Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

5 ways to shore up security in your BYOD strategy

David Weldon | Sept. 23, 2015
A recent study by tyntec reveals that a vast majority of organizations still have inadequate bring-your-own-device (BYOD) policies. So what does it take to get BYOD right in 2015?

Like at the University of Tennessee, wide-scale BYOD has been a fairly new phenomenon at Worcester State, but demand quickly made up for lost time.

“Initially it was limited. The network itself was at capacity and was not able to handle the devices coming on campus,” Adade explains. “We had to tell some students that they can’t bring devices on campus or if they did they were on their own. However, later on we realized it would be in our strategic interest to have a plan and to address the issue. Now we can safely accommodate almost every device. “

BYOD lessons learned

Colleges and universities aren’t the only organizations that have felt compelled to adopt BYOD programs, of course. Countless companies and nonprofits are also supporting programs, and have learned some important lessons in how to do it right.

“It is important to have technology in-house to support BYOD strategy,” notes Christine Vanderpool, CIO at Molson Coors, one of the nation’s leading brewers. “Companies should invest in tools like MDM, DLP and application monitoring (tools that inform the user of malicious applications on their devices). You need staff to support these tools. You need a strong set of policies, procedures and end user education.”

This last point is especially important – user education.

“It is good to focus on the ‘what’s in it for them’ in most cases,” Vanderpool stresses. “If you deploy MD or application controls, you have to explain how this is protecting them in their daily life and not just in their work life.”

BYOD program considerations

What are the most important elements of an effective BYOD program in terms of both providing employee flexibility and productivity and also ensuring company data and network security? Molson Coors CIO Christine Vanderpool offers the following tips on what should be considered: Identified risks include:

Identified risks include:

  • Jail breaking and rooted devices
  • Vulnerable software and devices
  • Wireless access points
  • Email exposure and cross-pollination
  • Cloud-based storage services
  • Lost or stolen devices
  • Harmful or malicious applications

Key risk considerations:

  • Unauthorized data is discoverable 
  • Discovery can be expensive
  • BYOD devices are subject to border search and seizure
  • Responsibility of treatment for repetitive stress injuries
  • Disposal of the devices (resale, reuse, destruction)
  • Device sharing
  • Data ownership
  • Clarification of working hours
  • Responsibility of payment for data usage
  • Support model for devices and applications
  • Payment for applications
  • Supplier, vendor and third-party considerations.

Data access and security considerations include:

  • Which type of corporate data can be processed on personal devices?
  • How should access to corporate data be secured and what form of encryption will be used?
  • How should corporate data be stored on the personal devices?
  • How and when should the corporate data be deleted from the personal devices?
  • How should the data be transferred from the personal device to company servers?

 

Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.