Mobile-Device Management: 10 Best Practices for Creating a BYOD Policy
Human nature being what it is, people are going to use whatever connected device they have available at the time to handle a business function without giving a thought to security. Why? The terms "easy" and "convenient" come immediately to mind. In fact, 99 percent of the time, humans go for the path of least resistance; that's the way we are made. This is precisely why the BYOD, or bring your own device, trend in enterprises continues to move quickly up and to the right on all the research charts. Like it or not, enterprises must contend with this trend by establishing some sort of policy to deal with it. During eWEEK's latest eWEEKchat industry discussion March 13 ("BYOD and the Future of Work"), the following market stats from a 2012 Cisco survey came up: 88 percent of employees are using personal devices for some kind of business purpose, yet only 29 percent of companies are currently planning BYOD policies and only 17 percent already have a policy in place. How far behind the curve are we here? Insider risk in BYOD is one thing, but areas of particular concern include human error and poor decision making, inadequate policies and procedures, and insufficient planning against social engineering attacks. For this slide show, eWEEK worked with Domingo Guerra, president and co-founder of Appthority, a global cloud-based company focused on mobile security in the enterprise.
Where Does a Company Begin?
Start at the beginning. Query employees and do the research. Find out the risks and costs. Determine who on staff (or in the value chain) is already using smartphones and tablets. Ask them to show you what they're most commonly doing with the devices that may involve the company. Make sure key company and IT administrators are involved in setting policies (or no policy at all, if that is appropriate). BYOD can indeed drop capital-equipment costs and improve productivity among employees, but it has to be done in a supervised and safe fashion.