By Tom Kendra
Until recently, most enterprise mobility strategies were based on corporate-owned devices that gave IT complete control over who used it, what was on it, what was done with it and what it accessed. IT could even wipe it if the device was lost or stolen. Fast-forward a few years and mobility is all about bring your own device (BYOD) and ensuring employee satisfaction and productivity by supporting as many devices as possible. One of our customers refers to the current state of BYOD as the “wild Wild West.” As further proof, our Enterprise Mobility Management solution tests against over 6,000 phone/operating system version combinations.
The first point of interest is the raw number of devices. You certainly do not want a different approach for every combination, so find heterogeneous solutions. Second, balance the needs of users against the burden on IT. Then balance users’ desire for choice against the company’s need for security and compliance. This is where context becomes king.
An organization might decide (and many do) that not all devices should be able to access all data resources anytime from anywhere. Successful BYOD programs limit access according to context: the user, type of information, related laws and regulations, the user’s location and time of day. For example, if a U.S. company has no employees in or traveling to the Far East, it may choose to prevent access by any device attempting to log in from China. Or, if there are employees located in China, the enterprise may decide that users logging in from there have only two or three tries to get login information correct, while users in the United States have five.
Another important context covers private and sensitive data, such as medical records and M&A information. An enterprise may want to restrict any BYO device from storing this information locally because the risk to the enterprise of a compliance violation or information leak is simply too great. Other controls might be on the ability to copy and paste in between applications on the device.
Enabling a context-aware BYOD strategy is relatively straightforward. If you already have a mobile platform, add an identity and access management (IAM) solution. If you don’t have a mobility solution or have come to understand your existing solution is seriously incapable, look for a comprehensive solution that has IAM integrated into it.
Also consider the importance of utilizing a secure workspace strategy. Such a workspace installed on BYO devices gives IT complete control over data in the workspace without impacting personal information outside the workspace. The results is far more flexibility when it comes to context decisions. For example, with a secure workspace on a device, an enterprise may decide the risk of storing sensitive information locally is no greater than for a corporate-owned device. So users get the freedom of choice they demand and complete access to the information they want, while IT gains the security and compliance needed.
Enterprises moving forward with a BYOD strategy—or even just considering one—must make the ability to set policies based on context the top consideration. The alternative is peril for the organization.