BYOD security: 5 ways CIOs can securely embrace BYOD
There are many reasons for enterprises to embrace bring-your-own-device (BYOD) policies. For starters, BYOD can reduce hardware and software costs, improve employee satisfaction and even increase employee productivity. Forty-two percent of employees enrolled in BYOD programs say their efficiency and productivity has risen, according to a BT survey highlighted in eWeek. Despite all of BYOD’s benefits, security remains a considerable threat.
How can your organization embrace BYOD and reap its benefits without increasing security risks? Here’s a look at five best practices for BYOD security in the enterprise.
1. Create a Comprehensive BYOD Policy
Since devices will reside in the hands of employees, their compliance with BYOD security policies is critical. In fact, your employees and how they use — or lose — their devices will likely be the biggest security threat your enterprise faces. A comprehensive BYOD policy mitigates a significant portion of this risk. A good policy should cover acceptable-use policies such as:
- Types of devices allowed
- Networks, services, applications and data permitted
- Rights that users must grant the employer to monitor and control device settings, applications and data
Additionally, the policy should discuss employees’ responsibility for registering new and retiring old devices, and enforcement policies. Require an employee’s signature to confirm that everyone has read the policy and agrees to comply.
2. Implement a Mobile Device Management Solution
A mobile device management (MDM) solution makes it possible to remotely manage employee devices. MDM includes the ability to provision devices, set passwords and selectively wipe devices to remove enterprise data if a device is lost or an employee leaves.
The critical component of a successful MDM solution, however, is finding a way to implement it that still provides employees with a sense of personal privacy and trust that their personal data is safe; otherwise, they are unlikely to comply. Gartner found that 20 percent of BYOD programs will fail because IT departments attempt to implement MDM solutions that employees find too restrictive, as reported by Fierce Mobile IT. Any MDM solution selected should have the ability to selectively wipe data so employees can feel confident that their personal data is safe.
3. Control the Data, Not Just the Device
Another way to better address privacy concerns as well as offer additional safeguards to corporate data is through the use of a mobile application management (MAM) solution. Device-agnostic MAM solutions compliment MDM by creating dual personas to further containerize personal and business data, and help alleviate employees’ privacy concerns. MAM can also provide mobile app security by detecting outdated, disabled or deleted apps — both whitelisted and blacklisted. A MAM solution can then transparently install and maintain missing whitelisted apps such as firewalls or spam filters.
4. Secure Data Outside the Workplace
BYOD use is not limited to the walls of the enterprise. To increase productivity, employees may use their devices for work-related tasks at home or anywhere else they may be — including the coffee shop down the street. That presents a significant security risk, as sensitive data may be exposed to an unsecured network. In addition to developing clear policies and practices around the transmission of company data, requiring the use of a Virtual Private Network (VPN) can alleviate many security concerns, as VPNs offer a secure and encrypted connection over unsecured networks.
5. Consider the Impact of Wearables
Currently, wearables comprise a very small part of the BYOD environment, but it’s still important to be aware of which wearables are on the market and how they may impact your network. In addition to network access, one of the biggest security concerns around wearables is audio and video recording capabilities. While most fitness-tracking wearables will not include this feature, wearable watches or glasses could present opportunities, knowingly or unknowingly, for passwords and other sensitive data to be recorded. To protect your organization, your BYOD policy should address wearables, including which devices are allowed, when and where; how they connect to the company network; and the requirements for storage and encryption of company data.
As BYOD evolves, so will BYOD security threats. It is important to continually evaluate your BYOD policies and security practices to ensure that new threats are addressed and new BYOD policies are communicated to employees. At the end of the day, it’s a balancing act to provide BYOD security while still allowing the end user the freedom and flexibility to use their devices in a way that enhances productivity and fosters a positive experience. Achieving the correct balance may require constant tweaking — but it pays to get it right.