What's your take on Bring Your Own Device (BYOD) programs? As more businesses open their doors to personally-owned smartphones and laptops, cause for concern increases in degree for all parties involved.
On the surface, BYOD programs pose more perks than they do problems. IT leadership can shift their focus away from inventory investments and employees are given the option to bring their favorite iPad, iPhone, or Android from home. So who is complaining? More folks than you may suspect.
There exists a unique side to BYOD that few have ventured into since the concept's recent onset. Specifically, how can a given organization alleviate end-user privacy concerns amid IT's pursuit to achieve 100% network security? Joined by guest presenter Chris Hazelton of 451 Research, I set out to answer this question at last week's MaaSters Webinar.
Our ultimate goal was to cure common headaches that are sure to arise during implementation: How can one ensure their colleagues understand the ins and outs of the BYOD program? How does their participation and cooperation benefit the greater whole? How can policy coupled with the right tools protect the privacy of their personal information?
If you’d like to access the slides, poll results, or on-demand recording of the webinar prior to reading the recap, all can be found in this MaaSters Center post.
Mobile Device Management and Bring Your Own Device Go Hand-in-HandIt all starts with what's on the device. Once employees bring their own devices to work and connect to the corporate network, the content on that device is inevitably coming along for the ride. To obtain true iPhone, iPad, and Android security, you must secure the movement of data across these devices and ensure employees remain in compliance.
Mobile device management (MDM) gives IT the power to push the right apps and content to these devices. Further, it makes it possible to keep the entire device inventory up to date on the latest OS version; a strong security consideration. Mobile expense management (MEM) features that come with select MDM platforms offer the additional benefit of cost savings.
So we've established the need for vision, control, and management over the BYOD fueled device inventory. Now how we get the mobile end-users to buy-in?
How MDM Benefits End-UsersAt any given time, an employee's personal information is either at rest on their device or traveling between the smartphones and tablets of their friends, family, and colleagues. MDM answers the call to keep that information in bounds through secure document sharing. In the event that the device is lost or stolen, you have a means to recover music, photos, and conversations--many times irreplaceable memories. The ability to remove data through full or selective wiping translates to identity theft prevention, fraudulent banking activity, and/or unauthorized use of one's Facebook, LinkedIn, or Twitter account.
Once a user enrolls their iPhone, iPad, Android, Windows Phone, or BlackBerry in an MDM service, they can carry out their work and be responsive from any location. While it does extend the workday beyond traditional hours, it allows them to do work in a way that works for them. Depending on their occupation, they have the opportunity to get creative by choosing a device that is most appropriate for that task. For example, the high resolution display on the new iPad is a go-to for persons in graphic design.
How MDM Benefits CIOs and IT AdministratorsAll factors considered, the prospect of BYOD implementation sounds much like opening Pandora's box. More devices in the corporate ecosystem means more operating systems and applications to account for. Luckily, with MDM, IT can calm the chaos of BYOD.
Mobile device management helps IT confront the real world risks on the table when employee-owned devices are in use: - Quick configuration - Set security policies and enforcement - Email enablement - Troubleshoot device issues - Locate lost or stolen devices - Wipe personal data when needed (full wipe) - Wipe only corporate data (selective wipe) - Push the apps you need - Be compliant with regulations
These smartphones and tablets must be locked down--especially if they contain company or customer data. Depending on your industry, the sensitivity of information on the devices under control is of extremely high value. By leveraging MDM, this data can be pushed to the edge in a secure fashion so employees can react quickly to customer needs or competitive threats.
Your Plan of Attack with MDMSo now that you are more clear on the benefits of using MDM in conjunction with BYOD, where should you start? At a high level, here is a recommended path:
1) Implement MDM across your device population 2) Provide each tier of user groups a level of service based on the requirements and regulations that apply to them - The rules won't apply to everybody; some staff are not facing confidential information - Consider applying more stringent rules on those with more visibility into sensitive data 3) Test out MDM on user groups unlikely to have sensitive information on their devices, then begin applying MDM elsewhere
Delve into the specifics; click and view the on-demand recording of Best Practices for Implementing a BYOD Program.
Mobile Device Security Can Scream Big BrotherUpon receiving their MDM enrollment request, users will be suspicious about where their information is going. Worse, the information yet to come; where they'll be at 2am on Saturday night, or what WiFi network they are connecting to after work hours.
The IT administrator needs to be conscious of these concerns from the get-go. Viewing a given user's entire app inventory is an invasion of privacy. Depending on what is on the device, it could cause embarrassment. Another concern is who the content really belongs to; companies are being taken to court for wiping end-users' personal device content. So where do you turn to avoid a butting of heads on this topic?
1) Educate End-Users - Explain the benefits of MDM, what can and cannot be viewed from the administrative portal, the Acceptable Use Policy, and real world risks - Emphasize that in exchange for their cooperation, employees will be awarded the flexibility benefits of using their personal device
2) Don't Go It Alone - Work with all levels of management to educate end-users - HR and Legal can be particularly effective in communicating the business need and incorporating MDM policies into new employee training
3) Set Firm Ground Rules - When rolling out MDM, make sure you keep password protection at the top of your to-do list - Consider requiring a 4 digit numeric password - Limit password attempts...but not too much - Control device inactivity
4) Keep Hands Off Personal Data - This will ensure user buy-in - Maintain awareness of apps that access corporate data only - Control movement of corporate documents - Protect personal apps (mobile banking, social networks, healthcare, etc...) with BYOD Security Settings
5) PII is TMI - Personally Identifiable Information (PII) can be a minefield for corporate IT administrators - By leveraging BYOD Security Settings, IT can focus on corporate data only - Knowledge of personal apps, location information, WiFi access points, and IP address is simply too much information