Whether or not bring your own device (BYOD) policies save companies money or cost them more is still being debated, but one thing is certain: These policies increase complexity while decreasing direct control over data.
Few employees are walking into a Sensitive Compartmented Information Facility (SCIF) each morning, where their devices are confiscated for the day. Pandora's box has been opened; mobile devices are freely roaming your customers' halls. Our objective is to help you instill the hope that an effective containment and management strategy can be implemented. Following are five recommendations for solution providers who need to help organizations quickly assert control in a BYOD world to more effectively manage technical and human risk factors.
Firm Up BYOD Policies
Review your clients' BYOD policies and ensure they include provisions for remote wipe and remote application management capabilities, the right to confiscate and search devices, and the right to dictate which applications are allowed and prohibited. These policies should be cleared through the legal team to make sure that language is adequate, and that it will work in all applicable jurisdictions. For example, IBM earlier this year banned access to Apple's Siri application, as well as access to Dropbox, for company-managed devices. It is important that BYOD policies allow such rules to be implemented and enforced.
In addition to helping customers write strong policies, it is also important to ensure there is a mechanism for resolving disputes, such as those related to privacy concerns. Users will be understandably concerned if their private devices are seized. Providing a method to secure copies of personal information, as well as a way to protect other pieces of private information (e.g., nonwork text messages, email and instant message logs) will go a long way toward easing those concerns.
Similarly, it is important to make it clear to users any legal obligations businesses have when reviewing these devices, such as in the case of uncovering potentially illegal materials. Don't forget to include provisions for unmanaged devices too. Just because a user does not wish to participate in the officially sanctioned BYOD program does not mean that their device is innocuous. On the contrary, unmanaged devices represent a blind spot that may represent even greater risk to businesses than those people willingly agreeing to follow the rules.
Apply Technical Controls
It is important to build on strong policies by implementing technical controls, such as mobile device management (MDM) and mobile application management (MAM) solutions. Where possible, enforcing device encryption and passwords will help reduce associated technical risks. Improving access management requirements, such as by mandating two-step or two-factor authentication, can further help reduce the risk of a lost device immediately leading to a data breach.
- Protecting The Business From Cloud Application Security Risks
- The Massive SaaS Opportunities For VARs
- A Reseller's Guide: Recipe For Channel Partnership Success
- Cloud Connection: Seven Steps To Effective Public Cloud Services
- From CapEx To OpEx: Channel Strategy In The Federal Push To The Cloud
- A Reseller's Guide: Coming Out On Top In The Face Of Channel Conflict
- How To Create A Case For Disaster Recovery Plan
- How To Offset Your Customers' BYOD Risks
- How To Ease Client Anxiety About Private Cloud Deployments
- How An SMB Cloud Provider Can Create 'Swagger' In A Competitive Market
- A Reseller's Guide: Creating A Successful Solution Provider Event
- How to Prepare for the Future of the IT Solutions Industry
- How to Consolidate Data Protection Services for Greater Customer Value
- 10 Attributes to Support Revenue Marketing and Sales Success.
- How To Improve Efficiency: Upgrade Mountain Lion and iOS6
- How To Cash In On the Cloud Through Collaboration
- How To Sell Cloud Storage In Five Steps
- How To Protect High-Value Data Assets
- Moving Data to the Cloud: Options for SMBs and Small Enterprises
- How To Apply Big Data Security Analytics to Detect Advanced Threats and Breaches