You've got mobile device management (MDM) in place and are ready for workers to bring their own devices to the office. A pinch of application control. A dollop of remote wiping capability. Pop in a few user controls and voila! Right? Well, it might not be quite that simple. There is however a recipe that business and IT leaders can follow to launch a safe and successful BYOD policy.
A recent ZDNet article highlighted some comments from John Girard, Vice President of Gartner's Information Security and Privacy Research Center. Girard spoke at the Gartner Security and Risk Management Summit and discussed the key ingredients for cooking up a strong BYOD policy.
Mobile device security - the main ingredient
Girard outlined several requirements for an effective BYOD policy:
- Start with policies for desktops to establish a baseline
- Define functions that will be allowed on mobile devices
- Determine how the business will distribute applications and data
- Specify user controls and policy exceptions
- Outline requirements that affect all BYOD policies
Although businesses should start with policies for desktops, Girard warned against relying entirely on those policies for securing mobile devices.
"You can't finish this job today by doing a word replacement for PC to mobile," said Girard, who was quoted in the article. "You have to change the policies, but that's the start. [In your PC policy,] do you encrypt emails today? Do you encrypt your workstations today? Are you actually taking efforts to manage privacy for data and email? These are the important questions."
Once a baseline has been established, the organization can move forward with specific policies, according to Girard. The key to every policy is user understanding. For example, policies that affect user data or access should be clear and readily available, so all users understand what actions the company will take if a device with sensitive data is lost or stolen. Organizations can develop an outline for remote wiping, encryption and jailbreaking, which affect all users in the organization, to build a clearer understanding of the organization's stance. One of the final things Girard discusses is that the policy should also include an opt-in for a robust MDM tool.
Foregoing mobile device management is risky business
A recent IT Business Edge article echoed Girard's final point: MDM is an important part of the business landscape. Or as Martha Stewart would say, "it's a good thing".
"MDM therefore goes from being a nice-to-have technology to perhaps one of the main ways that IT departments can begin to get a handle on their organizations’ potentially chaotic mobile landscapes," the article stated.
The role of MDM in business is evolving. Once business leaders understand their mobility needs, they can get the most out of MDM technology by matching those needs with features. Even though MDM technology is evolving, it is already at a stage where it can meet strict compliance and regulatory needs.
The U.S. Department of Interior recently selected MaaS360 for mobile device management—the only cloud-based MDM solution that meets the demands of the Federal Information Security Management Act—providing robust support for a wide range of devices, including iPhones, iPads, BlackBerrys and Androids.