In October’s newsletter we looked at endpoint security as a whole, and how the BYOD Era is changing how companies are protecting their networks. As a reminder, BYOD stands for Bring Your Own Device and has to do with employees using their own personal devices for work reasons. To follow the BYOD topic, this month we’ll talk about protecting a business’ data and networks through programs and policies. These practices, along with endpoint security that was previously discussed, help companies protect themselves while enabling their employees to be productive with personal devices.
Consumerization is having a major impact on IT departments with company employees wanting to use the device of their choice to most efficiently get their work done. Supporting and protecting against numerous, unknown devices can be challenging. Because of this, organizations are moving towards implementing company policies that allow employees to embrace BYOD. When employees have the ability to work on the device they want, they are not only more productive, but also mobile with Wi-Fi almost everywhere one turns. This white paper will look at what practices are needed for organizations to empower people to choose their own device, how to protect important data, how to reduce costs, and simplify BYOD management.
People are going to bring their own devices from home to work whether there is a BYOD policy in place or not. Studies have shown that the average employee connects around four devices to the corporate network at some point in their employment. This is a large shift from when the only device connected to the network was the company-provided desktop PC. Employees are now connecting laptops, smartphones, tablets, and other devices to optimize mobility, performance, production, and size.
A BYOD strategy that encompasses both technology and policy is what is needed to protect the ever-important enterprise network and the data on it. Looking at the technology part of the strategy, employees need to be able to access business applications and information on these devices in a secure manner. Due to licensing, non-standardization of hardware and software, and sheer volume of devices, IT departments cannot simply install applications on all of the personal devices coming on the company network. One of the best approaches is to implement device-independent computing through mobility management, desktop virtualization, and secure file sharing with remote support services. This allows employees to have a single-click, secure access to all of their applications and data needed for work across various locations, networks, and devices. IT also gains control as they have the power to limit access to certain applications or resources while having the peace of mind in knowing that BYOD devices are secure on the business’ network.
Employees are able to access vital data from remote locations while not posing a risk to having that data hacked or lost. A strategy like this one also helps with cutting costs as problems with devices are handled as a whole rather than on a case-by-case basis. It also eliminates the
problem with lost devices or terminated employees as IT managers can shut off access to select devices whenever needed. In addition to your technology strategy for BYOD, the policy strategy is just as important. A few elements to consider when creating your BYOD policy include eligibility, acceptable devices, deployment, and support and maintenance.
The first consideration in a BYOD policy should be eligibility – which employees can use BYOD devices. This should be spelled out clearly in the policy and managers should be ready to answer requests from other employees who may not be eligible. Some possible ways to determine eligibility are: it is a privilege for certain employees, it is demanded by employees, or it is a requirement for specific jobs. To help which employees may need it as a requirement, look at the type of work, how often they need to remotely work (travel), and if they need consistent access to business-critical data.
Next, businesses should look at what devices are allowed. Desktop virtualization opens the door to almost any device because it is possible, for example, to work on a Windows desktop on a devices that is not Windows-based. Business mobility management helps IT greatly with security because it can manage any device and terminate access to any that are lost, stolen, jail broken, or pose a risk to the network. As discussed before, a rise in productivity can be expected as employees are able to work on what devices they want, not what they are given.
One of the most important keys to BYOD management is the rollout of the policy. Employees should be notified of the program and given time to let them decide if they want or need to participate. Training may be needed when explaining the responsibilities involved in BYOD with how data can be accessed and used. Lastly, work and business should be kept separate even though they both may be done on the same device. Work emails should not be sent from personal accounts and vice-versa.
Support and Maintenance
This part of the policy can be tricky as many employees see the IT department as the “fixers of everything technology-based.” A good BYOD policy will spell out exactly what type of maintenance that the IT department can help with in terms of BYOD devices. This not only protects the IT department from being inundated with support calls, but it also frees up their time to work on more productive projects. An example of what maintenance policies to write, one company provides help with wireless connectivity, antivirus/malware software, and any help with how to gain access to information or use the mobile management system. All other problems, the IT department should know where to direct the user to get help. For example, if an employee cracks their screen on a personal device, it is not the IT department’s job to fix it.
By handling maintenance in this fashion, total costs for maintenance is reduced because people take better care of the products they own than the ones that are company-owned.
In summary, when creating a BYOD strategy, there are a variety of different strategies and policies that a business can implement. The key is finding the right mix of available technology strategies and business policies that provides the most protection for your data and the firm’s network. Employees should also be able to access the files that are needed on their device. Without this, the benefits that BYOD provide are limited. Some key things to keep in mind when creating a policy is that it should empower people to choose devices they want to work on. It should protect key information and make it clear who is allowed to access the network and how to do it. The BYOD Era will continue to change and grow so be sure to begin to formulate a strategy if you haven’t already done so.
(Thanks to Citrix White Paper – A guide to selecting technologies and developing policies for BYOD)
Any questions about any of the services discussed in the article or any help needed when formulating a plan can be directed to Think at [email protected].