Cloud // Software as a Service
Commentary
7/8/2014
09:06 AM
Jim Szafranski
Jim Szafranski
Commentary
50%
50%

3 BYOD Risk Prevention Strategies

An effective BYOD plan must balance control with convenience. Here's what to keep in mind.

13 Ways To Beat Big Brother
13 Ways To Beat Big Brother
(Click image for larger view and slideshow.)

Managers often believe a bring-your-own-device (BYOD) strategy is a silver bullet to solving mobile communication problems within their organization. Thoughts of "I don't need to purchase hardware for employees" or "Workers are more productive with their own device" can mask the challenges that often accompany BYOD programs. Today's business environment is becoming a target for data breaches and various security risks, so organizations cannot afford to overlook security when developing a BYOD strategy.

However, there's a fine balance when implementing BYOD security regulations -- you don't want to be so overzealous about security that employees' work is hindered. Done right, BYOD can reduce technology expenses while increasing end users' productivity and improving office morale. An optimal enterprise mobility strategy provides comprehensive device security without impeding employees' pace of work.

For example, many companies have traditionally forced users to connect with a VPN before accessing company resources. On mobile devices, that process is a real pain. It's also not practical -- since most users switch between work and personal tasks, it actually discourages users from staying connected and productive. Companies can implement in-app VPNs and Micro VPNs, which automatically connect specific apps to the corporate network without requiring users to make that connection manually. Companies can also distribute secure browsers that allow users on to internal links that automatically connect to Intranet sites or web application servers without manually launching and connecting with a VPN.

[BYOD: It's about much more than just devices. See BYOD Expectations Just Keep Rising: InformationWeek Video.]

Without a well-designed and unified device management strategy in place, companies risk exposing their most sensitive data to outside sources -- and even competitors -- while stunting employee innovation. Here are three ways to create a plan that maximizes the benefits of BYOD while mitigating the threats.

1. Be transparent with employees.
Attempting to hide unflattering aspects of a BYOD plan can backfire if employees discover them. Being truthful about employee privacy rights and enterprise mobility management (EMM) components fosters a sense of trust between decision makers and their corporate team. We see this often with companies we work with: They explain that the technology is designed to protect and secure, but that it may collect employees' personal location information and personal apps. Be clear that you're not trying to play Big Brother, and that there are privacy filters installed to restrict access to most personal identifiable information (PII).

Building BYOD trust works both ways. CIOs and company leaders should feel confident that their employees are responsibly embracing the freedom of enterprise mobility -- and if at any point the leadership team feels that workers are not handling company data securely, they have the option to implement stricter BYOD controls.

(Source: LinkedIn)
(Source: LinkedIn)

Additionally, BYOD deployment should complement employee training. It's a growing trend for companies to teach employees what is and is not acceptable, and which apps require caution. For example, no employee should forward a corporate document to a personal mail account or take photos of meeting notes if the phone is set to upload all pics to the web and social platforms.

2. Maximize protection of employee devices.
Flexibility is a must for all BYOD plans, so that IT professionals can maintain control over sensitive data stored on employees' mobile devices. Real-time monitoring and remote wipe capabilities are some of the EMM features IT leaders can leverage to identify security threats quickly and respond to them effectively.

Healthcare and financial services firms traditionally have the highest security standards, but companies across all industries are increasing their adoption of container-based solutions. Popular policies include restricting copying and pasting of sensitive information from mail, calendaring, and contacts to non-approved applications. This ensures that users cannot send or save important information -- whether intentionally or by mistake. The sandboxing of corporate and personal data can help ensure appropriate levels of security are in place.

3. Monitor corporate information consistently.
If a security breach occurs, it is important for IT teams to respond quickly and effectively. Companies often set up automated alerts to notify them in near real-time when a device has been jailbroken or is outside its predetermined "geo" fence, when a blacklisted application has been installed, or when a user has reached his or her data limit. Such real-time monitoring capability allows IT teams to identify security violations quickly.

Incorporating these elements within a holistic device management program can help companies be more proactive about enterprise mobility. Prepare and engage employees for BYOD by developing a solution that helps manage all employee devices. The result will be more efficient work processes and minimal security risks.

Fully 75% of 536 respondents say their orgs are as or more vulnerable to malicious code attacks and security breaches compared with a year ago. And in the face of a crushing skills shortage, 40% subsist on no more than 5% of the IT budget. Where do we go from here? Get the Research: 2014 Strategic Security Survey report today (registration required).

Jim joined Fiberlink in 2004 and is responsible for all product and customer-facing aspects of MaaS360, a software-as-a-service (SaaS) platform for mobile management and security. Prior to Fiberlink, an IBM Company, Jim led the core product line for Tut Systems. He also ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Broadway0474
50%
50%
Broadway0474,
User Rank: Ninja
7/9/2014 | 11:03:45 PM
Re: Diminishing Returns?
@jastro, I loved how you say that non-BYOD setups is like the "old days"! I would love to see the latest stats on how many larger employers are strsight BYOD, non-BYOD or a blend of both.
jastroff
50%
50%
jastroff,
User Rank: Ninja
7/9/2014 | 10:21:15 AM
Diminishing Returns?
I was wondering, after reading this comprehensive article, at what point does BYOD approach diminishing returns for an enterprise over a Non-BYOD environment? One in which devices are issued and maintained for enterprise tasks (as in the olden days). Is it shaking out to be a 50-50 proposition. Just as much time and effort either way?
8 Steps to Modern Service Management
8 Steps to Modern Service Management
ITSM as we know it is dead. SaaS helped kill it, and CIOs should be thankful. Here’s what comes next.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.