BYOD Security – The Secure Approach to Supporting Employee Devices
This is the final blog post in a series providing guidance on rolling out and managing a successful Bring Your-Own-Device (BYOD) program in your organization.
In the previous post in this series we talked about BYOD not being a strategy in itself. Allowing employees to use a device of their choice should be rolled out in parallel with policies around how corporate data can be properly accessed on those devices. Without doing so, there are serious risks of data loss and for this reason, we argue that a BYOD program is not complete without the ability to separate and secure corporate apps and data.
Focus on Apps and Data
BYOD means using a personal device for work purposes, which often entails accessing confidential company data. While IT’s top concern is securing all corporate data, employees’ top concern is often around privacy and whether their personal data will be under IT’s control as well. So how do you balance keeping corporate data secure with employees personal data untouched?
In order maintain employees’ trust, the critical “end point” becomes the mobile apps that access corporate data, not the device in its entirety. IT needs to have fine-grained security and dynamic policy control at the individual app level to ensure business data is protected, while leaving personal apps, pictures and data untouched. Security protocols such as two-factor authentication and derived credentials are often required in high profile organizations. Along with security, management policies are necessary to force app updates, ensuring all users have the most up-to-date version of the app and the ability to enable or disable app usage for individual users at any time. Lastly, analytic policies should be available to provide insight into how often apps are being used, for how long and by whom.
Mobile Application Management for Security
The best way to support BYOD with an app focused approach is mobile application management (MAM). This supports the deployment of secured, policy-enabled, and managed apps to any device in an enterprise or government organization. The key to MAM is that it applies additional protection around apps and data that goes beyond the device control provided by MDM, enabling even the most regulated industries to achieve the necessary level of app and data security.
Secure Network and Data
While employee choice of device type and apps are critical for adoption, usage, and increased productivity – the enterprise must continue to secure its networks and corporate IP. Whether the organization chooses a MAM-only methodology or combines it with a mobile device management (MDM) solution, the enterprise must take a structured and sustainable approach to protecting all corporate information regardless of what device type it is accessed from. A robust BYOD security strategy should include data encryption, private database authentication, app security inspection tools, and automated security updates. Supporting BYOD users doesn’t mean IT has to give up on security. It can be argued that a BYOD program is not complete until IT can effectively manage all users equally in terms of visibility and security. That said, the need for privacy of BYOD users and security for corporate data does not need to conflict. With MAM, IT can protect corporate applications and data without viewing or touching personal apps and data. Meeting the needs of both employees and IT, employees get to use the devices they want, and IT gets to secure the use of corporate data on those devices.