For the last several years, IT has been split between fighting the onslaught of BYOD and realizing it must prepare for the inevitable. In the face of the “wild west” environment brought on by hundreds of different smartphones and tablets accessing corporate data assets, the common response was to increase restrictions and lock down employee-owned mobile devices, and for good reason. CIOs and CISOs are responsible for the protection of the most valuable asset organizations have – their data.
By all measures, BYOD is here to stay and the focus has shifted from trying to restrict BYOD to learning how to leverage BYOD as a business enabler while managing its risks. This is not just because the BYOD freight train has left the station, but because BYOD makes users more productive. By allowing employees to use the tools they love – the devices and apps they prefer — you enable them to work from anywhere and, ultimately, increase their productivity and response times. Managed properly, BYOD becomes an asset for organizations. The following tips, identified by Adam Ely, founder and COO, Bluebox Security, will help organizations navigate this new era of mobility.
Click through for seven tips on integrating a strong and effective BYOD program into your organization, as identified by Adam Ely, founder and COO, Bluebox Security.
Choose a mobile security solution that allows users to bring their own apps — without forgoing security or control, providing user freedom while still managing risk.
The role of IT is to help users conduct business securely, not to secure the business. To achieve this, take inventory of the productivity applications line-of-business executives and teams need most, and embrace an approach that focuses less on restriction and more on business enablement.
Choose a mobile security solution that not only meets the needs of your organization today, but also is one your organization can grow into in the future. Whether you are embarking on a formal BYOD initiative or completely embracing BYOD — allowing employees freedom to use not just their preferred devices but also any application — you need a solution that will allow you to refine and adjust your policies and processes based on the experiences and insights you gain by enabling BYOD. The right solution will provide you the visibility into BYOD use so that you can effectively tailor enterprise security and controls to the right degree of business enablement.
Monitor app usage to determine which applications are most commonly used by which groups, where data is being stored, and what type of data is being stored. By doing so, you get the added benefit of knowing where your data is and what apps are being used in real time.
Use the app usage information to fine-tune policies for compliance and security, as well as to recommend applications that will most benefit individual groups or the company as a whole (e.g., there are three different doc-sharing apps, but the majority are using Box, so put that in the recommended app store list). By securing user applications, you enable their productivity.
Monitor not just for jail broken and rooted devices, but for app tampering as well. This alleviates concerns about the “wild west” nature of free apps in the app store. The right tool will allow you to immediately suspend corporate phone access in the event of the aforementioned security risks (jailbreak/rooted or app tampering) to allow further investigation and thoughtful response.
Privacy is more important than ever. Consumers are worried about device wiping and activity tracking. You need to have a clear written policy, it needs to be regularly communicated to employees (not just something they sign at time of employment), and it needs to respect a clear line of delineation between corporate and personal usage.