As BYOD Explodes, IT Managers Learn to Cope

Pity the poor IT manager trying to get his arms around the bring-your-own-device (BYOD) movement.

1 2 Page 2
Page 2 of 2

Novation needs a formal strategy governing what corporate resources can be made available to employee-owned devices and how that can be done securely. Currently, mobile users can connect to corporate email and calendars via Microsoft Exchange Server ActiveSync, but that setup doesn't give IT the ability to carry out remote wipes, deploy password protection tools or take other steps to enforce security protocols.

What's on the horizon: Novation is prototyping an MDM strategy using the AirWatch platform, which will provide important security controls, including the ability to identify devices, block jail-broken equipment and perform remote wipes. Eventually, Novation would like to move to "agentless" MDM, which doesn't reside on the client device, Ramas says. This option would still provide critical controls like passcode enforcement but would be slightly less onerous from the user's point of view, because it would allow IT to perform selective wipes but wouldn't leave users feeling as though IT is policing their personal data. "We're looking for a happy medium," says Ramas, noting that use of mobile devices would decline if IT was too strict about security.

Riverside Medical Center:

Dispensing MDM to Prevent Data Leaks

Company: Riverside Medical Center, Kankakee, Ill. A 325-bed hospital that provides both inpatient and outpatient care.

Key numbers: 2,400 users; 300 company-supported mobile units.

Devices supported: Riverside owns and manages some 300 mobile devices, a mix of Android tablets and phones and iPhones and iPads, all of which are supported by IT. Some users, including visiting doctors, also bring in their own devices; depending on their role, IT may provide them with some base support.

How BYOD happened: If BYOD is what doctors and medical staff are demanding, then Riverside has little choice but to ride the wave. "We have to support anything because the hospital three blocks down the street does, and doctors and nurses have a choice of where to work," says CISO Erik Devine. "We have to be flexible -- it's almost like a recruiting tool."

How it's coping: Some users, including home healthcare professionals, are issued corporate tablets, secured and managed via McAfee's Enterprise Mobility Management (EMM) software. EMM lets the IT department restrict the apps and content that can be loaded onto a device, deploy two-factor authentication and remotely wipe devices if they are misplaced or stolen.

Other employees can use personal devices to access corporate resources like email and certain areas of the hospital's healthcare management system -- provided they sign an agreement and install EMM on their devices, according to Devine. Doctors on temporary assignments at the hospital may access noncritical resources through the guest network, as can workers who want to use their own devices but don't want to install EMM.

The biggest concern with BYOD is data leakage, Devine says. Even if visiting doctors install the requisite MDM client to gain access to hospital systems, Riverside has limited control over what they do with that information later on. "When a doctor comes in and accesses resources to do the job, we don't know what they do with the data after they're done," he says. "You have to open up doors for BYOD, but essentially you're opening doors you closed a couple of years ago."

[If] we have to manage 600 devices next year... I want to find a robust system that hits all my points.

What's on the horizon: Development of a captive portal for the guest network is in the works. It will give IT more control by, among other things, making it possible to capture more data about devices that log on to the hospital network. Riverside is also evaluating MDM alternatives that will support more granular security policies and more readily accommodate new devices.

"EMM is aimed at iOS, not Android, and many MDM solutions are aimed at Microsoft devices," Devine points out. "If [BYOD] explodes and we have to manage 600 devices next year, I don't want to have to go through three different systems. I want to find a robust system that hits all my points."

Stackpole, a frequent Computerworld contributor, has reported on business and technology for more than 20 years.

This story, "As BYOD Explodes, IT Managers Learn to Cope" was originally published by Computerworld.

Copyright © 2013 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Discover what your peers are reading. Sign up for our FREE email newsletters today!