This is a guest post by Chris Clark. If you are interested to guest post in this blog, just head over to the Guest Post Guidelines.
The balance between end-users and network administrators has undergone a fundamental shift. What once was a command-and-control environment in enterprise computing—in which IT dictated the image, configuration, and delivery model of technology for employees—is no more.
The voluminous entry of personal-owned smart devices to the workplace has caused enough disruption to upset the balance of power. Now is a pivotal time for IT. The rulebook must be rewritten to answer to the consumer technology that is permeating the workplace one swipe at a time.
The Bring Your Own Device (BYOD) trend, in which workers put their time in on their own devices, is well underway at leading enterprises across the world. Terms such as “employee-liable” and “corporate-liable” are regularly connected with BYOD. These sayings are misleading, as they can only be applied to the mobile device itself.
In fact, IT and employees share liability in protection of corporate data. It’s a difficult pill for users to swallow, but without their cooperation there’s no way to reduce risk. That’s why forming partnership between IT and end-users is ideal. This partnership must be formed prior to the adoption of employee-owned devices—call it the “zero-day preventative measure.”
Here’s How BYOD Will Change Your Life
A New Deal between IT and the Employee: The new contract should get the following across: “The employee has free reign with their personal data and applications on their Android, iPhone, iPad or BlackBerry device. However, the IT department reserves the right to withhold access to proprietary applications or information if said device is out of compliance. This could either mean a device wipe, or placing it in quarantine until it is in compliance. Please sign this End User License Agreement.” When users understand their privileges of the plenty are coupled with a few responsibilities that can be controlled with a high degree of autonomy, their likelihood of cooperating is high.
IT Becomes the DMV (no, really): The Department of Motor Vehicles (DMV) issues licenses and checks paperwork, but law enforcement officers enforce the use (or abuse) of those privileges (i.e., pulling over and ticketing speeding drivers).
In the past, IT has served a duel-role as both the enabler and heavy hand of the law. In the new model—much like the DMV—IT only needs to facilitate compliance. They now rely on automation to enforce compliance (just like the police).
IT simply can’t serve both roles any longer. The price IT pays for untethering information from corporate controlled devices is a quicker response to non-compliance (in minutes instead of hours). With BYOD, IT takes haste as a reactionary force at the device, application, data, and network levels. Armed with a rational grouping of policy and technology, they must instantly respond to new devices entering the corporate realm. They must ask: does this device meet security standards? If so, which apps are permitted? If not, should it be quarantined or delivered a security policy? In the event that such measures must be taken, they should be automated, requiring minimal effort from the end-user and admin. Just like the DMV, but without the lines.
IT’s 1-2 Punch: Detection & Prevention: IT, the BYOD rapid-reaction force, is equipped with two basic sets of mechanisms: detection and prevention.
Detection is IT’s monitoring of potentially problematic actions or applications that at present are doing no harm—such as Words With Friends or SkyDrive or a data plan nearing its expense threshold due to YouTube views. In this case, it is IT’s role to inform business accountants they are quickly approaching their cost allowance limit. This leaves the decision in the business units’ hands (how to manage that situation).
Prevention is a proactive, automated response to dire circumstances. For example, a board-book application on a rooted Android set to obtain next quarter’s projected sales. In this situation, one cannot resort to detection; immediate action must be taken.
Remain Vigilant, and you’ll Only Go So Far!
Every week, it seems that either iOS or Android makes new software upgrades available. With each update, an exponentially large set of questions regarding vulnerability is added to the pile. The equation increases in complexity when considering device type and manufacturer heterogeneity. Once employees begin to bring their own devices (BYOD), what constant can be expected other than change?
Free-thinking IT leadership understands no policy can be created that protects an organization in its entirety. Further, they understand no policy lasts forever. While IT leaders maintain their vigilance, mobile device management becomes a secondary or even tertiary responsibility, leaving updates to fall through the cracks. Active policy shifts are the way of the day. Vigilance surrounding threats posed by new devices, new applications, and new data is part of IT’s job description in the BYOD era. A cloud-based mobile device management (MDM) service will help IT leaders hold the line against the onslaught of patch updates, software upgrades, and potentially malicious apps– guaranteeing compliance and increased end-user uptime. The speed offered by the cloud grants IT time to focus on policy updates instead of maintenance windows.
Three Rings to Rule Them All
As Bring Your Own Device becomes a chief component of the enterprise, IT leadership must become the Lord of the Three Rings to ensure device protection and data security:
- Ring 1: Mobile Device Management Best Practices: The organization must follow mobile device management best practices. These include: password enforcement, locking and wiping of rogue devices, and OTA productivity service configuration (WiFi, VPN, email, business applications, and essential documents). The first ring is as basic to enterprise mobility as air and water are to human survival.
- Ring 2: Policy Enforcement: The next is a dynamic policy (yet written with care), reliant on particular security capabilities. Multiply the staggering number of devices by the plethora of ways each end-user requires precise, specialized access. One cannot rely on dynamism; only a superhero could monitor so many moving parts without setting granular level policies and continuously monitoring devices.
- Ring 3: Advanced Capabilities: Comprehensive certificate management and event-based security lie at the high end of the capability scale. This way, for example, devices can automatically enforce policies based on time and geography. Geo-fencing can disempower certain capabilities, such as camera or email in the event that a user connects to an unsecured WiFi network, brings their device to a particular country, or enters a room with sensitive prototypes.
IT Dove & Hawk: Facing change, IT must represent a dove, taking a Zen-like approach towards peaceful observation. They must also be ready to dive downward like a bird of prey to seize rogue devices from connecting to the network. In the age of mobile consumerization, cooperation is key. If employees cognize the agreement and are permitted to use their own devices, peaceful coexistence can prevail. So long as IT offers a helping hand in keeping corporate data secure.
About the Author: Chris Clark is President of Fiberlink Communications Corporation. Fiberlink’s cloud-based mobile device management (MDM) solution, MaaS360, was recently honored with the 2012 Global Mobile Award for “Best Enterprise Mobile Service” at Mobile World Congress, and is used to manage and secure more than one million endpoints globally.