- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
Macworld - The easiest way to secure the network and protect company data is to simply not allow mobile devices to access company resources at all. Of course, that's a highly impractical policy, and one that ignores the many benefits mobile devices bring to the table. You can block non-managed devices from connecting to the network, and you can lock down USB ports on company PCs, but it's virtually impossible to ban employee-owned devices altogether.
That doesn't mean you should just surrender and let the employees do whatever they like. There are pros and cons for both the company and the users when it comes to adopting a bring your own device (BYOD) policy, and users need to understand from square one that the tradeoff for being allowed to use their own smartphone or tablet for work is that the IT admin must be able to exercise some control to protect the network and sensitive company data.
In order to manage mobile devices effectively, you need to employ some form of mobile device management (MDM) tool. MDM gives IT admins the ability to manage security settings on mobile devices, track the mobile devices with access to the network, monitor compliance with company policies, and remotely wipe data from lost or stolen devices if necessary.
With MDM, you can apply a unique balance of access and security to fit your specific needs. Three ways to support a BYOD program include:
1. Block access to corporate resources using network access control (NAC) systems. A properly configured router can block all devices that aren't in a list of authorized devices, but that is a tedious, inelegant solution at best. NAC tools, on the other hand, provide more dynamic, robust protection.
NAC devices, such as the Black Box Veri-NAC 5230, scan all devices attempting to connect to the network to verify that they comply with corporate policies. If the device doesn't meet corporate security requirements or isn't properly patched and updated, access can be denied, or the user can be redirected to a site with links to the resources necessary to achieve compliance and get a green light from the NAC tool.
2. Grant access to all devices and design a written policy to keep corporate data safe. A written policy delivering clear instructions on the access and use of company data on mobile devices is not only a good idea, it's crucial for any company adopting the use of mobile devices at all. But by itself a written policy puts the burden on users to execute the steps to secure their mobile devices and doesn't provide IT admins with any sort of oversight or assurances that the policy is being followed properly.
In this scenario, the IT admin has to manually manage and maintain the mobile devices--taking the time to verify the use of basic security measures such as secure passwords, remote tracking for lost or stolen devices, and the activation of remote-wiping features on all mobile devices. While iPhones, iPads, and other mobile devices include these features, depending on end users to properly configure them can be a dicey proposition. In companies with more than 100 workers, it's nearly impossible to enforce.
Originally published on www.macworld.com. Click here to read the original story.