Employees are using their personal smartphones, tablets, and other mobile devices for work much more often these days. This trend even has a name – “BYOD” (Bring Your Own Device). Gone are the days when employees were willing to carry a personal phone and a work phone, for example. In fact, industry research firm Gartner predicts that there will be twice as many employee-owned devices used for work than organizationally-owned devices by 2018.
But properly managing employee-owned devices in an organizational environment has become a real problem. According to a 2014 security report published by Check Point Software Technologies, 95% of the 700 IT professionals surveyed said they’re facing challenges with BYOD at work. If your organization is facing similar difficulties, here are five steps to successfully develop your own BYOD environment:
1. Develop a BYOD Framework
A BYOD framework addresses issues such as who is allowed to use their personal devices, what devices may be used, and how support for those devices will be accomplished.Before you develop a BYOD framework, your organization should first perform a cost-benefit analysis to determine the basic requirements.
Once the requirements are determined, a framework should be laid out with the assistance of your IT and HR staff, legal and financial advisors, regulatory teams, and any other group that needs to be involved in the BYOD decision-making process. Certain industries, such as the health care industry and financial industry, have additional regulatory restrictions on mobile devices that also affect employee-owned devices used for work.
2. Establish BYOD Policies
The BYOD framework provides a high-level view of the BYOD environment. The BYOD policies fill in the details.
Within the policies, it’s important that you explicitly define what employees can and can’t do when using their personal devices for work. List any applications required to be on employee-owned devices, as well as any applications prohibited for security reasons. The policies should also document how the IT department will support employee-owned devices and how they will be secured.
3. Use MDM Software
Sometimes employees lose their personal devices or have them stolen. To protect your organization’s data, you can require that employees install Mobile Device Management, or MDM, software on their devices. That way, if an employee-owned device is lost or stolen, the MDM software can destroy the work-related data (leaving the personal data intact) or reset the device to factory settings, thereby wiping out all organizational and personal data. Optionally, you can even have the software wipe out the device’s contents completely, making the device useless.
MDM software typically requires authorization from the device owner. In general, it’s a tough sell, as employee-owned devices are just that: employee-owned. Clearly stating the pros and cons of such software can help alleviate concerns and encourage adoption.
4. Use NAC Tools
With Network Access Control, or NAC, tools, you can enforce arbitrary network access policies. These tools were historically used to guarantee the health of a given device before granting it network access, so enforcing BYOD policies is a natural next step.
Modern NAC tools can detect types of devices, or even identify unique devices. This capability lets NAC act like a gatekeeper, allowing only those employee-owned devices that meet the BYOD policies into your network. For example, you can allow or deny access based on the type of mobile device or the employee’s job function.
5. Educate Employees
A successful BYOD environment depends on the cooperation of employees. You’ll need to inform them about the BYOD framework and policies, as well as the use of MDM and NAC tools.
Employees should also be educated on security risks and basic precautions. Teach employees how to create strong passwords and warn them about security threats such as phishing. In addition, you’ll want to discourage sharing of any policy-covered devices with friends and family.
BYOD is here to stay. With the right steps towards a BYOD environment, you can boost employee productivity while addressing any security concerns. For help in developing your BYOD environment, contact us.