MSPmentor Blog

The (Sad) Case for BYOD Management

Just a few short years ago, we were still discussing whether or not organizations should allow employees to rely on mobile devices for work and whether that would come via personally owned devices or a fleet of pre-approved devices owned and managed by the organization. Fast forward to 2016, and that conversation is nearly null and void--people use their own devices for work whether the organization ultimately "prefers" it or not.

It wasn’t that long ago we were debating the value (improved productivity, increased employee satisfaction) personal mobile devices could bring to the enterprise, beyond BlackBerry Enterprise Server. Note I say "could." Just a few short years ago, we were still discussing whether or not organizations should allow employees to rely on mobile devices for work and whether that would come via personally owned devices or a fleet of pre-approved devices owned and managed by the organization. Fast forward to 2016, and that conversation is nearly null and void--people use their own devices for work whether the organization ultimately "prefers" it or not.

But are your customers equipped to handle the security challenges mobile devices inevitably bring?  Sadly, a new survey commissioned by Bitglass says no. While 72 percent of organizations support BYOD for some or all employees, just 14 percent have deployed some kind of mobile device management.

If your customers are struggling to rein in the use of mobile devices and implement basic data security, here are a few simple steps you can offer to help them get started.

  1. Evaluate and define allowed devices. Does the device have built-in encryption? Can jailbreaking/rooting be detected or prevented? Can passwords be enforced? Does the device allow management? Can it support Exchange ActiveSync policies? Are there available apps that offer the kind of productivity your customer needs? Does it allow for in-house apps?
  1. Refine network accessibility. If they don’t already have one, you could help them set up a guest wireless network, walled off from the internal network. This will also serve as the enrollment network for employee-owned mobile devices. Once a device is enrolled, it should be automatically evaluated and assigned privileges and restrictions accordingly.
  1. Determine appropriate management policies. How will your customers apply privilege and restriction policies to BYOD? Start by helping them define policy-based management by relying on previously organized directories (like Active Directory) and base policies on these groupings. Help them set up an umbrella security policy that includes automatic remediation when devices fall out of compliance and establish a centrally administered document repository to deter employees from using services like iCloud or Dropbox.
  1. Create an employee agreement. There is a certain trade-off between privacy and control. Your customers’ employees need to realize that accessing corporate information means ceding a certain amount of control over the device’s settings. At the same time, your customers need to understand that management no longer means total control, at the sacrifice of productivity. Either way, it’s important both parties agree.
  1. Choose the right EMM solution. The most important consideration in evaluating automated management tools is not a feature set comparison; it’s whether or not the tool supports your customers’ policies and agreed upon devices. Start with your customers’ challenges and then figure out how to best address them with software.

If your customers are allowing BYOD but not enforcing strong management and security policy, it’s time. Actually, it’s past time to help them do something about it. If you would like more information on BYOD, check out the HEAT Software BYOD Policy Implementation Guide.

Guest blogs such as this one are published monthly and are part of MSPmentor's annual platinum sponsorship.

Discuss this Blog Entry 0

Post new comment
or register to use your MSPmentor ID



Sponsored Introduction Continue on to (or wait seconds) ×