How to cope with BYOD
- Article 30 of 33
- SC Magazine, October 2012
The cloud, mobile device management and virtualisation are riding to the rescue of organisations faced with the inevitability of 'bring your own device'. By Rob Buckley
Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages
With an MDM solution, which typically includes aspects of NAC, it is possible to install software onto a device that determines whether encryption is enabled and working correctly - and fix the issue if it's not - and remotely wipes the device if it falls into the wrong hands. The organisation can either track the device so it can be recovered, or remove all the data from it so that it's no longer a security problem. It can also determine devices' operating systems, patches, anti-malware software, level of access, whether they have been 'jailbroken' and more.
More advanced MDMs can also integrate with Active Directory and other technologies, so access can automatically be provisioned if a new employee joins and, if one leaves, not only will data be removed from relevant devices, but so too will access to the network.
The issues here are installation of the software and the fact that if the device is owned by the employee, it will also include personal data. Suitable NAC, access gateways or MDM software can force users to install the software themselves if they wish to be able to access the network, pointing employees to corporate or public app stores. One benefit of this over a corporate roll-out is that IT won't have to support this themselves, so is particularly useful for those with fewer resources - few devices support remote installation of patches or OS upgrades, for example, but employees using their own devices will be used to doing this themselves. In a corporate roll-out, the onus will be on IT to update devices.
However, one issue that a corporate device roll-out doesn't face is the merging of personal and corporate data on one device. Anyone leaving the organisation or losing their device will need to have their equipment wiped, while others may worry that the organisation is 'snooping' on their personal data. Some MDMs tackle this by segregating data, so corporate data resides within one area of the device or within specific apps, and only this is deleted in the event of a remote wipe.
"With AbsoluteSafe, you can go to a client meeting, use an iPad as your main tool and IT will push out files to you," says Absolute Software vice president of global marketing Stephen Midgeley. "You can have that on a five- to 15-minute timer, after which the app turns off and the data is no longer on the device." Similarly, at the end of the device's lifespan, all data can be removed en masse, Midgeley adds.
This segregation is usually only available on certain types of devices or through alternatives to standard applications that may be unfamiliar to the user. However, according to Dimension Data security business manager Chris Jenkins, certain MDMs are now offering a degree of granularity in wiping: "You can specify which apps' data gets wiped."
Segregation can also be a problem when integrating with other applications: can a user open and work on a Word document they've been sent by email within their favourite app, or can they merely view the attachment? In the case of the former, what happens if that app is also capable of uploading the edited document to Dropbox rather than the preferred secure file exchange service? In the case of the latter, does that defeat the point of BYOD and corporate roll-outs if users can't work on their preferred devices or have access to the full range of apps?
Some organisations use MDM to lock down the device so it can't use certain apps. With a corporate roll-out, that may not be a problem, although it could reduce employees' efficiency if they are used to using certain programs. Zenprise chief marketing officer Ahmed Datoo says it's a mistake, at least with BYOD. "If you've spent £300 of your own money on a device, but the BYOD policy says you can't install Facebook and can only use corporate mail, you're not going to want to use it for work any more," he says.
It's advisable to find out how users are intending to use their devices and seeing if secure methods of achieving the most popular workflows are possible.
The virtualisation solution
To a large extent, virtualisation can remove the problems of data loss. By having all data and corporate applications hosted on servers and merely giving users a 'window' into these resources, IT can ensure no data ever leaves the organisation and can give mobile users the same level of access as exists on corporate devices.
Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages