Bring your own device (BYOD) is no longer simply a buzzword or a new trend; it’s reality. And in that reality, almost half of all employees use their own devices to access corporate assets such as network drives, documents, printers, web proxies, social media sites, and personal cloud services. Malware, viruses, theft, unsecured devices, jailbroken devices, and a lack of control put corporate data, intellectual property, and client information at risk. The answer to this problem is to create, to manage, and to enforce BYOD policy guidelines to secure your work environment.
A well-written BYOD policy is the first step in bringing order out of personal device chaos. If users want to use their own devices, they have to follow some general guidelines for doing so inside a company network. Remember that security is an ongoing process that requires vigilance, administration, revision, and flexibility. These ten policy guidelines, in no particular order, provide you with a starting point in drafting your own BYOD policies and in enforcing those policies with a mobile security management suite.
1. Jailbroken and rooted devices are not allowed
Most, if not all, mobile security suites consider jailbroken and rooted devices to be “security compromised.” These compromised devices are exposed to security vulnerabilities, malware, viruses, and hacks that secured devices are not.
2. Devices must be protected by screen lock passwords
A basic security measure that many device owners neglect is the screen lock password. Screen lock passwords are simple to setup and yet provide a high level of data theft protection. Write your policy to include this powerful deterrent. Mobile security suites can enforce the use of a screen lock password on any user device.
3. Require enrollment in the corporate MDM, MAM, or MCM
To enforce security policies at the device, application, or document level, you must use a mobile security management suite. The suite should integrate into your environment such that no user device may access corporate assets without first enrolling in and being vetted by the security policies. To bypass enrollment puts your other users and their devices at risk.
4. Devices must be regularly updated with latest OS and patches
To stay ahead of malware, users have to keep their devices updated to the latest operating systems. This updating includes minor updates that may fix security vulnerabilities between major revisions. You can enforce update policies and push updates from some mobile security management suites to ensure that user’s devices maintain the highest available patch levels.
5. Business data and personal data must be kept separate
Because management suites have the capability of wiping data from devices, companies should provide a set of corporate apps that hold their own data separate from user data. This separation is achieved through good app planning and programming and management suite policy enforcement.
6. Corporate data should be encrypted
All data within, or accessed by, corporate apps should be encrypted so that compromised devices don’t give up their data in readable form. If users are allowed to access data in offline mode, app data is especially sensitive and must be encrypted to ensure security.
7. Custom profiles for each device type and manufacturer
Because users will bring a variety of device types (tablets, phones, laptops) and manufacturers to the workplace, a separate security should be available for each supported device specific to that device. Generic security policies will leave significant gaps and create additional vulnerabilities on your network. Most mobile management suites support a variety of device types and manufacturers. Devices outside of the support matrix should not be allowed as part of the BYOD program.
8. Require VPN (Application or Device) for connectivity
To ensure that all communications with the corporate network are secure VPN connection enforcement should be standard. Device-level VPNs securely connect the entire device to the corporate VPN server, whereas application-level or micro VPN connectivity ensures that all application-related data transmissions are secure.
9. Require periodic re-authentication
Periodic re-authentication assures that the user is genuine. Unlimited access without re-authentication is a secure vulnerability for any device that might be stolen or compromised during authenticated use. Management suites can enforce re-authentication after a set time period.
10. Prevent offline access
If you require a very high level of security for particular documents or applications, prevent any offline access to them. Do not allow documents or data to be downloaded or cached on the local device. Only allow access to sensitive information while connected to the corporate network.
Bring your own device is a significant new trend that brings with it an array of security questions, management issues, and policy changes. Users want the freedom to choose and to bring their own devices and you have a commitment to your employees, to your shareholders, and to your customers to maintain a secure environment in which to work and to conduct business. A solid BYOD policy ensures that your employees stay within the guidelines and limitations that you set for them.
If you’re a sys admin who has been faced with malware infection, cracked passwords, defaced website, compromised DNS, licensing violations, stolen hardware and other issues which can cause cardiac arrest – we have what you need! Download this free e-book: First Aid Kit for Admins today!