Whether companies like it or not, the "BYOD" trend has become a climate. According to the Juniper study, the number of employees who use their own smartphones and tablets in their jobs will grow by as much as 350 million in 2014, up from 150 million this year.
But if your business is the same as most companies, it may not yet have a formal strategy for defending against BYOD risks. A new survey, conducted jointly by security awareness Training company KNOWBE4 and consulting firm Itic, found that 71% of businesses allowed to use BYOD, but no specific policies or procedures were in place to ensure security.
Hyoun Park, chief analyst at Nucleus Research, said that "companies must have some kind of policy-based control, some kind of document, contractual responsibility, or regulation." "The BYOD strategy should be the same as many corporate documents that employees must sign, to regulate the responsibilities, rights and benefits of employees and the rules and regulations that employees must follow."
A strategic contract signed by an employee can also be granted to the enterprise to protect its rights to take the necessary measures in the event of theft, loss, or misuse of the employee's mobile device. "Businesses cannot simply erase information on their devices-because it may be illegal," Park said. "Some form of agreement must be signed between individuals and businesses to do so." ”
Paul Debeasi, vice president of Gartner Research, believes that some of the issues that must be considered "should be thought like layers of bamboo shoots." "Do companies intend to have their employees connect to enterprise applications or store sensitive information with their own devices?" If so, how do companies control these devices? How do you deal with an employee who puts his old version of the iphone into his or her home or sells it on ebay?
All of these issues need to be implemented on paper, to determine what the employee can do, what not to do, and to require the employee to sign it. "This is the first step in starting the BYOD program, but few companies have done this," said J. Gold Associates founder and chief analyst Jack Gold said.
The following are the seven main points that need to be taken into account in formulating any BYOD strategy.
1, the first strategy, after the tool
Debeasi that the biggest mistake a company can make is to be eager to buy mobile device management (MDM) tools before making a BYOD strategy. "It's easy to go out and buy a tool, but the tool has to be a strategy." ”
For example, not all MDM systems provide the same functionality for each type of mobile device (Android, BlackBerry, iphone, etc.). Each MDM tool has its limitations-they can manage devices, data, and application access, but they cannot cover network access or cost management, Park said.
2, the Enterprise "has the right to erase data"
The biggest risk to BYOD is that sensitive data from the enterprise will be compromised once the device is lost or stolen. This is why most businesses develop BYOD policies that require password control, device lockout and encryption, and the right to remotely erase data on a device under certain circumstances, such as when an employee is dismissed. Some companies choose to distinguish between the business data on the device and the management technology of the application, and optionally erase the data that must be erased according to the compliance strategy of the enterprise. Other enterprises choose to erase all data on the device, which may also include employee personal data. "If you delete 300 photos of our children, it could lead to a lawsuit unless the employee signs it," Gold said. Some enterprises have a more advanced strategy, as long as the mobile device is determined to violate the enterprise policy, it is necessary to perform remote erasure.
(Responsible editor: The good of the Legacy)