Incorporating BYOD in your Computer Network Security Policy: 5 Questions to Ask Yourself

Posted by Mark Teter, Chief Technology Officer
April 11, 2013

Late last year, we conducted a survey with subscribers of our quarterly newsletter – ASGInsights – on their use and adoption of BYOD in the workplace. A full 72 percent reported that their organization allows or encourages employees to use their personal devices in the workplace; and 60 percent said that as a result, there are stricter security protocols in place. Surprising?

Network World/CIO article recently featured some Gartner research that predicted:

Three years from now, tablet computers will outsell traditional Windows PCs, and do so by a whopping 72%, according to the latest projections from Gartner. In between, PC shipments drop at ever faster rates. […]

 

Most users "will be satisfied with the experience they get from a tablet as their main computing device," according to Carolina Milanesi, a research vice president at Gartner. "As consumers shift their time away from their PC to tablets and smartphones, they will no longer see their PC as a device that they need to replace on a regular basis."

This trend mirrors the increase in BYOD at organizations in our subscriber-base and beyond. Simply put, BYOD is gaining traction and IT departments must incorporate it into their security policy or risk possible computer network security breaches and data loss. Late last month we posted a blog – 4 ½ Things to Consider for Enhancing Computer Network Security for BYOD – that recommended creating a company specific BYOD security policy.

To get started, ask yourself these five questions:

  1. Which devices will be allowed? It might be wise to create a list of approved devices that meet your security requirements. You’ll want to make sure that approved devices haven’t been hacked or ‘modded’ which could lead to unnecessary computer network security exposure.
  2. What company data can be downloaded to the device? Remember, these are personal devices used for company work. Given the mobility of these devices and your lack of control in terms of out-of-office use, you’ll want to either restrict or at least encrypt all sensitive data.
  3. What apps will be allowed? More and more apps are making the news for privacy violations and other non-disclosed device access. Apps are potential doorways through which information (and data) can be accessed. It might be wise to do some homework on the risks posed by some applications.
  4. Will password logins be required? Some people use the built-in pin login features on their personal devices, but others do not. Access to the contents of stolen or lost devices can either be difficult or easy. Plan accordingly.
  5. What will your IT support cover and what will it not? If an employee has a technical issue with an employee-owned device, will IT  troubleshoot and provide assistance?  Decide and incorporate this into your written IT policy early on to avoid any misunderstandings.

There are other things to ask yourself, but these can help initiate BYOD security policies and other related discussions at your organization. Remember—embracing BYOD might be the best IT policy decision you can make.

About Mark Teter Before he retired from ASG in 2013, Mark Teter was Chief Technology Officer (CTO) and the author of 'Paradigm Shift: Seven Keys of Highly successful Linux and Open Source Adoptions.' As CTO, Mark regularly advised IT organizations, vendors, and government agencies, and he frequently conducted seminars and training programs.

Filed Under: Network Security

0 Responses to 'Incorporating BYOD in your Computer Network Security Policy: 5 Questions to Ask Yourself'

Leave a Comment

Please copy "LOC8Gun2uIo6L79lW6CaSrWJbvbJiUYX" into the field labeled "Uncaptcha"