Tactical Advice

5 Rules to Make BYOD Manageable and Secure

Launching a BYOD policy doesn’t mean companies should create a free-for-all environment.
5 Rules to Make BYOD Manageable and Secure

How can the IT department assure that the enterprise sees the benefits of BYOD instead of unmanageable mobility that creates chaos for the existing IT environment?

“You have to address what end users want in terms of personal choice — but don’t start there,” says Jack E. Gold, president and principal analyst with the consulting firm J.Gold Associates. “Think about what your business needs first, then retrofit the technology that works the best to achieve those goals.”

That means seeing BYOD not as an end game. It’s one component in a robust mobile strategy that addresses all the areas in which mobility makes sense and creates a long-term roadmap for delivering the appropriate applications and services.

“You don’t want to do BYOD with a series of short-sighted projects,” Mark Jordan, senior product manager for mobility at Sybase, advises.

Enterprises also should update their existing mobility policies, which may have been tucked away in three-ring binders or file cabinets since their initial creation a decade ago. “Organizations really need to re-evaluate all these policies in light of the latest technologies and the most recent regulatory issues for information management that apply to their industries,” recommends Sean Ginevan, product manager for MobileIron, which supplies a mobile-device management (MDM) solution to the company.

For security and management ease, BYOD rules should address five core considerations:

  1. Which workgroups can bring in their own gear?
  2. Should groups be segmented by job function, organizational unit or region?
  3. To what data will BYOD devices be granted access?
  4. What kinds of mobile devices will be allowed?
  5. What will be allowable minimum capabilities of the devices and operating systems?

Answering the last question will be complicated because security and management capabilities of some hardware and OS combinations are still a work in progress, experts say. For example, some Android smartphone manufacturers, including Samsung, Motorola and LG, are customizing the Android OS with proprietary management capabilities, such as enhanced password controls, hardware-based encryption and hardened e-mail security.

These extensions are a security plus for IT managers, but the lack of standardization means the enterprise will need to develop alternative management policies for other Android smartphones that run more basic versions of the OS. But what kind of alternative policies?

IT, for example, may decide to force users of the basic OS to access corporate e-mail through a security application. By contrast, the IT department may decide it is safe for devices with proprietary security extensions to connect directly to the corporate e-mail server. Or it may decide that some systems or data are off-limits to all BYOD devices.

For added security, and an absolute necessity for organizations in highly regulated markets, IT shops may want to issue an authentication certificate for each BYOD device. A step up from password security, the certificates confirm that both the users and their individual hardware have been authorized to access the network.

Cool Tools for BYOD

Fortunately, a variety of tools are available to help IT administrators implement and enforce the BYOD policies they create. Mobile-device management software can act as a kind of command center, letting IT managers centrally configure access authorizations and business applications.

MDM solutions also let the IT department track devices, confirm device security settings, and create virtual private networks (VPNs) that establish protected communications links between users in the field and the enterprise network. An MDM application can also check that each device is running an updated version of its OS and scan for malware before a user device connects to the corporate network. If the hardware is lost or stolen, IT administrators can go to the MDM command center to wipe the data.

“MDM can push down a variety of settings to individual devices, but just as importantly, it enables IT managers to take all those settings back,” Ginevan says. “So when someone leaves the enterprise, I can delete all the corporate e-mails, corporate applications and any security certificates that identify the device to the network.”

Because MDM tools can streamline or automate so many basic device-management tasks, IT isn’t scrambling to service hundreds or perhaps thousands of individual devices. “That gives IT administrators more time to focus on strategic tasks, such as building and mobilizing applications inside their enterprises,” he says.

Role for Desktop Virtualization

Another important mobile management technology is desktop virtualization, which lets IT create individualized desktop environments tailored to each notebook, smartphone or tablet. With virtualization, staff members use their mobile devices to send screen images and keyboard clicks over wireless networks to applications centrally stored in the back-end data center, which also houses all corporate information. Because data doesn’t reside on mobile devices, there’s less risk of a security breach if portable hardware is hacked or stolen.

For its BYOD strategy, Citrix Systems enhances each device with its own commercial technology, Citrix Receiver. It connects end-user hardware to virtual desktops created by central IT administrators. To protect the messages flowing back and forth between users and data center systems, Citrix establishes VPNs that support data encryption.

Michael McKiernan, vice president of business technology at Citrix, says members of the Citrix staff that are part of the BYOD program accept client virtualization in part because data and applications stored in a central location make those resources accessible from any one of the multiple computing devices they may own.

“If the data is stored on a C drive in one computer, they may not always have access to it,” he says.

And what about the potential for greater security risks if IT doesn’t have complete control over the devices that each person uses? “The rubber hits the road with our results after three years. We have not seen our exposure increase,” he says. “If you provide the right incentives for people to protect corporate data, they will. Just because someone chooses to use their own MacBook, they don’t suddenly turn into a deviant.”

Sign up for our e-newsletter

About the Author

Alan Joch

Alan Joch

Alan Joch has been an independent business and technology writer for more than a decade. His expertise includes server and desktop virtualization, cloud computing, emerging mobile applications, cybersecurity and green IT. Follow him on Twitter @alanallegro


Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....


The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...


Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.