The burgeoning bring-your-own-device (BYOD) trend comes with its own set of challenges for today’s businesses. Ownership issues, privacy concerns, IT adaptability, and potential costs all weigh heavy on companies as they try to establish, maintain, and improve BYOD policies. However, no one challenge looms larger than BYOD security. A recent survey conducted by cloud services provider NaviSite discovered that of the 700 IT decision makers interviewed, 68 percent were very or extremely concerned about security on personal devices.
VARs and their clients should take BYOD security seriously, but it doesn’t need to be the harbinger of doom that many companies fear. Here’s how a bring-your-own-device security policy can be shaped so that resellers, companies, and employees can be confident in the results:
1. Take the initiative
Pretending BYOD doesn’t exist is naïve—companies can suggest that or even forbid employees not use personal devices for work business, but those employees might do so anyway, possibly without the lack of any sort of guidelines or governance from their employers. Simply acknowledging that BYOD is here to stay is a good first step for organizations trying to address security problems with portable devices.
2. Emphasize the shared responsibility
Employees have a vested interest in BYOD, as do their employers. When both sides do their part to ensure company data is safe, security becomes less of a problem. Shared responsibility implies a win-win: Employees can use the personal devices they want for work, and businesses can breathe easier knowing their employees are taking security seriously.
3. Insist upon security policies
Employees working on personal devices may need to get used to idea that accessing company systems will differ from the way they operate their smartphones and tablets for tasks that aren’t work-related. For example, many people automatically save passwords on their email accounts, which might be fine for getting to a Yahoo! inbox but is a security risk for company emails. Strong password policies and guidelines on secure connections (the thought of accessing work data on an open coffee shop router can keep IT security specialists up at night) shouldn’t be optional, but rather, essential elements of BYOD governance.
4. BYOD-specific apps
Many VARs and their clients are turning to applications specifically aimed at making bring-your-own-device functions more safe, efficient, and traceable. Business apps developed (either in house or by a third party) for personal devices can ease fears of data breaches—accessing company emails will almost always be more secure through a dedicated organizational app than the pop mail that comes pre-installed on smartphones.
5. Remote wiping
Losing a device with work data on it or accessible through it is a problem. A big problem, feared by employee and employer alike. Remote wiping can disable and/or hard reset lost or stolen devices. Though somewhat controversial (employees who misplace a device may not report the loss with the hope of finding their smartphones with data intact), this option is still preferable to no policy at all other than hoping a thief doesn’t figure out how to access company systems.
6. Work with a distributor
Selling a client on the idea of BYOD security in such an insecure world can be daunting for VARs. That’s where a qualified distributor can help, offering hardware, applications, strategies, technical support, and training to resellers and their clients. With the right distributor, bring-your-own-device security can become an asset rather than a liability.
What do your clients feel is the biggest problem with BYOD?