Updating Security for BYOD
Instead of looking at securing BYOD devices with PINs and passwords, CIOs need to see the wider picture of corporate application and data access matched to end users and their roles and locations. From this analysis, a CIO and his or her team can develop access controls around authentication, data protection, anti-malware, and governance, risk, and compliance (GRC).
A critical part of BYOD security is the ongoing training and education of end users so that ignorance is never an excuse. For example, employees should be frequently reminded not to use their corporate email and password as logon credentials for services such as Gmail and Twitter. Instead, employees should be provided with password management systems that allow them to have complex and unique credentials for every service they access from their BYOD device.
CIOs and their teams should put white and blacklists in place for devices and applications and enforce them using MDM software. Corporate apps can be whitelisted and "unsigned" applications from unknown third parties can be barred.