How are you admins addressing the BYOD revolution, security- and administration- wise?

How are you admins addressing the BYOD revolution, security- and administration- wise?

What steps, policies, or software solutions have you put in place to minimize the risk to your organizations?

Note: this relates to non-Blackberry devices, namely iPhones and Droids.
LVL 1
LB1234Asked:
Who is Participating?
 
btanConnect With a Mentor Exec ConsultantCommented:
Basic smartphone mgmt cannot adopt the same old control as in notebk or workstation to prevent the threats and risk as the smart device security robustness has not reach maturity and has become a deterence if overly lock down, hence no business value. The gain on securing is so much lesser compared to flexibility and agility of returns. The key is to strike a balance. The BYOD trend can be better termed as U(use)YOD - primarily the device cannot be managed, the apps cannot be easily trusted, the smart online services cannot be easily verified and user cannot be easily convinced to put security at first thought.

The challenge is to have top mgmt push to have the security mindset and awareness of its criticality and not just from the business angle. We transact securely and interact with trust.

You may want to see NIST recommendation as kickstart. Always good to see how the public adopt it as thety faced bigger challenge compared to industry. Also the Aus DSD is another good place to check out. Did know the US DoD has allowed smartphone but the recent spate of "listening" has gotten the public govt to hold back allow (even to reject phone in meeting and jam it...).

http://www.nist.gov/itl/csd/mobile-071112.cfm
http://www.asd.gov.au/publications/csocprotect/byod_considerations_for_execs.htm
http://www.informationweek.com/government/mobile/apple-ios-6-wins-dod-approval/240155244

Blackberry has its challenge when it engaged the middle east due to their hosted server in the middle of the device secure transaction. Too secure and to sieve into it make it tougher for the defender but good for the perpetrator.

IPhone gain traction for DSD and DISA (for DOD) as you can see hardening guides for IOS 6 (if I recall it correctly). Having said that, BlackBerrys and Samsung Galaxy devices also received the Pentagon's nod of approval.

Simply I see MRM (risk),  MDM (device), MAM (apps) and the use policy will make good starter to create your unique enterprise strategy to adopt mobile trends. But top mgmt support is critical so get the buy in and be careful not to put guard down to the leaking to cloud service, loss of privacy and identity theft aspects - these are hidden fear that user thought they are alright - but when it happened, the abandon mindset can set in hard..

just few cents thought..
0
 
JohnBusiness Consultant (Owner)Commented:
If the devices belong to the user, then you have little control over them. One possibility is to tell the user they must use their own cellular network and not your network.

Your management may overrule you, but the devices still belong to the user and you have no control over them.

.... Thinkpads_User
0
 
GeisrudConnect With a Mentor Systems AdministratorCommented:
My org doesn't allow BYOD for legal reasons, but we use a 3rd party solution to manage issued mobile devices.  These typically allow you to specify policies such as lock-code, push other things such as WiFi config, apps, etc.  Also, these usually support multiple platforms.
0
 
btanExec ConsultantCommented:
Actually even development codes by original for mobile apps need to be stand guarded by admin as it is part of the push out package to end user, close working with development and it services team. See this interesting summary

http://www.veracode.com/blog/2013/08/developers-guide-to-building-secure-mobile-applications-infographic/
0
 
btanExec ConsultantCommented:
Actually even development codes by original for mobile apps need to be stand guarded by admin as it is part of the push out package to end user, close working with development and it services team. See this interesting summary

http://www.veracode.com/blog/2013/08/developers-guide-to-building-secure-mobile-applications-infographic/
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.