The company following the trend of BYOD allows its employees to not only bring their personal devices like Mobile Phone, Laptops, Tablets to work, but also use it within the company for their work. They are allowed to send / receive company emails and access company data stored over the company network.
The employee no longer has to carry the company provided mobile phone apart from his own phone. He can buy just any phone or tablet that suits his needs and requirements. The trend changes the way how IT services are run, managed, used and distributed within the network.
The BYOD market is fast evolving and companies are now readily adopting it. According to reports by MarketsAndMarkets, the BYOD market is expected to touch $181.39 billion by 2017. As of now, North America currently is estimated to hold the largest share of BYOD adoption and management at 36 percent, followed by Europe at 30 percent, Asia Pacific at 20 percent , Latin America at 15 percent, Middle East & Africa at around 5-10 percent.
Security and privacy are understadably held up as barriers to businesses embracing BYOD demands. – JK Shin, President and Head of IT and Mobile Division at Samsung
The companies who plan to adopt BYOD in future need to set certain standards and guidelines in place to ensure the safety of their data and other vial resources. No employee intends to work for a single company forever; neither can it be assumed that, no matter how old and loyal, the employee will never misuse the company resources.
Virtualization technology needs to expand from the Desktop level to mobile level. Company workspace on employee’s personal device will ensure that resources available to him once working hours are over, are only limited to something like emails. But while it (Virtualization for Mobile) introduces itself to us in near future, we still need BYOD and we also need security at the same time. Here are some ways how you can manage to do both if you plan to implement BYOD in your company.
Allow only selected devices
Pre-define the devices which will be allowed to use to office purposes. Decide whether you want to allow SmartPhone or a Laptop or Both. If you select Laptop, it will automatically bring the list of users to relatively small number. Not a lot of people in any given company have or carry a Laptop. You have a small list which is easier to manage and keep eyes on.
Select Operating System’s
The employee might have an Apple iPhone or ZTE phone with Firefox OS. If they bring Laptops, it might be a Windows or a Mac or Chrome OS (unlikely but let’s assume so). Set guidelines as to which devices and OS’s your company will support. Since you know the limitation of those OS now; you know what you employees can or can’t do from their device. Any suspicious activity will be comparatively easier to isolate and will be highlighted.
List the people who actually need it
Not every employee in your company needs to use their personal device for office work. Create a list of people at every hierarchy in your company to see who actually needs to use company resources inside and outside the company. You can authorize those ranked higher to use maximum resources, others, you can simply limit to emails or nothing outside the company. You can also educate these employee’s about the uses and the responsibilities BYOD trend brings. Also let them know of consequences in case of is data security is suspected to be breached or compromised.
Provide only task related Applications
Don’t provide a list of application for them to choose from. Decide what applications they actually require for the work to be done. Employees depending upon the company hierarchy and the respective job profile should be given access to only select few applications and data which are required.
Tag the Device and its respective User
Log the employee’s id and his personal device id which is registered and authorized to use for the company. It will be easier to isolate the employee through the device which was used to compromise the company’s security, if it ever comes to that.
Continuous Vulnerability Assessment
Just following the above steps alone won’t help you. Keep conducting continuous vulnerability assessments to check for backdoor entries into your servers, applications. Conduct different kinds of tests on your systems on regular basis.
This might not be a perfect model, but it is a good start. The technology is still in nascent stages. But these steps will give you a certain amount of control over employees’ personal devices, without interfering with their personal space and still manage the company security.
Samsung recently announced a security solution named Knox. It divides your personal space from professional space on your phone. Knox is a password protected space which does not allow you access to social networks and personal email. Moreover, the separation is enforced by Security Enhanced (SE) Android and file system level encryption which offers security features like protection of business data and applications from data leakage, viruses and malware attacks. It is compatible with infrastructures such as MDM, VPN and directory services. The feature will only be available to Samsung galaxy phone users but it might encourage other companies to come up with something similar in future.