BYOD: Reducing the Risk with Mobile App Management

March 26, 2013
142 Views

byod mobile managementIt is likely safe to say that the concept of Bring Your Own Device (BYOD) has gained a foothold in today’s IT culture, having morphed from a simple low-level trend to a legitimate movement that seems to be picking up steam by the day. 

byod mobile managementIt is likely safe to say that the concept of Bring Your Own Device (BYOD) has gained a foothold in today’s IT culture, having morphed from a simple low-level trend to a legitimate movement that seems to be picking up steam by the day. 

While the sub-market spawned by BYOD is flourishing with multi-platform BYOD services, solutions, applications and everything else that a new phenomenon might elicit, BYOD for some, especially IT administrators and the like, is simply little more than a pain in the &$@#*.

This fact leaves many wondering how improved employee morale, increased worker productivity, and the ever-important savings in cost could develop such an unfavorable response.

Let’s Take a Shot at Why

  • Security, security, security: whenever I have a conversation regarding BYOD with other IT geeks the topic of security is invariably brought up first.  In a security landscape already resplendent with complexity, vulnerability, susceptibility, and risk the implications surrounding BYOD security may simply be “piling on.”  Therefore, the overt need for proper management oversight and control, coupled with a thorough employee training regimen regarding BYOD, is paramount.  
  • There may very well be hidden costs with BYOD.  Indeed, while employees may drop their own dime on devices they may be costing more in the long run due to data plans that are wasteful and uneconomical.  Throw in careless public wireless usage and it gets worse it would seem. 
  • While BYOD has been lauded as a productivity increaser I have to wonder. With the way folks have seemingly become attached at the hip to their Facebook pages and games and all the other crap that defines mobile device culture I can’t help but think that employees might not take liberties on company time to see what their pals had for lunch or who broke up with who or what time their favorite band goes on or…you get the point.  IT departments may not have adequate control over their employees’ mobile landscape, something that becomes all the more difficult due to the rapid development of mobile technology.  It seems as soon as IT gets a handle on something, the landscape changes. 

 

Is BYOD All It’s Cracked Up to Be?

In light of these concerns is BYOD something to avoid like the plague?  As BYOD becomes more prevalent will more and more enterprises actually refuse to embrace that which so many others have welcomed?  Will being anti-BYOD come into vogue?!

Mehhh, probably not.  IT departments are not reinventing the wheel with regards to BYOD and the smart ones don’t trip after themselves to blindly follow the latest IT flavor-of-of-the-month because the competition does.  In my estimation it is simply a matter of learning from the mistakes, as well as successes, of others by analyzing data breaches and how they are dealt with, reported, etc. and gathering and interpreting data as to what enterprise mobility:

  • offers employees
  • provides with regards to the objectives and mission of the company
  • presents to customers and vendors 

Of all the questions that need to be answered with regards to implementing (or not implementing) BYOD a good place to start may be getting an understanding of just how many employees actually utilize their own devices in pursuance of their job duties in the first place.   

If indeed the kibosh is put on BYOD other issues may come to light, such as:

  • accounting for prohibited devices accessing sensitive data or company resources
  • unlawfully housing intellectual property
  • rooting out malicious or illegal mobile threats

 

Enter the Friend of the IT Manager: ‘Best Practices’

While there may be perceived issues, BYOD enhances technical competency in an age that is maturing and gives organizations license to effectively protect and manage their own technologically-hip workforce.

Thus, to be successful in the age of the mobile device IT departments must keep a sharp eye on every single, inventoried device within the employee pool and maintain an acute understanding of those entering, exiting, and accessing the network at all times.  Effective measures must also be in place to warn and notify of unauthorized device access.  

While it sometimes sticks in the craw of the disparate entities within an organization the very nature of BYOD also implicitly requires multi-department involvement.  HR, legal, accounting…each has a stake in some capacity and thus must account for the myriad risk potentials associated with BYOD and define and develop policies to assure that no stone is left unturned in this regard and everyone covered.      

These well-defined BYOD ‘best practices’ policies certainly require a great deal of planning and outlining though in time will allow organizations the ability to reduce if not eliminate data and security breaches.  This ‘best practice’ outline should also include the ability to quickly deactivate and erase any proprietary data residing on a device as administrators see fit, which is especially relevant should employees, for lack of a better term, no longer be employees.

If properly implemented mobile device management solutions allow managers to effectively oversee and control every device, be they owned by the employee or company, used within the enterprise.       

Hardware is expensive and IT, not to mention accounting, departments are abundantly aware of this.  But with the hardware comes expensive data plans which also must be managed in concert with the devices themselves.  If data plans are ill-managed then any savings associated with BYOD may go right out the window.  Thus, mobile data expense solutions must be implemented to control usage and issue alerts to employees indicating when data usage is in danger of becoming too excessive or has exceeded a predetermined limit.    

HR and accounting/finance must collaboratively develop an employee reimbursement program to address this potential and to assure that users understand the repercussions of excessive usage and make every effort to stay within the limits of the plan. 

Office Memo: MANDATORY BYOD Employee Training Today!

Education, education, education…if only this received as much shrift as security.  As it was once stated by a wiser sage than me, “It’s hard to find fault with someone if they have never been shown the right path.”  This adage certainly holds true for BYOD, and proper employee training is a first step in mitigating the lion’s share of the issues surrounding the phenomenon.  It can also help lessen the annoyance and irritability factor of IT departments! 

Ongoing workshops, tutorials, and educational material must be provided to the employee in order to “engrain in their brain” the compliance standards and guidelines surrounding BYOD, as well as the implications and repercussions of not abiding by what is clearly outlined in best practice policies.  Adding a ‘Zero Tolerance’ policy with regards to acting in ways unbecoming may also be added, ensuring that employees gain an intimate understanding of company policy with regards to BYOD.        

Indeed, like anything else BYOD may or may not be the best strategy for every employee in every company.  In fact, BYOD may simply not work for some outfits period.  But for those that do embrace it a little foresight and due diligence can take an organization a long way as well as allow IT managers to sleep better at night.