When it comes to mobile devices, BYOD can be a serious threat to company security. Businesses of any size must be careful and use the proper MDM procedures to neutralize these threats and keep company information secure. Here are five pitfalls to avoid.
Pitfall #1: Relying on public app stores
Yes, Apple's App Store and Google Play can provide easy distribution and rudimentary protection against viruses and malware. But you need a private enterprise app store for that can manage all of the apps in use - internally developed custom apps, purchased apps from ISVs, App Store apps, and Google Play apps.
You need to take control of apps - pushing mandatory apps, blacklisting rogue or time wasting apps, and whitelisting recommended apps that employees can easily discover and use.
Mistake #2: Ineffective policy compliance
Well, you put policies in place for a reason, to ensure security, protect resources, reduce risks, and control expenses. Are your policies sufficient to protect sensitive information, ensure productivity, and meet regulatory compliance requirements? You can define time and location windows with access restrictions, including what apps can be run and what apps cannot be run within the boundaries. You can use geo-fencing to monitor and enforce location based access and usage policies at work locations. You'll want to make sure that the GPS and location tracking features persist within geo-fence boundaries even when a user turns it off. You can detect and stop misuse, respond to violations and compliance issues and quickly remediate.
Without continuous monitoring, following up on exceptions and alerts, and automated or manual remediation actions, policy compliance can't be achieved. Are dashboards being monitored? Are reports being generated and reviewed by appropriate personnel? Are alerts being simply ignored? Do you have exception handling, remediation, escalation, and audit processes in place?
Pitfall #3: Weak security
OK, you put basic authentication and password controls in place, but is that enough? Are you managing passwords and enforcing policy? Have you defined user profiles with access rights and restrictions? Do you have processes in place for catching exceptions, alert mechanisms, and remediation? Do you track where devices are, where they've been, and where they are going at any point in time? Do you have the capability to lock and wipe content, apps, and passwords on lost or stolen devices?
Pifall #4: Ignoring usage
Are you tracking how much talk, text, data, and roaming usage is occurring? Usage monitoring, threshold based alerts, and analytics can help uncover misuse, security exposures and prevent cost overruns due to excessive data bandwidth usage, unexpected international roaming charges etc.
After policy threshold levels are set up, you can alert users upon exceptions. You can set up policies to enable users to remediate and change plans automatically when warranted to save money on data plan and roaming overages. Through usage monitoring, you can also ensure that you not paying BYOD stipends on "zombie" phones that show zero usage.
Pitfall #5: Not banning rogue devices
If you're going to allow BYOD devices to access corporate data, you're going to have to put some standards in place. Well, you don't have to go back to the old "Blackberry only" days, but surely you cannot allow jail broken iPhones and rooted Android devices to access enterprise data resources and expose the organization to malware and virus attacks.
Standard configuration settings will need to be enforced. To simplify this, you may need to restrict the types of devices supported by the BYOD program, so that you don't' end up spinning your wheels trying to support an arcane semi-smart phone. You'll want to make sure that mandatory apps are installed and will persist even when removed by a rogue user or by user mistake.
Pankaj Gupta is the founder and CEO of Amtel.