The BYOD phenomenon in the workplace is an interesting beast. While throwing mobility into the mix at work offers a great amount of potential for efficiency, it also presents a huge vulnerability in terms of information flow and cyber security. What’s more is that mobility can and will enter a workplace whether it has a mandated mobile policy or not. People have smartphones, and as work/life integration becomes more appealing to the staff of a company, you can be that their personal devices will end up with business information on it one way or another.
It is because of this inevitability of mobility that businesses owe it to themselves to be prepared. A BYOD policy is the best way to make sure that the inevitability of mobility entering your workplace is beneficial instead of a liability.
Here are three essential considerations when building a good BYOD policy.
The first thing you need to accept about BYOD is that it is inevitable. after you’ve done that then you need to also accept that it is only a matter of time before a device with work information is lost or stolen. That’s where mobile device management (MDM) software comes in. With the ability to manage sensitive data on multiple devices remotely, a compromised smartphone becomes much less of a worry.
MDM options come in a variety of forms, but some key features you’ll want for your business include the ability to remotely wipe work data on devices and compartmentalized workspace that can keep work separate from play.
Diversity is a great word in the workplace. A variety of different people from different backgrounds and social paradigms can foster innovation. Every person brings with them their own personality, but they also bring their own phone, and if that device is going to hold work data on it it better be secured.
In an ideal world with all the resources you could ever want, mandating that each employee use a specific model of hardware for this purpose would seem attractive, but it is sadly not feasible. Because of the wide variation in the smartphone market, with many different manufacturers running different operating systems and sporting unique hardware, having a security standard may seem intimidating.
A good BYOD policy will require strong authentication, but also recognize that not every employee will have a mobile device with the same capabilities. An embedded fingerprints sensor, for instance, is an excellent boon for BYOD, but expecting every employee to have the latest iPhone model is not a reasonable request. Having multiple options for mobile logical access control is the best way to go about addressing the necessary security. If an employee has access to a fingerprint sensor then allow them to use that, but if they don’t also allowing for combination face and voice recognition will keep everything secure and backwards compatible.
Alternately, strong authentication hardware peripherals exist too, like the Tactivo smart sleeves from Precise Biometrics. With a little bit of an investment, employees can bring their own device and still use a standardize high level of strong authentication.
It can’t be overstated, the importance of making sure everyone on a network understands the risks, rewards and responsibilities in a BYOD policy. Matt Karlyn of Boston law firm Cooley LLP, in an interview for CIO.com, notes that one of the biggest mistakes in implementing a BYOD policy is that organizations don’t adequately communicate to and train thier employees.
Karlyn notes that “…employees are shocked, because they weren’t aware there was a policy that said a company could do something.”
The instinct that many people have with their phones is that the data contained therein, just like the device itself, is their own. For a business to assert its right over its information when said data is contained on the personal device of an employee can require a major paradigm shift for the worker, and communication is key in facilitating said change.
Karlyn says it best when speaking to CIO.com- “It’s the critical awareness factor: make sure that they know what the elements of the program are and then train and take them through a discussion, through the literature, through examples of what could go wrong.”
Stay posted to Mobile ID World throughout March as our featured content will turn to Barcelona as we deconstruct the identity management news coming out of this year’s Mobile World Congress. Mobile ID World president Peter O’Neill will be reporting live next week from the show’s floor.