With asset management, IT managers know what systems exist, what technology is in place, and how they all fit together within a company. If managing IT assets is not already complex enough, now corporations are implementing Bring-Your-Own-Device (BYOD) policies that allow employees to connect their personal phones and tablets to corporate networks and applications.
Spend some time and really think about this effort, companies are now permitting users to purchase their own phones or tablets and are requiring their IT managers to manage, support, and secure data accessed by them. Today’s features on these devices make them no different than allowing users to bring and connect their own personal computers to your corporate network. However, the thing to remember is the security measures for allowing personal computers to connect remotely to corporate networks is far more advanced than today’s measures for BYOD devices.
When allowing BYOD devices on your network consider the following:
- What is the user doing with the device when it is not on your corporate network?
- What happens to corporate data when the user is terminated from your company?
- What happens to corporate data when the device is lost or stolen?
All three questions can seem alarming (as they should!). The key is to find a way to manage these devices so you maintain access control to your corporation’s data and other assets. Yes, these are your employee’s personal devices but you can still control the connection paths to which you allow these devices to access your critical information. It’s up to you to maintain control.
Make educating users to a top priority if you are going to allow these devices. Spot check devices to insure users are using password unlock to unlock devices before use. Consider moving all corporate remote applications to the Cloud so all data is retained on the network and not downloaded to the device. Only allow a small sample of BYOD devices, for example only allowing iPads or iPhones. This lowers the burden of maintaining multiple vender devices and allows you to tailor your BYOD polices. Think about the risks before deciding to allow BYOD in your environment. BYOD devices should be used as a portal to access corporate data and not as an insecure data repository located outside your network.