Gone are the days of IT determining the kinds of devices on your network and who can use them. The president of your company is at your door with a smile on his face with his new tablet in his hands. He asks you to connect this device to the network. How do you have a meaningful conversation about the impact on the network by doing so?
Small SMB companies in Canada often feel that their risk of security intrusion or data loss is not as significant as for larger enterprises. They feel the network is protected with a firewall provisioned on the Internet edge. Furthermore, why can’t we connect our personal tablets and phones to our network just like we do at home or the local coffee shop? This is assuming the employees even ask since you have published wireless security parameters similar to what they use at home and they can just enter the settings.
It’s important to plan and discuss the challenges and concerns of BYOD behavior. Then create a clear corporate policy about the acceptable use of business resources.
To start with, here are some of the key indicators you must make your business aware of:
More corporate private data is being placed on portable devices that increase risk of data loss.
The same sensitive corporate data can also be sent to the Internet via many means including social media etc. that used to be controlled by Corporate and firewall policies.
The growing types and variety of devices increases the chances of malware entering your network. Many users download applications from questionable sources or root their phones to gain further access (further access for malware as well). These steps increase the vulnerability of the device and in turn your enterprise network if they are allowed without controls.
How to manage lost or stolen devices? Originally laptops and thumb drives were your only portable security concerns.
Ensure you have a solution to meet all the new devices.
Privacy & Management
How to manage corporate information on personal devices IT does not control?
When a personal device is partially used as a business tool, the IT Department needs to manage it right? If the business does not manage it, then the corporate network becomes vulnerable to something outside its control.
If the business decides to support these devices – what rights does it have? Can it wipe the data remotely on the devices even though some may be personal? How about location tracking? When tools like this inherently exist, what does the business do with them? Also, if the business does have some Mobile Device Management Software on the device, what other information is it accessing? Strict policies and controls are important. Understanding how far a business should go and how much technology should be implemented to manage and protect data is important, just as it is to understand which options are best for your business.
When you finally received your budget to implement wireless solutions, they had been originally defined for occasional use. Areas to be covered mainly included common areas and meeting rooms since all the desks were wired. Now devices pop up at every station and each user has 1 to 2 additional wireless devices. These changes require a revised wireless survey to ensure performance is available for key devices. Additionally, and in some cases, the new requirements may require a new infrastructure that can identify devices by type and provision services according to priority.
IT resources always have additional time to manage, configure and fix things right? Wrong. When you discuss the solution to BYOD with your boss, make sure that the proposed solution has centralized policy control and management that provides the necessary tools, controls and visibility to enable you to manage this task without spending time you don’t have.
There are many proponents to BYOD that suggest increased worker productivity can be realised when users are working with their preferred devices. A business must keep in mind that personal devices provide access to personal accounts and personal social media sites and need to provision policies and/or controls to manage this and ensure they can realise improved productivity. This is a combination of technology and business policies that yield success when the needs of the business and individual employees are met.
Now that you have some additional information, the question remains about how to discuss this with your Company President or Senior Executive to ensure the business is enabled and yet maintains the necessary controls and security (since you are ultimately accountable for that).
Combine the challenge with the solution by presenting the issues with solution options. Additionally, find an ally in your business, perhaps one with privacy concerns that will help champion your cause. The business challenges listed here are straightforward to convey but sometimes the solutions are more complex. Partnering with an organisation with experience can also help you work through the challenges you know and have not yet thought of.
To find out more about the possibilities that are right for your organisation, please feel free to contact me at 905-508-8489 x318.