Cymax Top Ten Rules for Bring Your Own Device BYOD:



Similar documents
Thou Shalt Allow BYOD

Thou Shalt Allow BYOD

Managing Mobility in the BYOD Era:

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

ForeScout MDM Enterprise

The ForeScout Difference

Managing Mobility. 10 top tips for Enterprise Mobility Management

How To Write A Mobile Device Policy

IT Resource Management vs. User Empowerment

Symantec Mobile Management 7.2

Symantec Mobile Management 7.1

Mobile Device Management (MDM) Policies

ENTERPRISE BYOD BEST PRACTICES POLICY AND SECURITY BEST PRACTICES FOR A SOUND ENTERPRISE MOBILITY PROGRAM

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

Cisco Mobile Collaboration Management Service

IT Resource Management & Mobile Data Protection vs. User Empowerment

BYOD Guidelines A practical guide for implementing a successful BYOD Management program in an organization of any size.

Compliance Rule Sets in MaaS360

Symantec Mobile Management for Configuration Manager 7.2

Total Enterprise Mobility. Norbert Elek

Mobile Device Management for CFAES

Embracing Complete BYOD Security with MDM and NAC

The. C s. of Mobile Device. Management

Mobile Device Management (MDM) Policies. Best Practices Guide.

Athena Mobile Device Management from Symantec

Guideline on Safe BYOD Management

Symantec Mobile Management 7.1

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

Good for Enterprise Good Dynamics

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.

How To Protect The Agency From Hackers On A Cell Phone Or Tablet Device

How To Use A Microsoft Mobile Security Software For A Corporate Account On A Mobile Device

10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM)

How To Manage A Mobile Device Management (Mdm) Solution

Total Enterprise Mobility

MaaS360 Mobile Device Management (MDM) Administrators Guide

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

BYOD: BRING YOUR OWN DEVICE.

MDM and beyond: Rethinking mobile security in a BYOD world

Advanced Configuration Steps

Bell Mobile Device Management (MDM)

Ben Hall Technical Pre-Sales Manager

Feature List for Kaspersky Security for Mobile

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

Deploying iphone and ipad Mobile Device Management

Healthcare Buyers Guide: Mobile Device Management

Windows Phone 8.1 Mobile Device Management Overview

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012

M a as3 6 0 fo r M o bile D evice s

EXECUTIVE SUMMARY Cloud Backup for Endpoint Devices

Security and Compliance challenges in Mobile environment

McAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync

McAfee Enterprise Mobility Management

iphone in Business Mobile Device Management

Kaspersky Security for Mobile

MDM Mobile Device Management

CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version ForeScout Mobile

Building a BYOD Program Using the Casper Suite. Technical Paper Casper Suite v9.4 or Later 17 September 2014

Mobile First Government

SYNCSHIELD FEATURES. Preset a certain task to be executed. specific time.

Workplace-as-a-Service BYOD Management

AirWatch for Android Devices

Mobile Device Management Solution Hexnode MDM

Hands on, field experiences with BYOD. BYOD Seminar

Mobile Iron User Guide

Five Steps to Android Readiness

BYOD THE SMALL BUSINESS GUIDE TO BRING YOUR OWN DEVICE

ios Enterprise Deployment Overview

Technical Note. ForeScout MDM Data Security

Guide to Evaluating Multi-Factor Authentication Solutions

How To Support Bring Your Own Device (Byod)

Enterprise Mobility Services

Deploying iphone and ipad Apple Configurator

Tom Schauer TrustCC cell

ipad in Business Mobile Device Management

EOH Cloud Mobile Device Management. EOH Cloud Services - EOH Cloud Mobile Device Management

Mobile device and application management. Speaker Name Date

AirWatch Solution Overview

Chris Boykin VP of Professional Services

How To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device

TCS Hy5 Presidio Your Mobile Environment, Your Way Configure, Secure, Deploy. Mobility Solutions

PULSE SECURE FOR GOOGLE ANDROID

AirWatch for ios Devices

The flexible workplace: Unlocking value in the bring your own device era

Transcription:

Cymax Top Ten Rules for Bring Your Own Device BYOD: The Top Ten Rules for BYOD shows you how to create a secure & productive mobile environment Authored by: Sean Dendle (Cymax), Paul French (Go-To-Marketing) Definition: Bring your own device (BYOD) is an alternative strategy allowing employees, business partners and other users to utilize a personally selected and purchased client device to execute enterprise applications and access data. Typically, it spans smartphones and tablets, but the strategy may also be used for PCs. (Gartner) The rapid proliferation of mobile devices entering the workplace feels like divine intervention to many IT leaders. It s as if a voice boomed down from the mountain ordering all of the employees you support to procure as many devices as possible and connect them to corporate services en masse. Bring Your Own Device was born and employees followed with fervour. There s no sense pretending it isn t happening or saying, We don t let our employees do that. The truth is, they re doing it already and will continue to burrow noncompliant devices into your network with or without your permission. Forrester s study of US information workers revealed that 37% are doing something with technology before formal permissions or policies are instituted 1. Further, a recent Gartner CIO survey determined that 80% of employees will be eligible to use their own equipment with employee data on board by 2016 2. This raises the inevitable question: how will you support workforce desire to use personal apps and devices while allowing them to be productive in a secure environment that protects corporate data? The Top Ten Rules for BYOD show you how to create a peaceful, secure, and productive mobile environment. 1. Benjamin Gray and Christian Kane, Fifteen Mobile Policy Best Practices, Forrester Research, January 2011. 2. Ken Dulaney and Paul DeBeasi, Managing Employee-Owned Technology in the Enterprise, Gartner, 2011.

The Top Ten Rules for BYOD 1. Create the Policy before Procuring Technology Like any other IT project, policy must precede technology yes, even in the cloud. To effectively leverage mobile device management (MDM) technology for employee owned devices, you still need to decide on policies. These policies affect more than just IT; they have implications for HR, legal, and security any part of the business that uses mobile devices in the name of productivity. Since all lines of business are affected by BYOD policy, it can t be created in an IT vacuum. With the diverse needs of users, IT must ensure they are all part of policy creation. There s no one right BYOD policy, but here are some questions to consider: Devices: What mobile devices will be supported? Only certain devices or whatever the employee wants? According to Forrester, 70% of smartphones belong to users, 12% are chosen from an approved list, and 16% are corporate-issued. Some 65% of tablets belong to users, 15% are chosen from a list, and 16% are corporate issued. In other words, users in most cases bring their own devices. Data Plans: Will the organization pay for the data plan at all? Will you issue a stipend, or will the employee submit expense reports? Who pays for these devices? For smartphones, 70% paid the full price, 12% got a discount, 3% paid a partial amount, and in 15% of cases, the company covered the full price. With tablets, 58% bought their own, 17% got a corporate discount, 7% shared the cost, and 18% were issued and paid for by their companies. (Source: Forrester, 2011) Compliance: What regulations govern the data your organization needs to protect? For instance, the Health Insurance Portability and Accountability Act (HIPAA) requires native encryption but it should be noted that not all devices are created equal and some are easier to break than others. Security: What security measures are needed? (passcode protection, jailbroken/rooted devices, anti-malware apps, encryption, device restrictions, icloud backup?) Applications: What apps are forbidden? IP scanning, data sharing, Dropbox? Agreements: Is there an Acceptable Usage Agreement (AUA) for employee devices with corporate data? Services: What kinds of resources can employees access email? Certain wireless networks or VPNs? CRM? Bear in mind some BYO devices may be Jailbroken/Rooted and therefore may represent an additional risk. Privacy: What data is collected from employees devices? What personal data is never collected? No questions are off limits when it comes to BYOD. There must be frank and honest dialog about how devices will be used and how IT can realistically meet those needs. Highlighting the security implications to an employee often results in a rude awakening resulting in compliance.

2. Understand the Scale Imagine this. You start using an MDM solution under the assumption your company is supporting 100 or so devices. You ve kept a meticulous spreadsheet of device types and users there shouldn t be any surprises. But when you first go to view reporting, over 200 devices appear. This scenario is fact, not fiction. It occurs far more often than you would think. Don t live in denial. What you don t know can hurt you. Understand the current landscape of your mobile device population before engraving your strategy on stone tablets. To do this, you ll need a tool that can communicate in real time with your email environment and detect all the devices connected to your corporate network. Remember that once ActiveSync is turned on for a mailbox, there are usually no barriers to syncing multiple devices without IT s approval in advance. All mobile devices need to be incorporated into your mobile initiative, and their owners need to be notified that new security policies are swinging into action. 3. Enrolment Should Be Simple Nothing breeds noncompliance faster than complexity. Once you identify devices to enrol, your BYOD program should leverage technology that allows for a simple, low touch way for users to enrol. The process should be simple, secure, and configure the device at the same time. In a perfect scenario, users should be able to follow an email link or text that leads to an MDM profile being created on their device including accepting the ever-important AUA. Think of BYOD as a marriage with the AUA as a prenuptial agreement that ensures a harmonious union. Instructions should help existing users enrol in the BYOD program. We do recommend existing users clear their ActiveSync accounts so that you can isolate and manage corporate data on the device. New devices should start with a fresh profile. From an IT perspective, you want the ability to enrol existing devices in bulk or for users to self-enrol their devices. You also need to authenticate employees with a basic authentication process such as a one-time passcode or use existing corporate directories such as Active Directory/LDAP. Any new devices trying to access corporate resources should be quarantined and IT notified. This provides IT with flexibility to block or initiate a proper enrolment workflow if approved, ensuring compliance with corporate policies. 4. Configure Devices Over the Air/Wi-Fi If there s one thing your BYOD policy and MDM solution shouldn t do, it s bring more users to the help desk. All devices should be configured over-the air to maximize efficiency for both IT and business users alike. Once users have accepted the AUA, your platform should deliver all the profiles, credentials, and settings the employee needs access to including: Email, contacts, and calendar VPN Corporate documents and content Internal and public apps

At this point, you ll also create policies to restrict access to certain applications and generate warnings when a user goes over their data usage or stipend limit for the month. For devices that aren't purchased by corporate and user a full MDM policy consider the security implications of connecting to an uncontrolled WIFI network. Your smartphone or tablet syncs your email, files and other potential information. Implement two factor authentication like RSA or AuthAnvil for those users with BYOD access that also have a remote session like Citrix or Terminal Services. This is also recommended if you have jailbroken/rooted devices accessing email or other work related information. Though it may not stop your corporate email or data potentially being leaked it will limit what they have access to. Implement a password policy locking out the mobile device when not in use. While this may be a tiny inconvenience for the user it will significantly increase the security of your data. ActiveSync can enforce that any device connecting to your systems must have a screensaver password or it will not allow the device to syn. This can be centrally managed and enforced from the servers. 5. The Self-Service Demand Users want a functioning device, and you want to optimize help desk time. A robust self-service platform lets users directly perform: PIN and password resets in the event that the employee forgets the current one Geo-locate a lost device from a web portal, using mapping integration Wipe a device remotely, removing all sensitive corporate data Security, corporate data protection, and compliance are shared responsibilities. It may be a hard pill for employees to swallow, but there is no chance of mitigating risk without their cooperation. A self-service portal can help employees understand why they may be out of compliance. Furthermore, with the right education employees may be able to remotely wipe or locate their device as required. 6. Secure Personal Information Of course, BYOD policy isn t just about protecting corporate data; a well-crafted BYOD program holds employee data sacred and secure. Personally Identifiable Information (PII) can be used to identify, contact, or locate a person. Some privacy laws prevent corporations from even viewing this data. Does your BYOD Policy cover this? Communicate the privacy policy to employees and make it clear what data you cannot collect from their mobile devices. For instance, an MDM solution should be able to parse what information it can access and what it cannot, such as: Personal emails, contacts, and calendars Application data and text messages Call history and voicemails On the other hand, let users know what you collect, how it will be used, and why it benefits them.

An advanced MDM solution can turn privacy policy into a privacy setting to hide the location and software information on a device. This helps companies meet PII regulations and provides added comfort for employees by preventing the viewing of personal information on smartphones and tablets. For example: Consider disabling app inventory reporting to restrict administrators from seeing personal applications on personally owned device under MDM. Deactivating location services to prevent access to location indicators such as physical address, geographical coordinates, IP address, and WiFi SSID Transparency and clarity are important watchwords. There s much less resistance to BYOD policies when everyone knows the rules. 7. The Corporate and Personal Data For BYOD to be an agreement both IT and end users can live with, personal information like birthday party photos or that great American novel should be isolated from productivity apps. Simply stated, corporate apps, documents, and other materials must be protected by IT if the employee decides to leave the organization, but personal email, apps, and photos should be untouched by corporate IT. Not only will users appreciate the freedom of this approach, but so will IT, whose life will be infinitely easier as a result. With this approach, IT can selectively wipe corporate data when an employee leaves the company. Some 86% of device wipes are selective; only corporate data is wiped. Depending on the circumstances, if an employee loses the device, the entire device can be wiped. But only a true MDM solution can give you the choice. Consider incorporating into your BYOD & MDM policy the frequency of software and firmware updates. Recently two videos have emerged on YouTube showing you how to bypass the screen password on an IPhone and another for a Samsung Galaxy S III. Both manufactures have released updates to plug this hole. But, this breeds the question how often should you update the device and who's going to do it. In some cases with a great MDM tool this can be done centrally but what about when the update fails? or the end user refuses to have their personal device managed under your MDM? Some end users will have an expectation that IT will update it, but for hundreds of devices this can be extremely time-consuming. 8. Monitor & Automate Once a device is enrolled, it s all about context. Devices should be continuously monitored for certain scenarios, and automated policies should be in place. Is the user trying to disable management? Does the device comply with security policy? Do you need to make adjustments based on the data you are seeing? From here, you can start understanding any additional policies or rules to create. Here are a few common issues: Getting to the Root of Jailbreaking: To get paid apps for free, employees sometimes jailbreak or root a phone, opening the door to malware that can steal information. If a device is jailbroken, the MDM solution should be able to take action such as selectively wiping corporate data from the device immediately. Ultimately, it may be necessary to implement a quarantine zone for BYOD devices.

Spare the Wipe; Send an SMS: If time wasters like Angry Birds rub against corporate policies but are not offenses, an immediate wipe is heavy handed. An MDM solution can enforce policies based on the offense. MDM can message the user, offering time to remove the application before IT hits the wipe button. New Operating System Available. For BYOD to remain effective, users need a simple way to be alerted when a new OS is ready for installation. With the right MDM solution, OS upgrades become a self-service function. Restricting out-of-date OS versions ensures compliance and maximizes device operability. 9. Manage data usage A BYOD policy largely takes IT out of the communications business, but most companies still need to help employees manage their data use in order to avoid excessive charges. If you pay for the data plan, you may want a way to track this data. If you are not paying, you may want to help users track their current data usage. You should be able to track in-network and roaming data usage on devices and generate alerts if a user crosses a threshold of data usage. You can set roaming and in-network megabit limits and customize the billing day to create notifications based on percentage used. We also recommend educating users on the benefits of using WiFi when available though you need to be considerate of the potential security implications of doing this. Automatic WiFi configuration helps ensure devices automatically connect to WiFi while in corporate locations. If the stipend plan only covers $50 or 200 MB of data usage a month, employees appreciate a warning that they re about to be responsible for overages. 10. ROI is king While BYOD shifts responsibility for purchasing devices to employees, it s worth considering the big picture and longterm costs for your organization. As you re writing policy, consider its impact on ROI. Of course, productivity increases are often seen when employees are mobile and connected at all times. BYOD is a great way to bring this advance in productivity to new users who may not have been eligible for corporate devices previously. The BYOD culture should be embraced, but the Top 10 Rules mentioned above will help ensure it s a wholly positive experience. About Cymax: For over 15 years Cymax have provided award winning integrated technology solutions to hundreds of customers of all sizes, across a broad range of industries Australia-wide. Cymax is built on delivering absolute peace of mind business continuity and customers see Cymax as their trusted long-term business partner. This serves to deliver unique, responsive, scalable business building solutions that enhance productivity, maintain security and provide unmatched return on investment. Because Cymax takes a proven whole of business approach to understanding your needs from a technology perspective regarding what s required to support your business, you have the peace of mind knowing the right pieces of the cloud puzzle have already been glued together so you can focus your time where it is needed most. Contact: Cymax Ph: 1300 790 690 Email: sales@cymax.com.au Web: www.cymax.com.au

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information