BYOD is inevitable, but the security
is a big deal. According to an Intel survey report of
2012, 3,000 IT decision makers and 1,300 end users from Australia,
Germany, South Korea and the United States understand their BYOD Policy
challenges. In three of the four countries, IT Managers considered a lack of
security features the most important factor inhibit device adoption. The ability of the software-management
tools is somewhat idle to some of the top BYOD Policy security issues. These
include
·
Unlicensed Software
·
Unsecured Third-Party Connections
·
Malware
·
Rooted Devices
·
Lost, Stolen, Or Damaged Devices
1. Who owns the
device? (Employee’s concern)
2. Who manages
and secures the device? (Company’s concern)
The first and best defense in securing BYODs begins with the same
requirements applied to devices that are already on the network. Company’s security and BYOD can
co-exist. But it starts with planning which should include Employee’s concern
and company’s concern. Here’s how:
1. Decide devices to be used as BYOD-Mobile
devices (smart phones),Tablets (e.g., iPad), Portable computers (laptops,
netbooks, ultrabooks).
2. Educate
consumers about the BYOD policy including
·
Business
stakeholders
·
IT
stakeholders
·
Information
security stakeholders
3. Launch a pilot project which include these
capabilities
· Specified Operating System (OS)
· Cloud storage and security
· Data and device encryption
· Policy compliance and audit reports
· Remote device management
· Upgrading or wiping devices when retired or change in end-user
relationship with the company
· Determine who has network access based
on who, what, where and when.
4. Secure
BYODs and BYOD policy security with existing IT administrator
·
Enforcing strong pass codes on all
devices
·
Antivirus protection and data loss
prevention (DLP)
·
Full-disk encryption for disk,
removable media and cloud storage
·
Mobile device management (MDM) to wipe
sensitive data when devices are lost or stolen
·
Application control
5. Evaluate
implementation and upgrade existing technologies.
6. Open BYOD
program with the BYOD policy security to all employees and control access based
on need to know.
7. Periodically
reassess solutions including vendors and trusted advisors.
Most
users think that viruses are the only threat to their devices. Many believe
that malware doesn't affect mobile devices at all. User awareness is the most
important security measure and it might be the most important non-hardware,
non-software solution available. User education makes the user aware of all the
potential dangers of BYOD device in BYOD policy security. An educated user is a
safer user.
