10 Essential Steps to Establishing a Secure BYOD System

We’re living in the age of BYOD, and along with it, the age of massive headaches for IT administrators. Because of the ubiquity of these BYOD systems, it might be nice to know how to best approach this hydra of an technology quandary. That’s why we’ve assembled some of the essential steps that IT administrators must address before you establish a BYOD system at your office.

Establish a Committee

Implementing a BYOD system at your workplace effects a number different IT departments, so it should make sense that they should be involved in the decision making process. Include departments that handle security, networks, endpoints, and applications. You should also include a handful of users to study how your program will be used. BYOD policies should be an agreement between the employees and the business unit management with some input from HR.

Collect that Data!

Take some time to review current policies and attitudes towards IT security and management. Take a look at the departments and individuals who have been most compliant with policies in the past. You should gather data regarding the number of devices, the data passing through said devices, the applications in use, and every entry point used by devices including wi-fi, cellular, and VPN.

Prioritize and Identify Use Cases Through Workforce Analysis

Your EMM policies need to high contextual in order to be effective. You should plan exactly how the devices will be used, which mobile apps will need to be used offline, what information can be accessed through these devices, and what information will be stored on these mobile devices.

Time to Think About the Money: Create an Economic Model

You should create an economic model that can adjusted as needed in later steps. Even though BYOD programs may not always lead to direct savings, the ROI from increased productivity, flexibility, and job satisfaction are very good reasons to employ one. When creating your economic model, you should consider device costs, connectivity costs, software license costs, and IT infrastructure costs.

Develop Policies

Every BYOD system is completely unique and should be treated as such. Take some time to understand what sort of policies your business should implement to best fit your needs. You may want to consider multiple policies for a number of departments. There should be a healthy balance between user experience and security for your devices. BYOD policies should be able to protect both wired and wireless networks, and should address the devices that require both wired and wireless access.

If your users want to use their devices with your systems, then they’ll have to accept a complex password attached to their devices at all times. You need a strong, lengthy alphanumeric password, too, not a simple 4-digit numerical PIN.

How are You Going to Protect Your Network?

After choosing which devices to allow, and what data you will allow on each device, you will need to consider how to protect your network from unauthorized, non-compliant, and rogue devices. While you may think about deploying 802.1x configurations to a determined set of personal devices, this could become difficult. Network Access Control (NAC) provides highly flexible and automated approaches to securing your BYOD system. NAC provides device profiling, guest on-boarding, compliance, and configuration checks.

Bonus: Remember to Consider an Employee Exit Strategy!

Employees may not be around forever, so you should be careful to make sure sensitive data doesn’t go with them. How will you enforce the removal of access privileges, email access,and other applications and info? It’s not always as easy asking them to return their device. Some companies rely on disabling email or synchronization as part of the exit interview. You should reach out to these users and help them to take part in the process so that they may understand that you reserve the right to authorize a wipe command if the employee hasn’t made arrangements with the IT department prior to the exit time.

To learn more about NAC systems, click here for the Gartner Market Guide

How will You Protect Your Data?

When implementing a BYOD, it’s vital that you decide on the best approach is to protect your data. While an NAC solution can protect your network, you still need to protect the data on the devices themselves. Multi-platform Mobile Device Management (MDM) systems are the best approach to manage and secure the information on corporate and personal devices. MDM frequently provides mechanisms that enforce the separation of corporate and personal footprints on a device. One example of this the use of containers to hold sensitive information and corporate applications on a mobile device., which allows employees to retain control and application choice outside these containers. These containers can prevent data movement between applications, include encryption and data loss prevention controls, and give users the ability to delete corporate data without damaging or deleting the device user’s personal data. This is known as a partial wipe.

Create a Project Plan

It’s now time to establish a plan for implementing IT controls to support your company’s BYOD policies. You need to decide whether the controls are going to be implemented in a phased manner or at the same time. Some of these controls include device encryption, policy compliance, audit reports, and application controls.

Evaluate Possible Solutions

NAC and MDM are integral to a broad BYOD security strategy. When you’re looking at potential solutions, you need to consider how these solutions are able to integrate with existing IT systems including path management, endpoint protection, directories, and SIEM systems.

Time to Implement!

The key to scaling a BYOD project is building and refining operational processes. You should begin with a pilot project to test and refine the BYOD policies. You can broaden the program by setting a goal to support between 500 and 1000 employees in different departments to refine and scale the operating processes. You can then make the program available to all employees, possibly one business unit at a time, based on your organizational criteria.