Bring your Own Devices or Bring Your Organisation Down?
A significantly large number of employees have started bringing their devices to work, akin to chefs using their own knives. Organisations should get their security policy in place before the proliferation of these devices pose a significant risk to the organisation.
As an example, IBM provides Blackberrys for about 40,000 of its 400,000 workers while 80,000 more use their own smartphones or tablets to access IBM networks. Soon IBM realised that it did not have a grasp on which services and apps employees were using on their phones.
BYOD support will put a tremendous amount of strain on an IT support department according to a CISCO Systems study, BYOD will bring multiple devices with different apps; and organisations have to ensure quality of service for organisational apps.
- Devise a BYOD policy that dove-tails with your current policy, by involving managers from all departments. Has your legal department evaluated the privacy legal risks?
- Build a comprehensive AUA (Acceptable Use Agreement). Will users devices be seized if there is a legal dispute?
- Are the devices in use wipe selective? Keep the separation between corporate and mobile data.
- Work out a simple and secure enrollment strategy, and allow users to configure their devices seamlessly.
- Monitor the devices, ensure that jailbroken devices do not hold corporate data. What is the maximum exposure time that has been factored in, say, between discovery of the loss of the mobile device and closure of access?
Many banish the BYOD challenges as myths and say it’s relatively simple, I personally do not think so. Policy development, implementation, sourcing of the right MDM tool, negotiation, vendor selection, deployment, awareness all take considerable time. Organisations are just getting to grips on PC/Server hardening and Endpoint protection, and now have to deal with the BYOD challenge.
Who is paying for the mobile data charges? As long as you are on the company WiFi that’s great! But, what about if you are mobile? With ShadowIT and the rise of the underground IT, workers are using more of their own devices, applications and facilties to do the work that their employers need them to do.