Has your organization caved to the pressure of establishing a Bring Your Own Device (BYOD) policy and is now having second thoughts? Making company-wide policy changes and satisfying tech-savvy employees’ desires is just the beginning. Once BYOD is up and running, there are many challenges. The difference between success and failure means addressing key concerns and finding ways to overcome these issues.
Mobile Device Management
Has your organization caved to the pressure of establishing a Bring Your Own Device (BYOD) policy and is now having second thoughts? Making company-wide policy changes and satisfying tech-savvy employees’ desires is just the beginning. Once BYOD is up and running, there are many challenges. The difference between success and failure means addressing key concerns and finding ways to overcome these issues.
Mobile Device Management
Security is undoubtedly the most pressing concern with BYOD. Even with a sound policy, the rapidly shifting security landscape is a challenge. The constant updating of devices is, too. You must constantly adapt your threat defenses and corporate policies. Mobile Device Management (MDM) provides many benefits, including a centralized view of data stored on devices. There are many cases of unhappy employees misusing sensitive information or hackers accessing vulnerable mobile networks. The safest approach is when administrators can see the first signs of a breach and take action.
An MDM system provides access control and monitoring of corporate data. Information on a stolen or lost device can be immediately erased. Mobile apps have caused challenges of their own. Many of them collect personal data and store them in the cloud. An important feature to look for is Mobile Application Management, which keeps track of all the apps on your mobile network and even blocks ones known to be particularly risky.
Vendor Managed Services
Not every company employs the most needed talent. A cost-effective way to offset this imbalance is to pursue vendor managed services. Consulting organizations have emerged in the mobile era and employ the technology, tools, and methods to efficiently manage data. DataXoom, a mobile virtual network operator, provides MDM, asset management, and even assistance with procuring the best hardware and software. The ultimate goal is to manage the financial cost of bring your own device and managing data on and accessed by mobile devices.
Stay Compliant
Compliance with the latest standards is essential for keeping BYOD in your company. The Payment Card Industry Data Security Standard 3.0 is one you should be following. It provides guidelines and testing procedures related to building a secure network, protecting cardholder data, and implementing effective access control. Also covered are monitoring and testing and maintaining an information security policy that includes all devices, systems, and personnel. The PCI DSS 3.0 standard is also a guideline for internal and external auditors.
Fine Tune Your Policy
A BYOD policy isn’t static. It needs to adapt to changing security risks and company requirements. For the policy to work, you need to identify what devices are permitted on the network, and control information access down to the individual device. Administrators also need to think about password complexity, screen locking, and other security measures.
Other elements of your policy should outline how technical support operates. Also include permitted apps and rules for acceptable websites, materials, and how all of these are monitored. In addition to governing usage, your leaders should also have a plan for what happens when an employee leaves the company. Do they return the phone or do you just remove access to email, company apps, and data?
Some organizations have resorted to a Choose Your Own Device (CYOD) policy. Users are issued corporate owned devices. They may or may not have a pick from approved products. This gives the company more control over compliance and security, while it pays all costs related to the device.
What about Privacy?
Today’s employees have been outspoken about their rights to have personal data on the same device as their work. The challenge is businesses must protect their mobile networks against unauthorized use. Employer access rules have drawn controversy amongst IT policy drafters. While work-related data could be subject to legal investigations down the road, personal information would be exposed as well. The level of control over personal data has been less than ideal for many workers. Yet, privacy matters still need to be addressed.
Conclusion
These are just a few of the main issues regarding corporate BYOD. Implementing the policy takes work, but continual monitoring and adjustments are required for a successful mobile device policy. That means your company and stakeholders must adjust to change. Security challenges, compliance requirements, employee sentiment, and the devices themselves will certainly be in flux in the years to come.
