BYOD? Or BYOP?
So, your company's going "BYOD?" This movement is leading to very exciting times for CIO’s and their staffs. Employees and, in particular, revenue generating employees want to use their own mobile devices for work-related communication. Although this trend frees up IT resources from having to manage these devices, as they are not the responsibilities of the corporation, help desks and information security will be increasingly challenged, potentially changing BYOD to BYOP- PROBLEMS. You can reduce the possibilities of problems by taking an organized, step-by-step approach. Here's a suggested guide for enterprises of any size, scope, and industry... Defining the scope of what we are trying to do is the first step. These include: - Internal employees - Business partners / associates - Clients / third parties What then are we trying to accomplish. There need to be a Clear Cut Policy – All parties should understand what the IT responsibilities are and what their responsibilities are. This includes: - Minimizing the amount of sensitive data being sent to mobile devices - Protecting whatever sensitive data exists on a mobile device - Providing Secure channels of communication - And doing all this in a cost effective manner In order to do this we must understand where the sensitive data exists in our environment. All too often unexpected fields are used to house sensitive data. There are some tools that exist to locate this data, but the inventory needs to be updated as new functionality is introduced and legacy applications are retired. Once we understand where the sensitive data exists, there needs to be a plan for getting to the appropriate level of maturity to safe-guard this data (both within mobile devices and without) The protection requires a multi-layered approach. Any sensitive data that resides on the devices should be encrypted. In the event that the device falls into the wrong hands, this will provide security from less sophisticated threats and buy time from more sophisticated ones. A DLP solution should be used to manage the communication with endpoints. This will ensure that all devices have on-device protection solutions and be ready to remotely disable devices that are suspect. We also want to minimize the amount of sensitive data being sent to these devices. For testing purposes involving internal employees, business partners or other third parties using these devices, all data going to them should be masked. For other purposes, mask any data that is not required to fully resolve the request. This will ensure that any edits in the system do not cause the system to break.