Bring Your Own Device (BYOD) has become one of the biggest trends in technology during the past few years. One report from Samsung in 2013 found that 85% of companies supported BYOD. Today, that number may be even higher. Of course, in every BYOD study, the challenge remains the same: how do you balance the desire for personal devices with the need for corporate security? Security is the biggest mobile device management hurdle companies have to clear before adopting a BYOD system.
So how do you improve the security of your business’s BYOD system? Thanks to modern technology, it’s easier than ever before.
Start Using the Cloud to Its Full Potential
The best way to control BYOD security is to give yourself the power to control your own data and applications. These are the most important parts of your business security and they’re the things that have the most potential to damage your business.
The best way to control your own data and applications is to adopt a cloud computing solution. Use the cloud to store data and run applications through managed IT services. If you can do this, then you can reduce your risk of data loss.
Why does the cloud help prevent data loss? When applications and data are stored on the cloud, it means that device loss won’t compromise the security of your business.
If an employee’s device is ever lost, broken, or stolen, organizations can use the cloud to prevent data loss. Of course, cloud computing also provides other advantages for BYOD workplaces, including more flexible functionality than many mobile device management applications. Ultimately, app control is the most important way to improve your BYOD mobile device security.
Mobile Device Management: Develop an Acceptable Use Policy
The main advantage of BYOD is that users can control their own devices. They can install the apps they want and use their devices for personal purposes. However, businesses that care about BYOD security need to put some restrictions on this.
A good BYOD Mobile Device Management initiative comes with an acceptable use policy. This policy will discuss all of the following aspects of BYOD security:
Of course, just creating an acceptable use policy isn’t much good: you’ll need to make sure employees understand that policy. You’ll also need to enforce that policy wherever necessary: otherwise, it just becomes another thing for employees to ignore and avoid.
There are a few different ways to enforce policies like this. Here are some of the ways companies protect BYOD security:
- Some companies allow IT to immediately un-enroll a device or even remotely wipe a device if it’s found to violate the acceptable use policy
- Other companies continuously inventory the apps found on personal devices, whether it’s for troubleshooting, malware detection, or other reasons (the acceptable use policy needs to explain to employees why their app libraries are inventoried)
- Some companies will even auto-quarantine non-compliant devices. In that case, your acceptable use policy needs to explain how IT will notify employees and which steps users should take to regain access to their devices
- Other possible enforcement methods involve mobile device management (MDM), blacklisting, and whitelisting, which we’ll get into below
Control Application Installation
Typically, mobile device attacks occur through apps. Even apps downloaded from trustworthy sources like the iTunes App Store or Google Play Store can pose a security risk.
Most mobile security risks, however, come from outside these app stores. When employees are allowed to download unverified apps from third-party app stores (like downloading .apk files onto your Android device), it can significantly compromise the security of the device and your entire BYOD network.
Both Apple and Android OSes let admins permit or deny installations from the Google Play Store or iTunes App Store. However, that’s not a practical solution for devices that employees use for both personal and business tasks.
A better solution is to use mobile device management or mobile application management tools. These tools like you auto-install enterprise apps on personal devices while also recommending safe public apps for employees to install.
Those safe public apps can be manually chosen by your IT team. The list isn’t likely to cover all interests of your employees, but it’s still an effective form of passive guidance.
Blacklist Bad Apps
Certain apps are notorious for data usage or security threats. That’s why some companies maintain a blacklist. This blacklist consists of apps the employees cannot download. If the mobile device management (MDM) system detects a blacklisted app, an alert can be sent to the admin or the user.
After the blacklist alert is received, the admin can take different courses of action. The device can be kicked off the virtual private network and Wi-Fi network immediately, for example. Some admins even take this a step further and immediately change the device password or perform a full device wipe.
The main problem with app blacklists is that they’re costly to maintain. New apps are becoming available every day and there are literally millions of apps on the internet today. Manually blacklisting every bad app is a long and ultimately fruitless endeavor.
Whitelist Good Apps
Whitelisting involves only letting your employees install a certain selection of acceptable apps. That list is created by the admin, and employees are forbidden from installing apps outside this whitelist. Unfortunately, apps are almost always impractical: one group of employees might need this app to complete a certain task, for example, while another group might need this app. The CEO might be allowed to install any app he or she wants – and how is that fair? That’s why whitelists are fading out of popularity in the BYOD world. Nevertheless, they’re still a valid option for some businesses – especially businesses with a small number of employee with whom you can easily coordinate app policies.
Let Leverage Tech Identify your BYOD Solution
Leverage Technologies specializes in BYOD solutions. Discover how BYOD can boost employee productivity without compromising company security.