7 Best Practices for BYOD
As the number of personal devices being used grows, the chance that one of them will be lost or stolen also increases. Given that, a remote wipe that can be generated from within the enterprise can prevent many headaches in the wake of misplaced devices.
Your workforce contains varying levels of technology aptness. Therefore, the solutions provided need to contain appropriate functionality and be easy to use. To provide the agility needed to manage work on a personal device, solutions should allow users to log-on to the user interface and access a list of their enrolled devices. From there, they should be able to locate their device, lock it, reset its password or wipe it. The user interface should be able to self-audit the device and report compliance issue.
Even before an employee leaves the enterprise they are a security risk. That risk is magnified once the process of termination begins whether voluntarily or involuntarily.
Personal devices are full of personal information, documents, and applications that are on the device for non-work purposes. There should be a way to identify personal- versus corporate-owned devices, and apply a particular policy to hide the personal information from IT administrators.
Records management is a critical compliance requirement and should be controlled by the enterprise and not left to the individual user. A clear definition of what is a business record and how it should be saved and archived should be defined.
When supporting BYOD, you need to be able to isolate corporate data on the device, which includes, but is not limited to: Mandated records management requirements for archive and reviva, disaster recovery and business continuity implications, e-mail accounts, VPN and wireless settings, enterprise applications that have been pushed down and documents.
The enterprise should have the ability to monitor the state of each device accessing the network whether it is approved or not. Answering simple questions Is the device enrolled? Is it in compliance? Does it have any new applications? will allow the enterprise to make adjustments based on the data youre seeing. This information will tell you if you need to make new policies or compliance rules. Options that you can take include, but should not be limited to, sending a notification to the user with steps to be taken, blocking the device from accessing the corporate network and/or e-mail and wiping the device (full or selective wipe).
After defining compliance, cultural and operational requirements for BYOD, how do you get the policy side of the equation in place? Here is a slide show of best practices for establishing your personal mobile use policy.