INSIGHT: How to manage BYOD security effectively
- 27 May, 2015 10:41
Most companies now let employees use their own devices for business to some extent.
However, Bring Your Own Device (BYOD) policies only work properly if everyone in the organisation is aware of, and committed to, following the appropriate security policies.
“BYOD is a fact of corporate life so the question is how to govern it effectively,” says Rick Bell, Innovation Architect, UXC Connect.
“People are often tempted to bring their own device because the technology is often more advanced than what they are likely to be issued with in a corporate device.
“Often, it’s the senior executives that expect to be able to plug their new device into the corporate network without due consideration for security policies.”
BYOD security policies must take into account that, regardless of the device used, the network must be secured to protect the crucial data on which the organisation relies.
Mobile devices, if not properly secured, can introduce malware and security breaches that can compromise the security of the entire business.
To overcome this, Bell believes organisations must put clear guidelines and policies in place on what types of devices are acceptable and what needs to be done to ensure they are secure.
These policies must be communicated in a formal manner to ensure all employees are aware of the requirements and, potentially, any penalties for non-compliance.
“Corporate network security is vital, and organisations cannot take chances when it comes to introducing new devices into the network,” Bell adds.
“There must be standards and systems in place to maintain that security. For example, a mobile device might include security measures such as encryption, two-factor PIN authentication or containerised applications and data protection.
“Not all consumer devices can do this, which means those devices may not be appropriate for the corporate environment.”
Additionally, Bell says organisational policies should be set and overseen by a committee that includes senior executives from both business and technology.
“Because senior executives often expect to be able to use their personal devices in the business network, it is essential to educate them regarding the risks of doing so,” he adds.
“One of the most effective ways to achieve that is to include them in the steering committee that develops, communicates, and enforces the rules regarding BYOD.
“This can help reduce the risk that executives think the rules don’t apply to them, and most importantly, it espouses the right security-sensitive culture across the organisation by leading through example.
“Policies and standards can be enacted through an enterprise mobility management platform.
“This is fairer on everyone because expectations are set across the board. And it reduces the number of unauthorised devices that can compromise the network.”
By doing this, Bell claims organisations can then leverage mobility initiatives and BYOD policies to deliver the benefits with the assurance that network and information security will be maintained.