Mobile Device Security Policy: A Check List To Help IT to Secure Employee's Tablet and Smartphones Update your security policies and be ready when there is a security issue with a personally-owned employee mobile device.
Bring your own device (BYOD) is the new normal in the enterprise. The days when companies issued Blackberry devices to executives are giving way to employees using their personal smartphones and tablets for work as well as personal tasks. This merging of personal and business activities on the same device can introduce potential security issues as well.
Do you want confidential corporate data on an executive’s personal iPhone?
What kind of security measures do you expect employees to follow with their personal devices?
What if an employee’s iPad is lost; should you have the option to remotely wipe the entire device because there may be company information on the tablet?
These and other security issues should be considered before they become actual incidents.
To be ready when there is a security issue with a personally-owned employee device, you need to update your security policies. Keep in mind that BYOD practices can introduce new vulnerabilities which will require additions to policies that assume all devices are company owned and controlled. Here are a few policies to revise or introduce to help mitigate the risks associated with employee-owned devices.
Device Management Policy
It is difficult to manage devices if you do not know they are in use. The first step to managing employee owned devices is registering them with an asset management system. Mobile device management (MDM) systems typically provide provisioning functionality that allow administrators to configure devices and perform remote operations, up to an including wiping a device. MDM systems can typically enforce password policies, restrict access to app stores, and deploy network management settings to devices.
When you compare MDM options, consider which platforms they support. iOS and Android are often included but one time leaders in the mobile market, like Blackberry, are not always on the list of supported platforms.
Asset management features can help track the version of operating system running on mobile devices as well as produce software inventories. This information can be especially helpful for software license management. Will you deploy corporate licensed software to personal devices? If you do, then you will want to be sure to keep an accurate inventory of those deployments. When an employee leaves the company you can use this data to remove corporate licensed software on the employee’s personally owned devices.
Your device management policy should specify what types of operations will be performed on employee-owned devices, e.g. provisioning and configuration, and operations that could be performed, such as wiping a lost or stolen device. Try to outline as clearly as possible under what conditions those additional operations will be performed and how they may impact employee’s personal data on the device.
Dan SullivanDan Sullivan is an author, systems architect, and consultant with over 20 years of IT experience with engagements in systems architecture, enterprise security, advanced analytics and business intelligence. He has worked in a broad range of industries, including financial services, manufacturing, pharmaceuticals, software development, government, retail, gas and oil production, power generation, life sciences, and education. Dan has written 16 books and numerous articles and white papers about topics ranging from data warehousing, Cloud Computing and advanced analytics to security management, collaboration, and text mining.
See here for all of Dan's Tom's IT Pro articles.