BYOD: User Policy Considerations - Slide 4

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
Next BYOD: User Policy Considerations-4 Next

Questions to Ask

  • What is your policy and process for handling a lost or stolen device?
  • What is your policy and process for handling the decommissioning of a device (e.g., if user switches to new device, change in user’s role/title deems them no longer eligible for access, user leaves or is terminated by company, etc.)?
  • Will your company wipe the entire device, corporate data and apps only, or both?
  • Will you allow user to initiate wipe action(s) themselves (e.g., through self-service portal)?
  • Will your company set and enforce use of a whole device password?
  • Will your company ever wipe the whole device?
  • Will your company require limits on the use of cameras, browsers, Bluetooth or other applications and services?
  • Will you require users to acquire and install anti-malware as a condition for access to corporate data and apps? Will you provide such anti-malware? Will you require particular vendors or versions?
  • What is your policy and process for a user device that has been infected with malware?

Policy Considerations

  • Policy should expressly prohibit: (i) device “jailbreaking,” “rooting” or the equivalent; and (ii) making any other modifications to device hardware and/or OS software beyond routine installation of updates as directly provided by the applicable device maker or mobile operator. Performing such actions or making such unauthorized modifications is essentially an “inside attack” on device, application and data security, and should be treated very seriously.
  • Policy should be clear on process and timing requirements for reporting lost or stolen devices, changing to a new device and actions to be taken when an employee leaves the company.
  • Policy should be clear on whether or not you will require use of whole device password and associated requirements for frequency of change, minimum strength, etc.
  • Policy should be clear on whether or not you will wipe whole device and conditions under which you would do so (e.g., lost or stolen device, change to new device, move to new role, departure from company).
  • Policy should clearly state that you always reserve the right to wipe either company data and applications and/ or the whole device if deemed necessary in your sole discretion to secure company data or applications.
  • Policy should be clear that wiping company data and applications may impact other applications and data (e.g., including but not limited to native address book data).
  • Policy should disclaim any liability for loss of personal applications or data, whether directly or indirectly resulting from the usage of company apps or data, and/or the wiping of such apps or data, or the whole device.
  • User should be encouraged to minimize the risk of losing personal applications and/or data.
  • Policy should be clear on any restrictions on the usage of cameras, browsers, Bluetooth, or other applications and services. The ability to enforce such restrictions may be dependent on device capabilities, which in turn may become an eligibility consideration).
  • Policy should be clear on any requirements for the use of anti-malware (including specific vendors or versions as applicable) and process and timing requirements for reporting any suspected instances of malware infection.

As more companies embrace the broad usage of individually-owned mobile devices for access to corporate applications and data, Good Technology is often asked for guidance on the establishment of an associated device usage policy. This slideshow, as outlined by Good Technology, is intended to provide guidance on questions that companies should ask themselves when establishing their own policies and related considerations.

Only your combined information technology (IT), human resource (HR), finance and legal teams — working closely with your executive team and business unit managers — can determine the exact corporate liable and/or individual liable policy that best fits your company, meets its financial goals and objectives, and takes into account security, legal, regulatory, tax or other requirements and considerations that may uniquely apply to your company and its operations.

More Slideshows:

Twelve Virtualization Myths Debunked Global Knowledge takes on some of the most common myths about virtualization.

Ten IT Infrastructure and Security Trends for 2012 Symantec provides 10 predictions for the new year.

Fifteen Hot Android Apps for On-the-Go Business Execs Popular business and productivity apps for busy executives.


Related Topics : A Big Market for Big Data Jobs, Midmarket CIO, IT Management Automation, SharePoint, Technology Markets

More Slideshows

gig economy How the Gig Economy Is Changing the Tech Industry

The gig economy is clearly disrupting the tech industry, both in positive and negative ways. ...  More >>

Fake news How Can We Fix the Fake News Problem?

Is fake news a security issue? Some say yes, as it can be used as a social engineering tool to spread disinformation and conceivably to get unsuspecting users to click on malicious links. ...  More >>

IT security skills 7 Top Skills for Security Pros

Executives at several top tech firms outline the skills they need now and in the near future, including IaaS and IoT security expertise. Other skills listed may surprise you. ...  More >>

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.