Article BYOD Policy Requirements For a Secure BYOD Environment

A Bring Your Own Device (BYOD) environment can help stimulate worker productivity, contribute to office happiness and offer more flexibility across the board.

And if you don’t already have a BYOD policy in place, you’re not following industry best practices.

Statistics don’t lie. Consider these highlights from Syntonic’s BYOD research:

• The vast majority (87%) of organizations have or let their employees use their own personal devices to access business apps.
• Yet only 59% have a formal BYOD policy in place.
• 64% of employees use their personal devices for work regardless of whether there is a policy in place or not.
• Employees spend an estimated 6.7 hours using their personal devices for work purposes outside of work hours.

Additionally, the BYOD market itself is on its way to reaching nearly $367 billion by 2022, up considerably from 2014’s $30 billion.

While most BYOD policy best practices are created to give your employees more freedom, certain industries require strict control over access and sharing company data.

Even the most regulated industries are now able to enjoy a BYOD environment through the strict regulation of profiles, adherence to antivirus updates and strong policies governing applications.

Here’s how you can get started.

Requirements to Support a BYOD Policy

Let’s look at the security statistics on BYOD:

• According to Trend Micro, unsecured BYOD policies left organizations open to data breaches:
  • 60% of organizations do not remove any business data from ex-employee devices.
  • 50% of organizations that allow BYOD were breached via employee-owned devices.
  • 40% of the total large data breaches were caused by lost or stolen devices.
• 
  
• Additionally, Druva paints a bleak picture of unsecured employee devices:
  • Only 7% of the 70 million devices lost or stolen each year are recovered.
  • 15% of employees have accessed sensitive company data from non-work sanctioned devices.
  • 65% of organizations cannot wipe devices remotely.

It is imperative that your BYOD policy meets your security regulations.

Creating a BYOD Policy with the Proper Security Elements

Because widespread BYOD policy is still a fairly recent organizational policy, there is no one framework for creating your policy. Ultimately, you must adopt a policy that most represents your company’s values while maintaining maximum security.

After all, constant security monitoring and updating is required if you don’t want your industry secrets walking out the door.

Below, we outline the security practices that you will need to take in order to support your BYOD Policy Requirements.

Security Policies of Organizational BYOD Policies Typically Include

• Acceptable Use Policies: Define what business applications and assets employees are permitted to access via a personal device.
• Security Control Minimums: Define the minimum security controls that your IT department will have over personal devices.
• Company Assets: Define the assets that your organization will provide to employees. This includes items like SSL certificates.
• Company Rights: Define what permissions your organization has over personal devices that access business assets. This includes actions like remote wiping for stolen or lost devices.

Additional Security Practices that Support Your BYOD Policy Requirements

• High-quality antivirus programs running the most up-to-date signatures and with real-time updates and firewall protection.
• Encrypted hard drives and devices with password protection.
• Manual checks for potentially missed viruses.
• Consider establishing a virtual desktop that exists on your physical servers, but still acts like a virtual desktop that can be accessed only through tight sets of security (locally).

Staying Safe In A ‘Bring Your Own Device’ (BYOD) Environment

If you’ve wondered what’s occupying CIOs today then it’s most certainly security.

Let’s look at the statistics:

• Organizations that went from providing standardized desktops, laptops and mobile devices to allowing employees to use their own choice of personal productivity devices experienced a 200% increase in user satisfaction and a 25% decrease in associated costs.
• Organizations that went down the path of virtualization had a 50% decrease in server footprint, a 30% increase in application performance and a 95% reduction in time it took to get an application provisioned.

Safety In The BYOD Environment

The traditional way of working involved an employee using a corporate asset behind a firewall. If remote access was required it was usually with a managed corporate laptop, with a “corporate image” using managed anti-virus, connecting with a secure IPSEC VPN connection back to a firewall.

The paradigm shift today is a rapid rise in personal endpoints such as laptops and smartphones. The explosion of unmanaged smart mobile devices and tablets and the demand for them in the enterprise have compounded security requirements as unsecured devices can get access to corporate data and infrastructure. No wonder security is top of mind.

Solutions

New processes are needed to mitigate the security risks of BYOD. One example is Cisco’s new security architecture — SecureX. SecureX is not a product but a new approach to holistic, context-aware security.

Dynamic security happens flawlessly and seamlessly because SecureX works on multiple devices, to identify the user, the location, the end-device and the data being accessed. This approach is consistent with BYOD policy best practices.

Cisco has programmed SecureX with important key features:

• It will use a higher-level policy language that understands the full context of a situation—the who, what, where, when and how of security.
• It will allow for consistent policy enforcement independent of the underlying security scanning element.
• It will be hybrid in nature, spanning virtual and physical worlds, and on-premises and cloud worlds, to allow for seamless and consistent policy enforcement.
• It will have global knowledge of threats as they emerge and be able to correlate that information to protect applications and users in real time against those threats.
• It will allow for highly distributed security enforcement scanning, in effect pushing security closer to the end user or the application wherever they reside

At the heart of SecureX is context awareness and Cisco Trustsec. Trustsec extends traditional context awareness through policy-based access control that identifies who a user is, what device they are using if that device complies with corporate security policy and to what extent.

It’s innovations such as these which will form the bedrock of how to ensure safety in a BYOD environment.

At Insight, our team of consultants is focused on preparing your business for a complete BYOD integration. From policy creation, MDM software and device procurement and deployment, to complete management, we can help.

In order to ensure your company is enjoying the freedom of the cloud, while still keeping data secure, we can offer project readiness assessments and complete consultations to ensure that your cloud and BYOD policy is as tight as you need it to be.

From identity management, BYOD best practices, to being a value-added reseller of top manufacturers, our consultants are dedicated to ensuring that your transition is a smooth one.

Are you looking to easily and securely manage your mobile devices? Insight’s endpoint management solutions allow you to enjoy the benefits of a secure BYOD policy that will enhance your business and simplify your IT process. Contact us today to get started.