A Realistic ApproachBy Shahin Pirooz | Posted 2012-06-19 Email Print
Here’s what you need to know to manage the onslaught of employee-owned smartphones and tablets in the workplace.
A Realistic Approach to BYOD
When developing a strategy to deal with the invasion of mobile devices, there are three potential approaches. You could forbid outside mobile devices because they are too hard to manage; you could allow unmanaged and insecure mobile devices; or you could develop a strategy and acquire tools to secure and manage both devices owned by the company and those owned by the employee.
The first two approaches aren’t feasible because employees don’t take kindly to being told not to use their personal devices for work. And, if you allow any unsecured device to connect to the enterprise network, you have the potential for viruses, hacker attacks and loss of vital corporate information—whether intended or unintended.
The third approach is the most realistic, giving employees the freedom to use their preferred devices while protecting corporate resources. Plus, it is a natural evolution of the IT staff’s duties. They are already managing servers and desktop computers, so smartphones and tablets should simply be an expansion of those endpoints.
There are many similar duties associated with traditional endpoint management and mobile device management. These include inventory, establishing security policies, configuration and encryption.
Whether you choose to manage mobile devices in-house or find a technology partner to assist in these efforts, it’s important to take a unified approach that incorporates both BYOD and existing endpoint management into a single solution with cohesive policies and controls.
endpoint management solution that is capable of supporting a BYOD strategy should
include the following:
·Platform support: Because you cannot control which wireless devices your employees use, IT should support, at a minimum, Apple’s iOS, Google’s Android, Nokia’s Symbian, Windows Phone and Windows Mobile.
· Management actions: To ensure security of corporate information if a mobile device is lost or the employee leaves the company, you should be able to selectively or completely wipe the device, remotely lock it and deny email access.
· Application management: You should be able to inventory applications on each device, develop an enterprise app store, and whitelist and blacklist apps.
·Policy and security management: You should not have to compromise existing security policies to employ a BYOD approach. An effective solution should enable you to maintain preferred password policies and support device encryption, jailbreak and root detection.
·Location services: In the event a device is lost or stolen, you should be able to track and locate it on a map.
·Enterprise access management: You should be able to configure email, VPN and WiFi to ensure that mobile device users have access only to the parts of the network or applications for which they are authorized.
By re-evaluating your approach to endpoint management to include support for the wide variety of mobile devices that your employees are using to access corporate resources, you can effectively support a BYOD strategy that improves worker productivity, reduces mobile costs, and enables you to ensure the security and performance of your network.
Shahin Pirooz is chief security officer and CTO at
CenterBeam, a provider of hosted IT services. He has expertise in IT
architecture, core tools, operating systems and programming languages. Pirooz
can be reached at firstname.lastname@example.org.