3 BYOD Risk Prevention Strategies - InformationWeek
Cloud // Software as a Service
09:06 AM
Jim Szafranski
Jim Szafranski

3 BYOD Risk Prevention Strategies

An effective BYOD plan must balance control with convenience. Here's what to keep in mind.

13 Ways To Beat Big Brother
13 Ways To Beat Big Brother
(Click image for larger view and slideshow.)

Managers often believe a bring-your-own-device (BYOD) strategy is a silver bullet to solving mobile communication problems within their organization. Thoughts of "I don't need to purchase hardware for employees" or "Workers are more productive with their own device" can mask the challenges that often accompany BYOD programs. Today's business environment is becoming a target for data breaches and various security risks, so organizations cannot afford to overlook security when developing a BYOD strategy.

However, there's a fine balance when implementing BYOD security regulations -- you don't want to be so overzealous about security that employees' work is hindered. Done right, BYOD can reduce technology expenses while increasing end users' productivity and improving office morale. An optimal enterprise mobility strategy provides comprehensive device security without impeding employees' pace of work.

For example, many companies have traditionally forced users to connect with a VPN before accessing company resources. On mobile devices, that process is a real pain. It's also not practical -- since most users switch between work and personal tasks, it actually discourages users from staying connected and productive. Companies can implement in-app VPNs and Micro VPNs, which automatically connect specific apps to the corporate network without requiring users to make that connection manually. Companies can also distribute secure browsers that allow users on to internal links that automatically connect to Intranet sites or web application servers without manually launching and connecting with a VPN.

[BYOD: It's about much more than just devices. See BYOD Expectations Just Keep Rising: InformationWeek Video.]

Without a well-designed and unified device management strategy in place, companies risk exposing their most sensitive data to outside sources -- and even competitors -- while stunting employee innovation. Here are three ways to create a plan that maximizes the benefits of BYOD while mitigating the threats.

1. Be transparent with employees.
Attempting to hide unflattering aspects of a BYOD plan can backfire if employees discover them. Being truthful about employee privacy rights and enterprise mobility management (EMM) components fosters a sense of trust between decision makers and their corporate team. We see this often with companies we work with: They explain that the technology is designed to protect and secure, but that it may collect employees' personal location information and personal apps. Be clear that you're not trying to play Big Brother, and that there are privacy filters installed to restrict access to most personal identifiable information (PII).

Building BYOD trust works both ways. CIOs and company leaders should feel confident that their employees are responsibly embracing the freedom of enterprise mobility -- and if at any point the leadership team feels that workers are not handling company data securely, they have the option to implement stricter BYOD controls.

(Source: LinkedIn)
(Source: LinkedIn)

Additionally, BYOD deployment should complement employee training. It's a growing trend for companies to teach employees what is and is not acceptable, and which apps require caution. For example, no employee should forward a corporate document to a personal mail account or take photos of meeting notes if the phone is set to upload all pics to the web and social platforms.

2. Maximize protection of employee devices.
Flexibility is a must for all BYOD plans, so that IT professionals can maintain control over sensitive data stored on employees' mobile devices. Real-time monitoring and remote wipe capabilities are some of the EMM features IT leaders can leverage to identify security threats quickly and respond to them effectively.

Healthcare and financial services firms traditionally have the highest security standards, but companies across all industries are increasing their adoption of container-based solutions. Popular policies include restricting copying and pasting of sensitive information from mail, calendaring, and contacts to non-approved applications. This ensures that users cannot send or save important information -- whether intentionally or by mistake. The sandboxing of corporate and personal data can help ensure appropriate levels of security are in place.

3. Monitor corporate information consistently.
If a security breach occurs, it is important for IT teams to respond quickly and effectively. Companies often set up automated alerts to notify them in near real-time when a device has been jailbroken or is outside its predetermined "geo" fence, when a blacklisted application has been installed, or when a user has reached his or her data limit. Such real-time monitoring capability allows IT teams to identify security violations quickly.

Incorporating these elements within a holistic device management program can help companies be more proactive about enterprise mobility. Prepare and engage employees for BYOD by developing a solution that helps manage all employee devices. The result will be more efficient work processes and minimal security risks.

Fully 75% of 536 respondents say their orgs are as or more vulnerable to malicious code attacks and security breaches compared with a year ago. And in the face of a crushing skills shortage, 40% subsist on no more than 5% of the IT budget. Where do we go from here? Get the Research: 2014 Strategic Security Survey report today (registration required).

Jim joined Fiberlink in 2004 and is responsible for all product and customer-facing aspects of MaaS360, a software-as-a-service (SaaS) platform for mobile management and security. Prior to Fiberlink, an IBM Company, Jim led the core product line for Tut Systems. He also ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
7/9/2014 | 11:03:45 PM
Re: Diminishing Returns?
@jastro, I loved how you say that non-BYOD setups is like the "old days"! I would love to see the latest stats on how many larger employers are strsight BYOD, non-BYOD or a blend of both.
User Rank: Ninja
7/9/2014 | 10:21:15 AM
Diminishing Returns?
I was wondering, after reading this comprehensive article, at what point does BYOD approach diminishing returns for an enterprise over a Non-BYOD environment? One in which devices are issued and maintained for enterprise tasks (as in the olden days). Is it shaking out to be a 50-50 proposition. Just as much time and effort either way?
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll