Skip Links

Avoiding basic BYOD blunders

Most companies have figured out how to sidestep BYOD security errors - have you?

By Michael Fitzgerald, CSO
February 14, 2013 03:15 PM ET

Page 2 of 3

Borg says there's no reason for companies to take such risks. Aberdeen says that a single compliance lapse could cost a company between $10,600 and $461,699, depending on the number of compliance violations on the device.

Borg and another analysts interviewed for this story acknowledge that we have not seen a major incident with BYOD devices publicized yet. But why be the headline, Borg asks.

The challenge for CISOs is palpable. For one thing, it's hard to keep up with best practices, says Adam T. Shapiro, Chief Technology Officer of Breakthrough Technology Group, a managed service provider based in Morganville, N.J.

Shapiro was previously in charge of Citigroup's Client Infrastructure Engineering, where the company's efforts to allow remote work showed a huge thirst for BYOD. The company used Citrix Receiver, a virtualization client, to allow for remote access. Once in place, "you saw every single person that was a Mac user start to use their personal Mac," Shapiro says.

He also says technology is moving too fast for policies to keep up. "There were people coming in with early releases of Windows Tablets" and other new devices, he says. Then they would complain that they couldn't get access. "Best practices are no longer even best practices. It's an evolving game," he says.

Citigroup had not done things willy-nilly -- it had a process of meetings and discussion to develop a BYOD model that went through a wide variety of use cases, and had built custom wireless networks to help. Even so, the organization was surprised by how 'creatively' some people decide to use technology. "There were some use cases where you would say, 'Really, people do that?'" Shapiro says.

Citigroup's example illustrates that each company will have its own complexities, with technology and policy decisions to iron out. At any rate, don't be the headline. Emulate smart companies and avoid BYOD's most basic blunders.

Blunder Number 1: Just jump in - the water's fine!

In fact, the water is murky. Companies that just open their networks to BYOD without a plan might hit riptides, stingrays, sharks even. Do you have a lifeguard? Do you even know who should be on the beach?

"Step back and think about your company and what the mobile worker population of the company might look like," says Stacy Crook, an analyst at International Data Corp.

Blunder Number 2: Take on all comers

It's a great concept for a UFC special, but why do you want your network exposed to every device known to humankind?

"Companies shouldn't recommend what type of phone employees get, but some Android phones are better than others," says Dan Shey, an analyst at ABI Research Inc.

Blunder Number 3: Give employees access to everything

Do all your employees really need access to all applications? Really? It's one thing to open up access to email, another to give access to ERP, says Shey, an analyst at ABI Research. Email "tends to be a closed system--you can connect to it and not connect to corporate systems and databases," he says. As Crook notes, once consumer devices enter the enterprise, consumer applications and corporate applications can commingle. What if employees want to dump things into Dropbox?

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News