Most security professionals will be skeptical with people bringing their own computers and gadgets into the work place. Especially the risks involved including the lack of security patches, unlicensed software and malware, make us shiver. While these risks might be there, we should consider BYOD (bring your own device) as more than just another hype. Let’s take an opposite opinion and make things happen in this new thing.
Life changed in the last 10 years. Technology like cheap broadband internet, WiFi, smartphones, cloud backups, tablets and virtualization, definitely changed our landscape. At almost all places in the world we can read our e-mail, browse the internet and check our location or interesting places to visits. While these changes might be great, most people, including our end users, are focused on what is actually possible, not the risks they bring with them. Honestly, I’m still skeptical about these technologies and connecting my smartphone to corporate network of my employer or customers. Especially when it applies to my personal data like my e-mail, my contacts or simply the authentication credentials I submit.
To become a supporter of BYOD, it makes sense to know what can be done to give users what they want and obtain the security to protect both the company and their users to the primary risks.
Mobile Device Management
Mobile Device Management, or MDM, is one of the common solutions to manage all mobile devices. This software suite has the ability to configure devices like smartphones, iPads or other tablets and systems. It can also perform upgrades of the operating system or software. This includes pushing company tooling, similar to a standard icon you often see by the network provider. Additionally devices can be wiped or locked remotely, to deal with stolen devices.
Protecting and safeguarding is a good strategy, but fails when no proper detection methods are surrounded by it. Also in the case of BYOD or MDM solutions, make sure to measure your main metrics. This enables you to scale your solution, take action on unexpected events and deal properly with stolen devices.
Inform your users
Like most implementations and solutions, people have their needs. Especially the technical savvy users will carry their devices between home and work, often in the form of a smartphone or a notebook. To get the trust of users in your solutions, inform them properly about the possibilities, but also the limitations. For example when a user can enable MDM access for his or her account, you have the opportunity to inform the user. Maybe even in the form of a mandatory training with some basic review questions? Or making them part of a program to test the solution and provide feedback.
Considering all new technology as a risk might be a good strategy, but in the end you will drive your end users away. Better is to get them on board and use new technology as an informational moment to teach, instruct and share thoughts. Say YES! to new technology, but know the risks and deal appropriately with it.
Any thoughts or ideas to share? Curious about your comments!