Best Practices of Bring Your Own Device Strategy

Over the past two decades, we have witnessed significant technology advances in mobile devices, from the personal data assistants (PDAs) of early 2000s to the omnipresent Smartphone of today.  These advances have both intertwined and blurred the boundaries of personal and corporate life of today corporate users. Technologies have enabled the unending access to emails, mobile business applications as well as  sensitive company data anytime, anywhere.

While this demonstrates the practicality, flexibility of using mobile devices to conduct business, some may even stood on high ground, raving about the virtues of increased productivity. But undeniably, it has also created a herculean task for organization to ensure that they have an adequate framework to ensure new security threats are contained and nullified as they transient heinously  across various platforms.

Not surprising, only a  few organizations have a mobile security agenda in place, and many organizations are still unaware of the security threat posed by unrestricted Smartphone. The poll, gathered at a mobility webinar by Software AG, found that 60 percent of companies had no mobility strategy and 38 percent of those surveyed are yet to consider their strategy, while 22 percent have only just begun “initial research”.

Challenges faced by organizations

The proliferation of mobile devices and mobile applications, combined with the demands from executives and employees for support of their personal devices to access business applications and data, force IT organizations to take a hard look at their current mobile infrastructure. Unfortunately, much of this infrastructure is inadequate to deal with today’s challenges, including:

  1.  The growing diversity of mobile platforms and applications being introduced resulting it an uphill tasks for the IT department to play keep up.
  2.  Addressing mobile security concerns and protecting data as it moves further outside the network perimeter
  3.  Many organizations also do not have authentication policies(mobility security policies for the matter) on their employees’ mobile devices allowing unauthorized access
  4. Unable  to react to a security compromise or suspicious user behavior by locking down a mobile device and wiping the contents if required.

Recommendations

Correctly implementing a mobile device strategy across the corporate environment and mapping that strategy to local device settings can help address concerns surrounding data loss prevention, stolen devices, password policies, VPN access to intranet resources and other security issues. A mobile strategy framework review can identify risks in mobile device settings and vulnerabilities in the current implementation.

Based on experience and best practices, below are the recommended approach to evaluate and plan out your BYOD strategy.

 a)    Conduct a comprehensive evaluation of your use case

b)    Identify the risks you may encounter and the controls you need.

c)     Develop a proof of concept/pilot

d)    Selection of the right Mobile Device Management (MDM) solution

 As mobile technologies continue to innovate over the coming years, organizations using these technologies will need to continuously assess the security implications of adopting these advancements. Only a evolving and agile mobile security risk approach will enable a holistic evaluation of the risk exposure that comes with these new innovations.

Thanks to drop any comments that you may have.