Security
January 2, 2013

BYOD strategies: Governance, policy and security

BYOD is hot! But is it  for you? If yes, which flavor would be applicable? The right type of BYOD solution should be aligned with a business strategy and driven by the right technology and IT considerations.

Bring your own device, or BYOD, has grown to become a term that encompasses many of the permutations of an “any device” strategy: allowing guests with their own devices for basic Internet access, enabling partners to connect to the corporate infrastructure, corporate-paid devices that are supported by employees, and the Holy Grail of BYOD, employee-paid and employee-supported devices connected to the corporate network with the ability to access corporate information.

Before choosing a BYOD flavor, the first step is identifying the business driver for a BYOD strategy. This might not be as obvious as it seems. It is not unusual for IT groups to lose direction in the noise from their user community and sometimes from the “peer pressure” that comes with a hot business and technology trend. A clear entitlement strategy around “who gets what” and “how they get access” is important, and so is minimizing the exceptions. If not kept in check, these exceptions can quickly grow into a “grey IT” nightmare.

The entitlement strategy should include a plan for clearly communicating the rules of the game to all end users. 

An important IT policy that has to be determined and aligned with the business strategy is support. As IT organizations open up their environment to let disparate devices access the infrastructure, the support burden on IT can increase significantly. Letting employees self-support their devices and applications is an increasingly popular option. In this case, IT does not usually provide any support to users but will offer usage best practices through training, enterprise social media tools and internal communication.

This type of self-support model will not work in every environment, however, and many IT organizations are striving for a balance. They might, for example, provide support for basic email and calendar applications but leave everything else including device support to the end users. Tight integration of the business and technology considerations, along with a strategy for enterprise billing, reporting, and other IT services related to BYOD, are important.
 
After the right business case, policies and support strategies are identified, the technology challenges associated with BYOD should be addressed. These challenges can be rolled under three broad areas: policy enforcement, unified access and data protection.
 
Centralized policy enforcement, which aligns with the business strategy that has been identified, should be considered non-negotiable. Disparate processes for enforcing policies will undermine the stability of the enterprise policy framework as a whole. Policy enforcement should be designed to scale globally, applied across all access paths to the infrastructure, and managed with simple control systems. The centralized policy enforcement should have the capability to be applied to all users including employees, contingent workers, partners and guests.

A unified access architecture ensures that a standard, seamless access to the infrastructure is provided to the end users, including wired, wireless (Wi-Fi) and remote access (hardware- and software-based VPNs). A unified access strategy also helps IT reduce operational overhead, simplify security standards, and lower total cost of ownership. This also includes providing superior wireless service, resulting in better end user experience.

Data protection standards involve data privacy, security and integrity of the data in mobile devices, separation of personal and corporate data, and management of corporate data in employee-owned devices. Data protection with BYOD is an evolving area, and both the technology industry and legal experts are working toward coming up with the right balance. Although a compartmentalization application or a virtual desktop solution can provide clear demarcation of data, the challenge is to balance this design with user experience, especially on mobile platforms that have relatively lower processing and compute power.

Another important consideration is advanced security. With security threats growing in significance, it is critical for organizations to adapt a context-aware security enforcement strategy that can connect the infrastructure, applications and the related policies.

Finally, despite its popularity and industry buzz, BYOD may not be for everyone. The openness of BYOD may not be applicable due to compliance, regulatory, security or other business requirements. 

Organizations can still benefit from innovations such as unified access and centralized policy enforcement to improve user experience, increase security and reduce costs.

Jawahar Sivasankaran is a distinguished engineer and senior technical director with Cisco Systems.

About this author

0 comments

There are no comments for this post yet.

Be the first to comment. Click here.

Security
 
Governments around the world are increasingly relying on cloud-based IT services...
 
For a few years now, there’s been a throwaway metaphor bounced...
 
According to a 2018 study led by Dr. Michael McGuire, Senior...
 
Cloud technology is a game changer! Successful implementation in both the...
 
For over two days at the end of January this year,...
 
Earlier this month I had the privilege of testifying as an...
 
Canadian Government Executive Media, (CGE) publisher of Canadian Government Executive magazine...
 
In the last few years, we’ve seen various federal governments warning...
 
Canadian Government Executive is excited to announce the agenda for TechGov...
 
In the wake of the WannaCry outbreak, corporate executives, IT professionals,...
 
Facebook Pages can be an essential tool for businesses and charities,...
 
Cybersecurity professionals have sounded the alarm for years, and they are...
 
CBC deserves full credit for exposing the presence of IMSI catchers...
 
Security professionals have an obligation to communicate risks and recommendations to...
 
Over the decades, technology has been grafted into governments around the...
 
In this episode, J. Richard Jones talks about being candid about...
 
Criminals have reportedly threatened to take over 250 million Apple accounts...
 
In this episode, hear more about how Canada is a prime...
 
While the incoming administration of President-elect Donald Trump is being buffeted...
 
In the world that we are living in today, free and...
 
The RCMP adopted a new media strategy earlier this month by...
 
What would tomorrow’s cybersecurity look like? That’s an intriguing question to...
 
Terrorism operates with deadly regularity. In June 2016, a gunman who...
 
Just as the federal government has begun consultations on cyber security,...
 
Efforts by the government to counter the radicalization of young Canadians...
 
Canadian healthcare organizations and businesses in the financial industry are the...
 
Global market trends are accelerating to increase the pressure on commercial...
 
A recent report suggests several strategies how governments and the private...
 
The latest information from IBM Cloud covers: Consolidating Complex Environments Consolidating...
 
IBM Cloud is the first cloud provider to use Intel TXT...
 
Signaling a realignment of Canada’s involvement with NATO, Prime Minister Justin...
 
United States President Barack Obama, speaking before Parliament last night, urged...
 
Yes, according to the former head of the Canadian Security Intelligence...
 
Early this morning, Philippine police confirmed that the severed head found...
 
The challenge is clear: a fast-paced industry pressures organizations to simultaneously...
 
As populations grow and age, the demand for services increases. As...
 
The agency responsible for safeguarding the Pentagon and several other buildings...
 
By Michael Murphy Not all assets can and should be equally...
 
Government agencies, international businesses, as well as, European organizations that comply...
 
The Royal Canadian Mounted Police (RCMP) is poised to launch an...
 
One of Canada’s largest integrated oil companies said it is not...
 
Associates of Russian President Vladimir Putin, the king of Saudi Arabia,...
 
Now more than ever, organizations in both the public and private...
 
The Federal Bureau of Investigation announced that it has managed to...
 
IT organizations, especially those in healthcare facilities and government institutions that...
 
Last year, the Canada Revenue Agency rolled out a pilot program...
 
Strong cryptography is clearly required to protect sensitive government, business, and...
 
As the battle between the FBI and Apple continues to escalate,...
 
“I don’t think that backdoors into encryption is going to increase...
 
Hackers are zeroing in on users of SSL/TLS encryption and no...
 
Meet Bob Heart.  He is an outstanding employee who works hard...
 
The CEO of Google Sundar Pichai has come out in support...
 
A new study released yesterday, Securing the C-Suite, Cybersecurity Perspectives from...
 
Application, operating system, and device logs contain essential security information, but...
 
Yesterday, Ontario Supreme Court Justice John Sproat ruled that the Peel...
 
I wrote about accountability more than a year ago. Recently, a...
 
Intelligence agencies have had widespread and long-running programs to gather, analyze...
 
What concerns me is whether or not we’ve got the balance...
 
One of the consequences of the Information Age in which we...
 
In March of 2011, the east coast of Japan was rocked...
 
BYOD is hot! But is it for you? If yes, which...
 
Protecting critical infrastructure from cyber threats is the shared responsibility of...
 
In numerous interviews with senior military commanders over the past several...
 
In early February, James R. Clapper, the U.S. director of national...
 
The widespread adoption of mobile devices as enterprise-level tools is occurring...
 
CGE Vol.13 No.2 February 2007 Public security, once a task relegated...
 
CGE Vol. 14 No.4 April 2008 In recent years, policy makers...
 
L’univers de la sécurité des TI évolue rapidement. À mesure que...
 
The world of IT security is rapidly evolving. As quickly as...
 
Cyber attacks don’t have to look highly sophisticated. Hackers are purposely...
 
The announcement regarding the establishment of Shared Services Canada (SSC) was...
 
There was probably a day in spring of AD 72 that...
 
The changing face of public and personal privacy in the face...
 
What role should governments and public servants play in safeguarding personal...
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
Governments around the world are increasingly relying on cloud-based IT services...