The article discusses the trend of using personal devices for work in terms of the policies that companies should take for successful...
The BYOD (Bring Your Own Device) phenomenon is more than just a trend. But businesses are establishing different policies- some ignore it because of the security issues while other instate a complete BYOD policy to minimize costs and maximize productivity. According to Gartner, by 2017, half of employers may have a mandatory BYOD policy - making staff bring their own devices to work (Tweet This!). At the same time, Gartner's BYOD research shows that by 2016 over 30% of BYOD strategies will leverage personal applications, data and social connections, for enterprise purposes.
David Willis, vice president and distinguished analyst at Gartner sees the benefits of BYOD in creating new mobile workforce opportunities, increasing employee satisfaction, and reducing or avoiding costs.
Implementing BYOD to your company's work process is not just about making it a free-for-all practice. It needs serious management. To actually achieve increased productivity and minimize security risks, practical steps must be taken and applicable tools need to be used.
Below are several points to for effective BYOD management.
1. Monitor the Access to the Network
You should always be aware of who has access to your network to control the safety of your corporate data. On a regular basis, review if there are people who are not supposed to have it, such as former contractors or employees. Make sure that you don't have any open access to data without authentication, paying attention to unusual activities like multiple unsuccessful logins.
2. Provide a Constrained Remote Access
Every company has some highly valuable information that needs to be protected very carefully. Using personal devices to access this prioritized information remotely should be monitored thoroughly, while less-valuable data can be controlled less strictly.
3. Choose the Permitted Devices
You should clearly inform your staff which type of devices will be supported. Also, you should let your employees know whether you continue to support company-owned PCs or laptops- if the choice to use their own devices is optional.
4. Make Sure the Devices are Secure
Many people neglect setting passwords and lock screens- especially on mobile devices. According to a global study conducted by McAfee and One Poll, 36% of users don't lock their mobile device with a PIN or a password (Tweet This!). But under the conditions of using devices for work, the security policy becomes a must for employees. You should communicate that company information is strictly personal and the data must not fall into someone else's hands under any circumstances.
5. Know the Devices' Configuration
It is important to ensure that the devices used by employees are configured properly and are minimally exposed to risk of data loss through electronic means. For this purpose you can use some specific management or audit tools that would automatically report the configurations of the devices and help employees to maintain secure settings.
6. Find the Privacy Balance
Despite the fact that your workers use their devices for accessing the corporate data, a sense a privacy should still be maintained. If you use some management tools for monitoring configurations, you should not forcedly push modifications to devices. Private data, such as locations, messages, emails etc., should not be accessible to IT administrators. That is why it is recommended to make sure that any tools you use do not compromise users' privacy.
7. Establish a Certain Service Policy for Personal Devices
This issue is not about setting the full service support for BYOD or refusing to serve devices at all, but it is about defining a single transparent service policy and following it with all employees. When problems occur, users should know clearly the level of support the company can provide. In particular, the following questions should be clear:
- What reporting system should we use to fix problems (tickets, email or personal communication)?
- Are personal apps installed on the device under support as well?
- Will the employee be provided with another device while his own one is being serviced?
- What is the level of service for broken devices?
8. Establish the Employee Quit Strategy
When using BYOD policy, it can be difficult to remove all company-related data from the employee's device when he quits. Just wiping everything would result in personal data loss as well. You should have a methodology for such events so that not to have problems in future.
9. Be Ready to Handle any Data Breach
The thing to remember is that all the tips above aim to reduce risks, but they won't remove them entirely. One way or another, you should always have a plan for unexpected problems. The important points to think about in advance are: what configurations should be immediately changed, who should be notified, how to protect the most sensitive data. This plan will be the effective guidance if troubles come out.
BYOD Management Tools
There are two general BYOD management strategies to do this -- mobile device management (MDM) and mobile application management (MAM). Mobile device management tools provide a full-device control, which keep sensitive data secure by remotely accessing the device and wiping data. The TechNavio research showed that MDM represents more than 90 percent of the global BYOD security market, while MAM takes small slice of the pie (Tweet This!).
But the problem with MDM approach is drawing the line between personal and corporate data. More granular controls are possible with MAM strategy, which allows you to manage and secure only certain apps. Ken Hess, Windows and Linux system administrator, named 10 BYOD mobile device management suites, which are: AirWatch, AmTel MDM, Dialogs Smartman Device Management, IBM Endpoint Manager for Mobile Devices, MobileIron, Symantec, Fiberlink MaaS360 and others. Check them out here.
Author Bio: Andrew Smith is a social media marketer, a web developer in the past, a writer working in QArea, which is specialized in providing web, mobile, desktop app development/testing services. Andrew enjoys writing about social media, marketing and IT technologies in his IT blog.