Baseline standards for BYOD access requirements
49% of enterprises across Europe currently have no formal Bring-Your-Own-Device (BYOD) policy in place, meaning they have no visibility into or control over if and how employees are connecting personal devices to corporate resources, according to a Jamf survey.
With the summer holiday season in full swing, organizations will likely see an increase in remote logins from personal devices to corporate resources.
Control and access challenges in BYOD policies
With no control over who can access what information, from where, when, and, more importantly, how, establishing and enforcing a BYOD policy it is still a challenge for many organizations. This is leaving them open to risks ranging from data leakage or theft, out-of-date or vulnerable software, risky content, shadow IT, and even physical loss of the device; all of which put the company and its critical data at risk.
Researchers have found:
- 43% of respondents felt they are up against more compliance-based security concerns this year versus last year.
- 53% of organizations are either actively cutting IT/security costs or looking into it.
- 67% of organizations use between one and five vendors for management and security across all device types.
- 57% of organizations have separate teams that manage devices versus securing them.
Exacerbating the challenge of managing devices is the fast-evolving threat landscape that organizations are facing, with 41% of respondents concerned about the growing number of vulnerabilities in Apple operating systems and the volume of patches that must be applied across both devices and applications.
Michael Covington, VP of Portfolio Strategy at Jamf, comments: “While it is easy to get swept up in the positives surrounding ‘anywhere work’ programs that empower employees to work remotely on their own schedule, from any location and from any device, organizations need to examine the associated risks and decide how to manage them.”
“Giving employees the power of choice to use their own devices for work can save the organization money, but the real benefit is a seamless end user experience that eliminates the need for multiple devices and introduces streamlined productivity workflows. It’s important to have a clearly documented BYOD policy in place to take advantage of these benefits, but the good news is that the technologies are now available to effectively manage risk in these environments.”
Tips for organizations considering a BYOD policy
Getting employees enrolled in a BYOD or Mobile Device Management (MDM) program is a process – think about how you manage this and communicate the benefits to employees. Some may have concerns around privacy so be clear in how data will be handled, how you will be installing applications and security protocols onto their devices or if there will be a figurative partition that separates work-related apps from the personal side of their device.
Users can be part of the security solution – ensuring basic management controls and cyber hygiene, it is important that employees using their own devices understand the importance of actioning operating system and application updates when prompted.
Lay out clearly in the BYOD policy what the baseline standards for any devices connected to the corporate network is – only if the device and user meet and maintain these standards, then they are allowed access to sensitive business data.