5 Factors Of A Successful BYOD Strategy4:00 PM EST Mon. Nov. 26, 2012
These days, it's practically a given that Wi-Fi access will be available at any major company one might walk into. These companies might not realize it, but if they grant Internet access to any and all comers, they've implemented a BYOD policy whether they know it or not.
By not implementing a BYOD strategy, companies may be missing out on opportunities. At the most basic level of BYOD implementation, companies that allow employees to bring their own devices can improve worker satisfaction while reducing capital costs at the same time. And, today, the technology exists to do a whole lot more.
With the potential influx of devices carried by vendors, salespeople, trainers, temporary workers, field service technicians and employees, the demand can be abundantly clear. But, how should a company approach its network's permission policy in regards to devices it might not be able to control? Here are some of the major issues along with a few possible solutions.
Network administrators don't literally take a Hippocratic oath analogous to those in the medical profession, but best practices dictate that major modifications to production networks should first be tried on systems set up specifically for staging and change-testing. The same practices should also be applied to guest networks and all systems designated for public access and other non-employees.
Even if a guest device doesn't have direct access to corporate file servers or other resources, there may still be nothing preventing it from launching denial-of-service attacks or other malicious behavior. Damage can be prevented or made minimal by examining the network to identify and remove potential bottlenecks. Most often, bottlenecks are found in a server itself, the Internet connection or a company's firewall. It's best to ensure that these pipes are as wide as possible or otherwise resilient to sudden increases in packet traffic. Also, attacks that use genuine IP addresses to attack one or more applications within a corporation's network are much harder to detect than a generic flood of UDP or TCP packets.
Free network administration tools such as Wireshark and Spiceworks can be invaluable for analyzing and monitoring an existing network and identifying possible trouble spots. For example, the CRN Test Center recently experienced extremely poor performance when using a particular resource on one of its VMware servers. After quickly examining the network topology map like the one provided by Spiceworks and comparing it with prior map snapshots, testers were able to identify a network cable that had become disconnected. Having a documented baseline of normal corporate network operations and behavior will become a most valued asset when things start to go wrong.
Early in the development of a BYOD strategy, questions will arise surrounding which users will be trusted with which data and/or resources and in which circumstances. The issues become more complex when personal mobile devices are involved because such devices are often not in the organization's direct control. For example, a trusted user carrying sensitive documents on an iPad might unknowingly disable company-mandated encryption, exposing the company in the event of loss or theft. Companies will often seek a tiered approach to this problem, and commercial products from ForeScout, Good and MobileIron offer excellent, channel-friendly solutions.
While it's easy to think of a BYOD implementation as a company shifting the hardware cost and risk to the employee, a larger, perhaps less tangible, benefit comes in terms of productivity gain. This is due, in part, to the idea that employees using their respective devices to work and communicate have a tendency to be more content, because it can be assumed that they both like these devices, or they wouldn't have purchased them, and are more comfortable and familiar with them. And if those devices happen to be smartphones or other ultra-mobiles, employees are also more likely to have the devices with them outside the 9-to-5.