BYOD continues to remain top of mind in the workplace. While many in IT see BYOD as a necessary (and that’s debatable) evil that opens the network up to incalculable security risk, users see it as the next logical step for their productivity and efficiency. In some cases, users even go around IT altogether if BYOD is not permitted. The right BYOD program depends on the unique needs for a particular organization. But no matter what sort of program is implemented, it shouldn’t be done without first setting up a series of guidelines and best practices. Employees need to understand what will and will not be expected and tolerated from them when using their personal devices both inside and outside the office.
With summer vacations coming to an end, now is a good time to take a fresh look at implementing and managing a BYOD program. The following ABCs of BYOD, identified by LANDesk Software, provide you with some do’s and don’ts, pros and cons, for your BYOD program.
Click through for some best practices you should consider for your BYOD program, as identified by LANDesk Software.
Organizations will need solutions that employ agentless discovery capabilities to proactively intercept devices and take the necessary steps to deny these devices access to infrastructure and data.
Organizations must have the capability to lock down employees’ devices whenever a threat is detected. This can include anything from remote wipe to sandboxing. Whatever the method, ensure that employees utilizing BYOD understand what the policy is.
Whether it’s a personal laptop running an old version of Java or a phone running an antique operating system, older systems have more security vulnerabilities than newer systems, typically. Maintenance and patching of these devices will insure the safety of enterprise data.
This will create chaos in your BYOD environment. It will make it more difficult to control and manage device access and distribution of data. Limiting the BYOD program to a small number of the most popular platforms can reduce this chaos.
By enabling BYOD, you give employees more control over their technology and, by extension, enabling and repairing that technology. Empower them by ensuring they understand what the guidelines are for doing so. In turn, this will increase productivity in the work environment and free up more time for IT to work on business-enabling projects.
It is important to segment users into groups and assign these groups based upon characteristics of data they need to access. This makes it easy for IT to maintain control over corporate data and information.
When employees travel internationally, be sure to check up on possible legal issues they may encounter with a BYOD device. Germany, for example, does not allow employers to track locations through a device. This may not be disabled by default.
This will become especially important if a user’s device is lost or stolen. By allowing them to find out where the device was last located and find it themselves, IT not only empowers them, but also ensures they (and not the company) take responsibility for the loss of any personal data. Remember, users are just as concerned about their personal data as the organization is with their corporate data.
Understand industry regulations and how BYOD fits into the equation. Different industries have different tolerances for risk that must be taken into account when deciding to implement a BYOD program and crafting the BYOD policy.
Before implementing a BYOD program, have a thorough understanding of the costs and risks that will be involved. Many organizations mistakenly assume that because the user purchases the device, not the corporation, money is saved. This is not always the case. Be sure to have a complete picture of where money will be saved and spent in a BYOD program.
It’s important to understand that a BYOD program is about enabling users to work in the way that is most productive for them – and in turn, the company. It’s not about saving money on device purchases, but about enabling productivity and efficiencies with the end users. Other reasons include harnessing users’ comfort level with technology, empowering users to make more decisions themselves, and reducing support costs.
While most users will conform to the standard devices and operating systems, limit BYOD to a handful of supported platforms to ensure the safest and most manageable option.
When implementing a new BYOD policy, it is important for the company to develop a thorough plan catered to the needs of their organization. This plan should detail all possible sceneries and solutions, in an attempt to clear up confusion and guide employees to follow this policy.
Some BYOD policies are not well managed, while others are overly restrictive, reducing the benefit derived from BYOD. It is important to develop the right policy that suits your organization and ensure that users are aware of and fully understand the policy.
Recent surveys have suggested that employees don’t always trust their employer with their personal data on their BYOD device. Open communication will help bridge the trust gap between employees and the employer.
It’s important to be able to block devices from gaining entrance to sensitive or confidential corporate information. Not only does this ability help with compliance for many industries, it is critical in cases where a user device is lost or stolen.
When a BYOD program is added, there is the likely risk that users will bring devices onto the network without informing IT to ensure the devices are properly managed. To help mitigate that risk, ensure that the default isn’t to trust everything on the network, but to only trust approved devices and applications. This ensures the system remains secure.
Be sure to have a complete understanding of the risks associated with a BYOD program and how it will affect the organization. Have plans in place to deal with lost, stolen or otherwise compromised devices. Ensure employees understand these policies and how it may affect them and their personal data.
Every unmanaged device is a potential gateway of insecurities. Be aggressive about updating policies, systems and patches to match the latest threat vectors to ensure that BYOD doesn’t become BYOV (bring your own vulnerability).
This is one of the primary advantages of BYOD. Users feel comfortable with their own device and will be the most productive with technology they have experience using. They can also eliminate some of IT’s workload by repairing their own issues, freeing up IT to work on business-enabling projects.
By segmenting users into a small number of groups based on the information they need to access, risk is reduced by only allowing each user access to the information they need to be successful.
Users will keep personal data on the devices they use for work. Ensure there’s a way to segment the data from corporate data to personal data. More and more stories are cropping up involving users suing employers for the removal of personal data from devices used for corporate purposes. These lawsuits are expensive. Avoid them by segmenting data.
Companies can’t allow any device, at any time. Companies should develop a core set of standards for employees to follow. This policy will be crucial to move forward in a BYOD deployment to ensure the company’s sensitive information remains secure.
Executives are likely to bring their own devices to work, regardless of IT’s consent or approval. Once this happens, use the policies put in place to secure both executive and end-user devices.
While many if not all employees will keep personal information on their business devices, it’s important to remember that the company does own the corporate information. Once it’s segmented, lock down the data that belongs to the company to ensure it stays within a controlled environment. Controls are important.
If IT isn’t careful, the BYOD environment can quickly become a zoo. Avoid that through clear and consistent communication with users, strong and enforceable BYOD policies and employee education to limit the chaos.