A Realistic Approach
By Shahin Pirooz
They’re coming into the enterprise by the dozens—maybe by the hundreds—every day. While you might be able to run for a while, you can’t hide forever from the onslaught of employee-owned smartphones and tablets.
Everyone from the top executive to the summer intern is bringing his or her own iPhone, iPad, and Android-based smartphone and tablet to work, increasingly using these devices for both business and pleasure. While these devices may improve employee satisfaction and productivity and reduce mobile expenses for the enterprise, they’re introducing significant challenges for the IT department.
The BYOD (bring your own device) reality is creating more work for already-overburdened IT employees. If not managed properly, these consumer devices can compromise network security. In addition, they require greater in-house expertise in order to support and manage a wider array of endpoints.
Late 2010 was the inflection point when sales of smartphones exceeded those of PCs. This trend will continue—exponentially—according to analysts at Business Intelligence, who projected that sales of smartphones and tablets are going to more than quadruple, reaching 2.5 billion, by 2016. And PC sales are projected to continue an incremental rise during the same period.
Given these estimates, it stands to reason that a single employee could have three or four devices (a desktop computer, a laptop, and an employee-owned smartphone and/or tablet) that they use for work at any given time. With this broader range of mobile devices available to them, employees feel they can get more work done—including outside of business hours—and make it easier to telework from almost any location.
While this is great for the employee, the proliferation of devices vastly expands the number of endpoints an enterprise IT manager must support.
A Realistic Approach to BYOD
When developing a strategy to deal with the invasion of mobile devices, there are three potential approaches. You could forbid outside mobile devices because they are too hard to manage; you could allow unmanaged and insecure mobile devices; or you could develop a strategy and acquire tools to secure and manage both devices owned by the company and those owned by the employee.
The first two approaches aren’t feasible because employees don’t take kindly to being told not to use their personal devices for work. And, if you allow any unsecured device to connect to the enterprise network, you have the potential for viruses, hacker attacks and loss of vital corporate information—whether intended or unintended.
The third approach is the most realistic, giving employees the freedom to use their preferred devices while protecting corporate resources. Plus, it is a natural evolution of the IT staff’s duties. They are already managing servers and desktop computers, so smartphones and tablets should simply be an expansion of those endpoints.
There are many similar duties associated with traditional endpoint management and mobile device management. These include inventory, establishing security policies, configuration and encryption.
Whether you choose to manage mobile devices in-house or find a technology partner to assist in these efforts, it’s important to take a unified approach that incorporates both BYOD and existing endpoint management into a single solution with cohesive policies and controls.
endpoint management solution that is capable of supporting a BYOD strategy should
include the following:
·Platform support: Because you cannot control which wireless devices your employees use, IT should support, at a minimum, Apple’s iOS, Google’s Android, Nokia’s Symbian, Windows Phone and Windows Mobile.
· Management actions: To ensure security of corporate information if a mobile device is lost or the employee leaves the company, you should be able to selectively or completely wipe the device, remotely lock it and deny email access.
· Application management: You should be able to inventory applications on each device, develop an enterprise app store, and whitelist and blacklist apps.
·Policy and security management: You should not have to compromise existing security policies to employ a BYOD approach. An effective solution should enable you to maintain preferred password policies and support device encryption, jailbreak and root detection.
·Location services: In the event a device is lost or stolen, you should be able to track and locate it on a map.
·Enterprise access management: You should be able to configure email, VPN and WiFi to ensure that mobile device users have access only to the parts of the network or applications for which they are authorized.
By re-evaluating your approach to endpoint management to include support for the wide variety of mobile devices that your employees are using to access corporate resources, you can effectively support a BYOD strategy that improves worker productivity, reduces mobile costs, and enables you to ensure the security and performance of your network.
Shahin Pirooz is chief security officer and CTO at CenterBeam, a provider of hosted IT services. He has expertise in IT architecture, core tools, operating systems and programming languages. Pirooz can be reached at email@example.com.