Despite the dangers of lost data, BYOD rules can’t be too rigid, or too lax, says analyst. Policies have to address use cases and job needsrnrn
Gartner VP and distinguished analyst John Girard suggests they adapt to this environment and quickly, starting with the basic configuration and security policies they feel the need to preserve.
Girard gave tips on how to develop and implementing a robust mobile device policy during the recent Gartner Security and Risk Management Summit here.
Is your BYOD policy out of date?
One of the several mobile device management (MDM) reality checks that Girard shared with the audience covered the pitfalls of the mandatory device reset.
“There was a case of a toddler who reset C-level daddy’s tablet that was left in the living room,” he said. “Of course, daddy didn’t back up the data.”
Then there was the less than ideal hospital honour system.
“Doctors accessed patient databases and hospital scheduling systems via unmanaged and unsupervised BYOD practices,” Girard said.
Girard also spoke about how a mobile honour system failed when IT operations at a company enabled Microsoft ActiveSync through the firewall, however there was no credentials process in place.
In additions to setting limits on data exposure, Girard recommends that IT administrators also limit access to a certain extent.
“Have email pass through certification control and a basic MDM security policy in place,” he said.
“Having BYOD model restrictions is also necessary.”
Control and encryption also go hand-in-hand with a comprehensive MDM policy.
“A ‘trust nothing’ approach reduces policy headaches,” Girard said,
When it comes to managing multiple device and OS platforms and settings, there are some questions that Girard says need to be addressed.
“What’s your baseline and how thoroughly are your PCs managed?” he asked. “Do you encrypt mails and work station data?”
In order for mobile device management to be effectively implement, Girard suggests people be prepared for enterprise concessions.
Some of the top policy failures that Girard highlighted included BYOD rules that are too rigid or lax, and policies that do not address use cases and job needs.
“If a company lectures but does not mandate, it’s not going to work,” he said.
“It also doesn’t help if management doesn’t support the policy.”
In order for a mobility strategy to work, Girard suggests that business give users the choice to opt-in to company’s MDM, and use “trust” and their supporting technology as a decision point.
Cisco Secure Mobility Knowledge Hub
This Knowledge Hub provides an end-to-end look at what it takes to discover, plan, and implement a successful Secure Mobility strategy.