The external drive and take up of Bring Your Own Devices – BYOD in the enterprise has made it very interesting for most organisations. The options that BYOD can give your organisation are many and are based on convenience, work flow and innovation. The down side with all of the Smart Devices is security. Some are more secure than others.
No matter what device a staff member comes into the office with and demands to use, security and the ability to secure the device and the data that it will hold should be paramount in the minds of the business management and owners. Although this problem usually falls to the CIO, the ICT department or the outsourced IT teams, it’s usually forced on them from the management level. How many times has a CEO or director come into the office and demanded that his <<insert make and model>>works and does everything that his laptop can do and more.
To the ICT departments, it is usually a time of great stress and panic, to find out how to set up the device but also to ensure that the required business security practices are employed in the set up.
Most ICT departments are transitioning from managing ICT to increasing security awareness but they are still in the firing line. The first person to blame if a document, email or significant piece of information ends up in the oppositions hands will be the person who set up the BYOD not the person who lost it. The fact that they were forced into the situation will be irrelevant.
There are resources available to make sure that the BYOD are managed with security as the driving principle. There is still the problem of getting users to understand that it is just as much their responsibility as it for the team that sets it up.
When it comes to BYOD, set a policy that you can enforce (both the user and yourself understand the business expectations), ensure that access to the device is difficult and time consuming if stolen (passwords and encryption), make sure that there is no corporate information stored on the device (use Remote Desktop and remote applications), make sure that access to corporate data is restricted by a password that is NOT remembered on the device and make sure that you can wipe the system if you need to.