- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Network World - Just say the words "bring your own device" and IT staffers start to rub their foreheads. Allowing users to attach their consumer devices, including smartphones and tablets, to the network might seem like a bad idea, but with a clear user policy that is re-signed annually, you can reduce a lot of organizational risk.
Make sure to include language about which platforms you support, whether or not you reimburse for various charges, what state the device must be in (i.e. not rooted or jailbroken) and what applications can and can't be used while on the network.
Here are a few samples of BYOD policies to help guide you. For a longer discussion of BYOD policies, check out this white paper from the SANS Institute.
Mobile device management vendor Good Technology has a sample policy that customers can customize to fit their own particular situation. The sample policy provides a solid framework for developing your own BYOD policy:
The use of a Smartphone in connection with (Company Name) business is a privilege granted to employees through approval of their management. (Company Name) reserves the right to revoke these privileges in the event that users do not abide by the policies and procedures set forth below.
The following policies are aimed to protect the integrity of (Company Name) data and ensure it remains safe and secure under (Company Name) control. Please note that there may be limited exceptions to these policies owing to device limitations between vendors.
(Define corporate policies here. Note: These are only examples and will vary per enterprise.)
*Your device will lock your account after 10 failed login attempts.
*Your device or Good application will lock every 30 minutes requiring reentry of your password.
*Your device will include password rotation every 90 days.
*The password must be a minimum of six characters.
*The password must contain at least one letter or number (except on devices that cannot accept alphanumeric passwords).
*The password must not be one of your previous four passwords.
*Your device will be remote wiped if: (i) you lose the device; (ii) you terminate employment with (Company Name); (iii) IT detects a data or policy breach or virus; or (iv) if you incorrectly type your password 10 consecutive times.
*Your iPhone, iPad or Android with Good device may allow for only the remote wipe of (Company Name) data. This means your personal data is still vulnerable, and thus it is recommended you also set a device password and take additional security precautions.
In addition to the above security settings, all users are expected to use their device in an ethical manner. Using your device in ways not designed or intended by the manufacturer is not allowed. This includes, but is not limited to, "jailbreaking" your iPhone.
Personal smartphone: A personal smartphone can be connected to the (Company Name) infrastructure (Good service), but the user is personally liable for the device and carrier service costs. Users of personal Smartphones are not eligible for expense reimbursement for hardware or carrier services. Users of personal smartphones must agree to all terms and conditions in this policy to be allowed access to those (Company Name) services.