Updating Security for BYOD
Instead of looking at securing BYOD devices with PINs and passwords, CIOs need to see the wider picture of corporate application and data access matched to end users and their roles and locations. From this analysis, a CIO and his or her team can develop access controls around authentication, data protection, anti-malware, and governance, risk, and compliance (GRC).
A critical part of BYOD security is the ongoing training and education of end users so that ignorance is never an excuse. For example, employees should be frequently reminded not to use their corporate email and password as logon credentials for services such as Gmail and Twitter. Instead, employees should be provided with password management systems that allow them to have complex and unique credentials for every service they access from their BYOD device.
CIOs and their teams should put white and blacklists in place for devices and applications and enforce them using MDM software. Corporate apps can be whitelisted and "unsigned" applications from unknown third parties can be barred.
BYOD for the CIO: Maximize Productivity While Maintaining Security
BYOD for the CIO: Maximize Productivity While Maintaining Security
The lives of today's workers are not always divided into neat and separate office and home compartments. Many work at home, sometimes on weekends, and often for longer hours, making them more productive than when in the traditional, office-based nine-to-five role. Nowhere is the blur between home and office more evident than in the social and mobile space, where employees mix work and play in their Twitter streams and use the same phone and laptop for Facebook, Netflix and accessing the corporate CRM system.
Over the last decade, employees have begun bringing better personal IT equipment into the office than they have at work, and want to use it for both personal and work activities. Carrying two phones is a hassle, and some might prefer a tablet or an Apple MacBook over their corporate laptop. This powerful and irreversible employee productivity trend is called "the consumerization of IT" and savvy companies are responding with new enterprise mobility programs, of which bring-your-own-device (BYOD) schemes may be a part.
Today's CIO has a lot to do to make BYOD work, starting with a well-designed and communicated policy covering employee privacy rights and a company's right to monitor, access, review, and disclose company data. The CIO must balance the convenience of BYOD and the improved employee productivity with the realities of employee privacy, corporate security, and the use of mobile device management (MDM) software. There are BYOD minefields that must be negotiated by working closely with HR, finance, legal, and business units, as well as dealing with a wide range of impatient and tech-savvy employees who will say (or perhaps shout) "Why doesn't IT get it? How hard can it be? I just want to do my work."
In this slideshow, Sarah Lahav, CEO of SysAid Technologies, takes a closer look at BYOD and offers advice to help CIOs maximize workplace productivity while maintaining corporate security.
