The information age has been here for a while and with the vast growth we have seen in the business of protecting our homeland and the assets within, it is no surprise that security is among top concerns for corporate leaders. It is hard to lead without taking some risks but you want those risks to pay off. So when it comes to your start manager bringing her new iPad to work, you probably want her to have the tools she needs to continue to perform. At what cost? How do you feel when it goes from one stellar employee to fifty employees - some stellar and some not so stellar?
That’s right, the landscape starts to look a little differently now. Increasingly more and more workers are choosing their own devices on which to perform their daily tasks. Also increasingly, those devices are mobile and go around the corporate network security posing a threat to all of the devices that are within reach not to mention the data that is downloaded, emailed, and sent out on social networks. Of the 73% of information workers with smartphone, 57% selected the device themselves and paid the full cost for it. Another 11% paid part of cost and selected their device. Only a mere 6% have devices that are paid for by their employer.
When the employee buys it, owns it, and operates it at the company – who owns the data? Who owns the risk? What is really at risk? How do you know when a breach has occurred? The answers are numerous and complex but the solution is simple. Develop a written BYOD Policy and implement it uniformly across your organization. To develop a policy you start with standardizing the types of mobile devices and operating systems you have the bandwidth to support. There are three broad areas you must cover; Mobile IT Policy ; Assess Legal Requirements; and Implement a Mobile Device Management Solution.
Creating your Mobile IT Policy involves examining three key areas.
First, determine your security requirements and look for built-in encryption, ability to identify jail broken and rooted devices; remote locking and swiping; geolocation services; and finally enforceable password policies.
The point of this is to manage your risk so MANAGEABILITY is king. Look to Mobile Device Management (MDM) capabilities from your hardware vendors via an Application Interface (API); and look for support of Exchange ActiveSync policies that will comply with your existing company standards.
It’s all about the Apps! Applications is the queen of this BYOD family of requirements. You want to satndardize on a form factor and feature set that has a large number and variety of commercially available productivity apps as well as support for developing and deploying your own custom apps. Lastly, you want to be aware of the number of specific apps available for the form factor of your choice.
The next blog in this series will cover Assessing Your Legal Requirements.