It wasn’t that long ago we were debating the value (improved productivity; increased employee satisfaction) personal mobile devices could bring to the enterprise, beyond BlackBerry Enterprise Server. Note I say ‘could.’ Just a few short years ago, we were still discussing whether or not organizations should allow employees to rely on mobile devices for work and whether that would come via personally owned devices or a fleet of pre-approved devices owned and managed by the organization. Fast forward to 2016 and that conversation is nearly null and void – people use their own devices for work whether the organization ultimately ‘prefers’ it or not.
But are organizations equipped to handle the security challenges mobile devices inevitably bring? Sadly, a new survey commissioned by Bitglass says no. While 72 percent of organizations support BYOD for some or all employees, just 14 percent have deployed some kind of mobile device management.
If you’re one of those organizations struggling to rein in the use of mobile devices and implement basic data security, here are a few simple steps to get you started.
- Evaluate and define allowed devices. Does the device have built-in encryption? Can jailbreaking/rooting be detected or prevented? Can passwords be enforced? Does the device allow management? Can it support Exchange ActiveSync policies? Are there available apps that offer the kind of productivity your organization needs? Does it allow for in-house apps?
- Refine network accessibility. If you don’t already have one, set up a guest wireless network, walled off from the internal network. This will also serve as the enrollment network for employee-owned mobile devices. Once a device is enrolled, it should be automatically evaluated and assigned privileges and restrictions accordingly.
- Determine appropriate management policies. How will you apply privilege and restriction policies to BYOD? Start with policy based management by relying on likely already organized directories (like Active Directory) and base policies on these groupings. Set umbrella security policies that includes automatic remediation when devices fall out of compliance and establish a centrally administered document repository to deter employees from using services like iCloud or Dropbox.
- Create an employee agreement. There is a certain trade-off between privacy and control. The employee needs to understand accessing corporate information means ceding a certain amount of control over the device’s settings. The company needs to understand that management no longer means total control, at the sacrifice of productivity. Either way, it’s important both parties agree.
- Choose the right EMM solution for you. The most important consideration in evaluating automated management tools is not a feature set comparison; it’s whether or not the tool supports your policies and agreed upon devices. Start with your challenges and then figure out how to best address them with software.
If you’re one of those organizations allowing BYOD but not managing it in with strong management and security policy, it’s time. Actually, it’s past time to do something about it. If you would like more information on BYOD, check out this whitepaper.