Best Practices For A Secure BYOD Policy


Published on

It’s becoming a BYOD world… and we just live in it. To ensure that you are able to meet the growing expectations for BYOD/PC and its success, it will require a combination of policies, technology, and processes.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Best Practices For A Secure BYOD Policy

  1. 1. Brought to you by:
  2. 2. What is BYOD??? Bring your own device (BYOD) (also called bring your own technology (BYOT), bring your own phone (BYOP), and bring your own PC (BYOPC)) refers to the policy of permitting employees to bring personally owned mobile devices (laptops, tablets, and smart phones) to their workplace, and to use those devices to access privileged company information and applications.
  3. 3. It’s becoming a BYOD world and we just live in it To ensure that you are able to meet the growing expectations for BYOD/PC and its success, it will require a combination of policies, technology, and processes.
  4. 4. BYOD. Give it to me straight. Pros  Productivity is Up 70% of employees w/smart phones regularly check their work email.  Increased Employee Satisfaction Employees are able to be mobile and still have access to the files the need.  Cost Savings Employees are more willing to purchase their preferred mobile device. Cons  Managing Security Consider the loss of a mobile device or data ending up in the wrong hands.  Retrieving Data  Appropriate Use of Technology If an employee exits the company, how would you regain control of said data? Not exactly easy to control how someone uses a personal device.
  5. 5. Establish Clear Policies and Expectations Once you have identified your technology approach, you will then be able to create a BYO policy appropriate to your needs and set expectations appropriately.
  6. 6. Some Points To Consider       Device options/platforms supported Is this a company wide program? Reimbursement Terms of usage Support of the device What happens to data when an employee exits the company?
  7. 7. Create a Secure and Separate Workspace Container based s o l u t i o n s c a n make a personal device run as if it was a corporate device. This way employees are able to run files in a company restricted infrastructure. The container is also encrypted, which secures data, even if the device is lost.
  8. 8. Keep Your Network Protected! Maintain separate networks for employees and guests. Employees using personal devices should use the guest network & can only access company data through a secure workspace.
  9. 9. Be Sure To Have A Reasonable Password Policy Authentication is important but if the policy is too complex (12 characters, no numbers, only #/@?*, change every other week, etc.) it will drive employees to less secure behaviors… like writing it down. Be sure to balance security w/ productivity.
  10. 10. Address Compliance and Risk Management Mandates Addressing this will minimize risks associated w/ installing corporate apps and data. Keep your company container completely separate from personal data so that it is easily removable if an employee exits the company.
  11. 11. A BYOD agreement checklist recommended by the Security for Business Innovation Council includes:      Ensure that end users are responsible for backing up personal data; Clarify lines of responsibility for device maintenance, support and costs; Require employees to remove apps at the request of the organization; Disable access to the network if a blacklisted app is installed or if the device has been jail-broken; and Specify the consequences for any violations to the policy. Source: “Realizing The Mobile Enterprise,” Security for Business Innovation Council, published by RSA Security.
  12. 12. To BYOD Or Not To BYOD? While BYOD can be helpful, it can also be harmful if not implemented with the right strategy. Before moving forward, make a pro/con list and list of questions to see if your company is ready. Then let us help you build a concrete strategy that aligns with your companies overall technology strategy.
  13. 13. 502-896-2557