BYOD BEST PRACTICES GUIDE

Similar documents
BYOD THE SMALL BUSINESS GUIDE TO BRING YOUR OWN DEVICE

Whitepaper. How MSPs are Increasing Revenues by Solving BYOD Issues. nfrascaletm. Infrascale Phone: Web:

Hands on, field experiences with BYOD. BYOD Seminar

Managing Mobile Devices in a Device-Agnostic World Finding and Enforcing a Policy That Makes Business Sense

Bring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com

Bring Your Own Device (BYOD) and Mobile Device Management.

Mobile Device Strategy

Jim Donaldson, M.S., MPA, CHC, CIPP/US, CISSP. Director of Compliance, Chief Privacy and Information Security Officer. Pensacola, Florida

How To Make Bring Your Own Device A Plus, Not A Risk

Enterprise Mobility as a Service

Data Protection Act Bring your own device (BYOD)

Bring Your Own Device (BYOD) and Mobile Device Management

BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT

ENTERPRISE BYOD BEST PRACTICES POLICY AND SECURITY BEST PRACTICES FOR A SOUND ENTERPRISE MOBILITY PROGRAM

How To Write A Mobile Device Policy

Everything You Need to Know About Effective Mobile Device Management. mastering the mobile workplace

Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice

CA Enterprise Mobility Management MSO

Bring Your Own Device Mobile Security

BYOD Management : Geo-fence

The Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T

SECURING ENTERPRISE NETWORK 3 LAYER APPROACH FOR BYOD

BYOD Guidelines A practical guide for implementing a successful BYOD Management program in an organization of any size.

Endpoint protection for physical and virtual desktops

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD

Workarounds in Healthcare, a Risky Trend. Produced by. media

BYOD. opos WHAT IS YOUR POLICY? SUMMARY

North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP

2012 NCSA / Symantec. National Small Business Study

BYOD Policy for [AGENCY]

The Workplace of the Future and Mobile Device Risk ISACA Pittsburgh. May 20 th, 2013

BYOD PARTNER QUESTIONS YOU SHOULD ASK BEFORE CHOOSING A. businessresources.t-mobile.com/resources. A Buyer s Guide for Today s IT Decision Maker

IDENTITY & ACCESS. BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape

CDW PARTNER REVIEW GUIDE MOBILE DEVICE MANAGEMENT

A framework for auditing mobile devices

Enterprise Mobility Management: A Data Security Checklist. Whitepaper Enterprise Mobility Management: A Checklist for Securing Content

BYOD AND ME. How cell phone hacking effects your business.! Richard Rigby CEO Wraith Intelligence

EXECUTIVE SUMMARY Cloud Backup for Endpoint Devices

Guideline on Safe BYOD Management

Sample Mobile Device Security Policy

HELPFUL TIPS: MOBILE DEVICE SECURITY

Endpoint protection for physical and virtual desktops

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Enterprise Content Sharing: A Data Security Checklist. Whitepaper Enterprise Content Sharing: A Data Security Checklist

Security Architecture Whitepaper

How To Protect Your Mobile Devices From Security Threats

Choose Your Own Device (CYOD) and Mobile Device Management. gsolutionz.com

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

03/06/2014. Bring Your Own Device: A Framework for Audit. Acknowledgement

Industry Trends An Introduction to Security Breach Prevention, BYOD, & ERP System Implementation

Don t Let A Security Breach Put You Out of Business

Supplier Information Security Addendum for GE Restricted Data

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

BYOD & MOBILE SECURITY: EMPOWERING EMPLOYEES WHLE SECURING CORPORATE ASSETS

Ibrahim Yusuf Presales Engineer at Sophos Smartphones and BYOD: what are the risks and how do you manage them?

Consumerization. Managing the BYOD trend successfully. Harish Krishnan, General Manager, Wipro Mobility Solutions

Working Together Managing and Securing Enterprise Mobility WHITE PAPER. Larry Klimczyk Digital Defence P:

How To Support Bring Your Own Device (Byod)

BYOD Guidance: BlackBerry Secure Work Space

Transcription:

BYOD BEST PRACTICES GUIDE 866.926.8746 1 www.xantrion.com

TABLE OF CONTENTS 1 Changing Expectations about BYOD... 3 2 Mitigating the Risks... 4 2.1 Establish Clear Policies and Expectations... 4 2.2 Create a Separate, Secure Workspace... 5 2.3 Protect your Network... 5 2.4 Enforce Reasonable Password Policies... 6 2.5 Address Compliance and Risk Management Mandates... 6 2.6 Start with a Pilot Group... 7 3 Xantrion: Putting Best Practices into Action... 7 866.926.8746 2 www.xantrion.com

Whether you have an official Bring Your Own Device (BYOD) policy in place or not, your employees are probably already bringing their own devices into your workplace and not just smartphones and tablets. The consumerization of IT means your employees want to use tools they're familiar with, and that includes personal laptops (especially Macs) and even home- based desktop computers. Letting employees use their own laptops and mobile devices comes with plenty of benefits, including reduced capital costs and increased productivity. That's why more and more employers who might once have resisted BYOD are now allowing it some grudgingly, others with such enthusiasm that Gartner predicts many companies will make it mandatory. On the other hand, BYOD also creates some significant challenges. Some of them are matters for your legal advisor, such as whether you have the right to seize an employee's device for discovery purposes or how much you're liable if you break your employee's expensive electronics. But the most pressing concerns involve IT how to manage, secure, and support a growing multiplicity of devices, operating systems, and apps. For example: How can IT effectively manage and support devices owned and self- configured by employees and contractors? How do you provide these employees and contractors with secure access to corporate networks, applications, and data on their own devices? How do you secure employee- owned devices to protect corporate data and applications from malware and unauthorized intrusion? What is the most effective way to separate personal and enterprise applications and data on the same device? If you haven't already set up a strategy for managing BYOD in your workplace, you're already behind the trend and you're leaving critical issues to chance. In this guide, you'll learn six best practices for creating a BYOD program that delivers real productivity and cost reduction benefits while minimizing risk exposure. 1 Changing Expectations about BYOD Gartner predicts that by 2017, half of all employers will require their employees to supply their own computing devices. This represents a huge shift in attitudes towards BYOD, for several reasons: Millennials are flooding into the workplace, bringing with them an expectation of always- on connectivity and portability. They loathe the idea of being tied to a desktop, and the prospect of disconnecting from their own devices during the work day is practically unthinkable. Letting employees use their own smartphones, tablets, laptops, and even desktop computers is, putting it bluntly, a source of potential cost savings in an era of tight budgets. From large enterprises that rely heavily on contractors to nonprofits and SMBs, businesses see BYOD as a 866.926.8746 3 www.xantrion.com

way to reduce not just the up- front costs of providing and configuring mobile devices, but the ongoing costs of maintaining them. 2 Mitigating the Risks Security concerns continue to be the top barrier for BYOD policies and programs. Unmanaged and untrusted personal devices create new sources of risk for IT systems and data especially when BYOD includes notebooks and tablets. Personal devices are especially vulnerable to data breaches. Smartphones and tablets are easily lost or stolen, potentially exposing the data stored on them. In addition, when these devices store and access data in the cloud, carelessness about security leaves that data open to being duplicated to other applications or shared to other devices. Unmanaged personal devices also risk introducing malware or other security breaches to the internal company network. To address all of these issues, companies need a BYOD program that combines policies, technology, and processes to cover all these questions: which users are allowed? using what devices? on which networks? to access what data and applications? The six steps outlined below describe best practices for creating and implementing a secure BYOD program. 1. Establish clear policies and expectations 2. Create a separate, secure workspace 3. Protect your network 4. Enforce reasonable password policies 5. Address compliance and risk management mandates 6. Start with a pilot group 2.1 Establish Clear Policies and Expectations A BYOD policy is only as effective as the employees who comply with it. You must create and share your BYOD policies and set expectations appropriately. Your policy should cover at least the following: Device options: What devices are permitted? What platforms are supported? 866.926.8746 4 www.xantrion.com

Participation: Who is allowed or required to join the program? Will it be restricted to certain types of employees and contractors? Are there access restrictions based on title or role? Reimbursement: Who pays for the devices and/or for mobile data plans? While company reimbursements have been common in the past, they are decreasing as personal mobile devices become more common. Terms of usage: Make sure people understand what software they can run, the necessity to lock devices and encrypt data, and any monitoring and management capabilities the business may have. Many companies have employees sign a BYOD agreement to demonstrate that they understand and agree to the policy s terms. Cancellation: Clarify what happens to any personal data within company applications and data on the personal device when someone leaves the company. E- discovery/forensics: If the data on the device will ever be subject to ediscovery, describe what will have to happen what is the company s policy requesting physical access to personal devices? Support: Who will support the device? Can the users turn to IT if they re using corporate applications on a personal device? Make sure support policies are clearly outlined. One of Gartner s top recommendations for managing BYOD is investing in technologies to separate enterprise and personal applications and data. - BYOD: The Facts and the Future, Gartner, April 2013 2.2 Create a Separate, Secure Workspace To control business data on employee- owned devices, IT organizations are increasingly turning to technology that lets them create a secure "container" that segregates business from personal data. One of the best ways to approach this is through virtual desktop technology that delivers access to critical data and applications without allowing them to reside on the computer or device. On laptops and desktops, the virtual desktop is essentially invisible. On mobile devices, users launch a virtual desktop app to access key documents, websites, and other applications. Anything within the virtual desktop is centrally managed by the employer's IT team, although it may continue to operate even offline. Personal data remains outside the virtual desktop, where the employer's IT team can't access it but the end user can. Virtual desktop solutions work across a wide range of personal computing devices, from phone and tablet to desktop and laptop. These secure solutions have significant benefits for BYOD environments: 866.926.8746 5 www.xantrion.com

The employer can set and enforce policies on work data and applications without affecting the user s personal computing devices or applications. If a device is lost or stolen, the company is not at risk since no business information resides on the device. For the user, virtual desktop solutions offer a clear separation of personal and work data and applications, thereby ensuring an acceptable level of privacy. Policies may be set to disallow printing, cutting and pasting, USB file transfers in the case of laptops or Windows based tablets, or other common sources of data leakage. Rather than managing multiple physical devices, the IT team only needs to manage the virtual desktop from a single central location. The centralized management console lets the IT team set and manage policies for each user across all his or her devices based on a single user profile, rather than trying to manage each device individually. 2.3 Protect your Network Segment and secure your network to match your BYOD strategy. Many companies maintain segregated networks for corporate and guest use. Employees using personal computing devices should be restricted to the guest network, using a secure virtual desktop on their devices to access business applications and/or company data. This protects the corporate network against a compromised employee- owned device. 2.4 Enforce Reasonable Password Policies Authentication is another critical part of the BYOD policy. The virtual desktop approach makes it easy to enforce specific access policies for individuals. For extra security, you can require users accessing company data from a personal device to use two- factor authentication to log in to the virtual desktop. Two- factor authentication involves both a password and a secondary form of identification, such as a random number generated by the network and sent to the user via text message. Beware, though, of making authentication policies so complex that they actually interfere with security. When you ask people to change their passwords too frequently or require 16- character passwords that are cumbersome to type on a tiny smartphone keyboard, you risk driving people to less secure behaviors like writing down their passwords. 2.5 Address Compliance and Risk Management Mandates To address requirements for regulatory compliance and risk management, you need full control over business data. This includes the ability to wipe company information from an employee- owned device if that device is lost or stolen, or when the employee leaves the company. While many companies ask employees to sign agreements stipulating that the company has the right to wipe corporate data from personal devices or even wipe the device's memory completely, employees are understandably reluctant to risk giving employers unlimited access to their personally owned 866.926.8746 6 www.xantrion.com

devices. A better strategy is to use a virtual desktop to segregate enterprise data and applications and manage or restrict access to them remotely. 2.6 Start with a Pilot Group When you re ready to roll out your BYOD initiative, test it with a limited group within the company. Working with a small group gives you the opportunity to sort out any legal, application, security and user adoption issues that arise, ensuring a smoother rollout to the larger population. Once you have run the pilot and worked out any issues, you can introduce BYOD policies and technologies to other groups of employees, tweaking them to address each group's unique requirements. 3 Xantrion: Putting Best Practices into Action Xantrion provides the expertise and manpower necessary to develop and implement a sound BYOD program. We can do everything from recommending the appropriate technology approach to implementing it. Since we have successfully implemented a BYOD program for ourselves and multiple clients, we know the pros and cons of various approaches as well as implementation pitfalls. We can also provide the additional manpower required for special projects. 866.926.8746 7 www.xantrion.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information