companies need to keep users informed on the expectations and policies associated with the professional use of their personal devices. Remember, users are bringing their devices to the network voluntarily, so the policies, terms and conditions that define acceptable use must be clear, e.g., anti-virus software must be installed, passwords must meet certain requirements, on-device cameras must be disabled, etc. During enrolment, the user must accept the terms and conditions imposed by the policies.
Similarly, users should be informed of any remedial actions the IT department will take if BYOD policies are violated. For instance, if IT is tracking all the applications installed on a device post-enrolment, its policy may be to remotely access and wipe any corporate data and applications from that device if an unauthorized file sharing application is discovered. Or if the device is not pass code protected, the policy may be to automatically enable pass code protection and force the user to set up and use a pass code on the device to continue using it on the corporate network. Users that do not set up a pass code cannot access the network.
Beyond those policy-driven actions, IT teams must also be able to ensure enterprise security in the face of BYOD. That means IT needs to be able to automatically configure corporate accounts, profiles, applications and content based on device ownership and, as well, customize policies. The accelerating flood of BYO devices into the enterprise makes manual configuration and set up an unrealistic burden. IT also needs a way to automatically deny the download of sensitive applications, receive notifications of policy violations, and remove corporate resources from devices when employees leave the company.
Self-service management supplements the BYOD management activities that must performed by IT personnel. Once the company sets its BYOD policies, the IT admin staff can be relieved of tasks such as device enrollment because those tasks can be automated. When the user is informed about the policies during the enrolment process, they can enroll the device themselves. Now, the IT team is free to handle other IT duties, and the user is free to enroll his device anytime he chooses, from anywhere. The enrolment itself can be authenticated by the network’s Active Directory (a Windows server directory based upon LDAP) or LDAP (Lightweight Directory Access Protocol) directory or via a one-time password.
Other policies and concerns that arise with BYOD include the GPS, user information, application lists, telecom data and other personal data on the device. Most companies are going to define policies that prevent the collection of that personal data, but there may be some cases in which the collection of some personal information may be appropriate.
Companies also have to consider how they will handle content management on the device. For example, if a user accesses corporate email from her personal device, the company would be wise to establish a content management policy that includes encryption of the email content and prevents any email attachments from being downloaded to the device. Likewise, BYOD expense management needs to be considered to avoid exceeding the voice and data limits associated with a device’s mobile subscription. The company needs to be able to monitor and manage that usage.
BYOD is a natural extension of distinct technology and cultural trends: the rise of mobile devices and the increasingly porous boundaries separating our work and personal lives. Companies would be well advised to assume these trends will continue, and make a concerted effort to support BYOD on corporate networks while maintaining the security of corporate data.
See the full article: