This is the time of asking the right questions of the right people at the right time.
The discipline of bring your own device (BYOD) is not only about the devices themselves, but also about bring your own application (BYOA) and what the apps can do within the corporate perimeter.
In this arena, an organisation must set expectations and work with "What If?" scenarios so that everybody knows what will happen if the device is lost and/or corporate information is at risk. Everything starts with policies and expectations. Then processes and procedures.
BYOx – the world is almost turning to "bring your own everything" – is here to stay, since it brings benefits to companies in terms of employee retention, user satisfaction and even financial gains.
Everything starts with policies and expectations. Then processes and procedures
Ramsés Gallego, Quest Software
But it also presents challenges by exposing the enterprise to threats and vulnerabilities that have to be addressed.
One way is to include BYOx in the corporate's asset management programme, embracing the discipline but at the same time managing the devices and their apps fully.
There should be a policy clearly indicating that a jailbroken device (a hacked smartphone) or one without certain level of security (patches, operating system) will not be allowed into the corporate perimeter.
Read more on BYOD and MDM from the Security Think Tank
- Governance should determine strategy for BYOD
- Embrace BYOD, but be wary of the risks
- BYOD security: policy, control, containment, and management
- MDM is no BYOD silver bullet
- BYOD – key tenets and best practices
- BYOD means the map is no longer the territory
- BYOD – a challenge and an opportunity
- MDM just one way to lower the risk of BYOD
- Cloud, BYOD and security – lock your doors
There is technology around these days that can really track a device – know what it is doing, understand what apps are active – and companies are able to have whitelisting/blacklisting for apps – to prevent the wrong things from happening. That is fair and is, again, about setting expectations. It is about saving intellectual property, protecting sensitive information, defending the brand.
Mobile device management (MDM) should play an instrumental role in the security approach to BYOx, since if the device is managed, useful information about its use, activity, in/out messaging, and so on, is available to the CISO, who is tasked with preventing the company from becoming the next corporate security breach headline.
MDM knows about how the device is being used in context-aware computing mode, and that is truly a unique opportunity to embrace BYOx in a secure, robust and powerful manner.
Ramsés Gallego is international vice-president of ISACA and security strategist and evangelist at Quest Software.