"Bring Your Own Device" Comes with Security Concerns

A growing trend in IT is employees bringing their own devices for use on the company network. Employees may prefer their personal laptops or want to use a single cell phone for work and personal tasks. When employees own the devices they’re using, they’re often happier. However, securing many types, manufacturers, and operating systems of employee devices can be a challenge for IT teams.

Supporting bring-your-own-device (BYOD) has security concerns, too. With employees adding new devices regularly, IT teams need to ensure that data policies and best practices are followed across those personal devices. In this article, we’ll explore the ways to address device security while still supporting the growing demand for BYOD.

Officially Supported?

One of the first questions you’ll want to answer is: “Do we officially support BYOD at our organization?”

To be frank, it’s much simpler to not support BYOD. If you choose to go this route, your organization will supply devices to every employee. This usually means buying laptops for everyone, but also if an employee needs a mobile phone or tablet to do their job you should supply that as well. Because the company owns all the devices in use, it’s much easier to keep inventory and enforce security policies. Of course, buying hardware for everyone is more expensive than BYOD, but the company owns those assets.

Nevertheless, employees are happier when they can bring their own devices. Additionally, the company saves money on hardware costs. The tradeoff is that IT has to support all kinds of devices, and creating policies or choosing software for all your devices is much trickier.

In either case, whether you officially support BYOD or not, you’re likely to have employee-owned devices entering the corporate network at some point. If they’re undocumented devices, they become a part of your company’s “shadow IT” - infrastructure that exists inside the company but isn’t explicitly supported or tracked by IT.

BYOD Policies: Laying the Ground Rules

Supporting BYOD means putting some infrastructure in place. None is more important than creating good policies and documentation on how to add a personal device to the company network.

These policies should cover:

1. Types of approved devices (e.g. laptop, phone, tablet)
2. Approved manufacturers and operating systems (including versions)
3. Password requirements for device access
4. Data security and file storage policies
5. Levels of support given to personal devices from IT
6. Monitoring and security software required on personal devices

Within these policies go into detail about the exact vendors and service providers your company uses. You may even go so far as to restrict or ban certain software and vendors in favor of the officially supported provider.

Monitoring & Security Software

Adding management and security software allows you to keep an inventory of connected devices and the software they have installed. Additionally, this inventory allows you to apply unique access and security policies on a per-device basis.

The best remote monitoring and management software will allow your IT teams to provide support to personal devices, regardless of operating system. As the organization grows, this access to each device becomes invaluable. Monitoring software also allows IT teams to check in with security updates to make sure all installed software is current and has the latest security fixes.

Anti-malware scanning software should also be a standard part of all BYOD installations for security purposes. Your company’s data is only as secure as the weakest link, so a baseline of security across all company devices is critical.

Provisioning & Deprovisioning Personal Devices

With policies in place, you’re now ready to create checklists and procedures that enforce those policies any time someone wants to add a new device to the company network.

Ideally, there should be safeguards in place that prevent access to company data until all necessary onboarding BYOD steps are completed. These could include VPNs, requiring MFA, and checking that the monitoring agent is installed.

When employees leave the company, internal data shouldn’t remain on personal devices. Therefore, a reverse version of the checklist for deprovisioning company data from personal devices is also essential. Ultimately, deprovisioning personal devices is one of the most difficult parts of a BYOD policy to enforce, so having a clear process makes a huge difference.

BYOD Security & Data Privacy

Workers are happier when they can use their own devices. It also saves on hardware costs for IT infrastructure. However, BYOD creates a lot of security challenges as well.

With clear policies in place, you can address most of these security concerns so you can reap the benefits of BYOD in an increasingly distributed workplace.