How to create a mobile device policy in the BYOD era
- 23 July, 2012 12:20
- Comments 1
Bring-your-own device (BYOD) policies might placate workers who can't live without their iPhone but several steps, including employee agreements, are needed to ensure a potential security nightmare is avoided, according to one analyst.
Speaking at the recent Gartner Security and Risk Summit in Sydney, US analyst John Girard told the audience that when forming a policy, IT executives first needed to realise that BYOD may actually end up costing the company more.
“Charges are a big issue because we’re telling people to use their own equipment,” he said. “If you pass all the costs on to the user you have to accept that it changes service-level agreements.”
BYOD necessary but increases costs: IDC
Girard provided the following tips for a successful BYOD policy.
Get employee agreements in writing
According to Girard, a signed piece of paper can help to avoid arguments between CIOs and other C-level executives. For example, if a C-level executive loses data on their mobile device and tries to blame it on the IT manager, the IT manager can show the executive a copy of the document they signed which shows they are responsible for their own backups.
“Your biggest problem is data exposure and compliance. If the user loses their device or it’s a shared device, at some point you have to provide accountability such as who had access [to data] and where was it shared,” he said.
“That’s the essence of fines, disclosure and operational difficulties that a lot of companies get into. We’ve seen some big fines come out but it can be extremely expensive to mitigate all the breach disclosures that go on after information has been lost.”
Mobile device certificates
If the company uses applications where data is stored on the mobile device, Girard suggested the use of certificates to invite people to get access to the virtual private network (VPN), email or Wi-Fi services.
“Certificates are an in-depth imbedded part of mobile application architecture and operating system architecture,” he said. “If you are using a mobile device management [MDM] tool, you get a very simple console that allows you to specify use patterns for people who are getting access by certificate,” he said.
MDM tools
According to Girard, MDM tools will cost the enterprise money but save IT executives time and effort.
For example, he cited a Symantec MDM product that includes a requirement for user authentication, rules on if users can store business data on the device and when that information has to be deleted.
“This leads to a dashboard which shows which of your users are following the policy and leads you to an exception report which indicates if anyone tries to jailbreak their device,” he said.
“If the device is jailbroken, the mobile management system will show what actions were taken such as no more access to email or the VPN while the device remains jailbroken.”
Latest mobile operating systems
In addition, IT executives needed to impose strict a BYOD policy with regards to older iOS and Android operating systems (OS) because of vulnerabilities.
For example, Girard said that the iPhone would need to be the 3GS model running iOS 5 or a newer version of the OS.
“If it’s an Android device you have to say Android 4 or later and ask for proof that the [Android] device has encryption. That is because Android certification does not require proof of encryption.”
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow CIO Australia on Twitter: @CIO_Australia
Recommended
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
-
Solving the skills conundrum – part 1
-
Australia suspected to have PRISM data: Ludlam
-
Australia Post’s mail business to lose $200 million this year
-
Australia Post’s mail business to lose $200 million this year
-
Microsoft's ambivalence about Office on the Web gives Apple shot with iWork on iCloud
-
Enterprise Mobility Management: Embracing BYOD Through Secure App and Data Delivery
The transformation of computing through mobility, consumerisation, bring-your-own device (BYOD) and flex-work offers powerful benefits for today’s organisations - but it poses significant challenges for IT. The first response of many IT organisations to the influx of consumer-grade and employee-owned mobile devices has been to lock down and control every mobile device in the enterprise through mobile device management (MDM) solutions. Find out why Citrix enterprise mobility management is the best approach. -
Best Practices for Migrating to SharePoint 2013
This white paper details a number of best practices for migrating to SharePoint 2013. These best practices also apply to migrations to most earlier versions of SharePoint. Download now. -
Best Practice in BYOD
The key trend affecting enterprise mobility today can be summarized in four letters: BYOD – Bring Your Own Device. As the number of end-users bringing devices into your organization grows, so does the need for an effective Enterprise Mobility Management (EMM) solution. Learn how to manage devices across multiple platforms all from a single, centralised and unified management console. Download for more!
Get exclusive access to Invitation only events CIO, reports & analysis. 
Comments
vlad
1
Apps are what is needed to make your smartphone smart and unique.Im fond of app creating and find it really helpful to use site like Snappii where i can build apps in minutes.