For many people, owning a dog can be a truly rewarding experience. But it takes careful preparation and hard work for that unruly puppy to grow up into an obedient, faithful companion – without training and discipline, you might end up with chewed-up sneakers and frightened neighbors. And while the corporate data center seems a world away from a backyard kennel, many of the same principles apply when you are bringing new technology into the workplace – the amount of preparation you do will largely determine your success. Of particular concern these days is the growing desire of employees to use their own mobile devices for work. This BYOD (bring your own device) trend is causing concern among IT administrators and senior management alike. But with adequate preparation and management, BYOD can evolve from a liability to an asset.
Traditionally, IT has treated security as a single, walled fortress designed to keep information in and keep cybercriminals out. But recent innovations have changed this, as technologies such as virtualization and cloud computing have made it simple to store information outside the data center. And with mobile devices now being used to access more business information in more places, that creates more potential points for cybercriminals to attack in an effort to steal your data.
Many organizations are in the process of considering how much control to exert over mobile devices, with some allowing employees to use their own devices without restriction, and others wanting employees to only access sensitive information on corporate-owned devices. Still others want to prevent mobile access of their business information altogether. The ideal balance would be a way to allow use of employee-owned devices while keeping your information safe. Fortunately, there are several steps you can take to achieve the productivity BYOD brings while minimizing risks.
Know the law: Be sure your legal and HR departments are involved throughout the process as you implement BYOD. You need to be aware of government and industry regulations regarding where data may be stored and accessed, as well as what you can legally expect of your employees as far as when and where they are allowed to work.
Take advantage of technology: To keep your information safe today, you need a multi-faceted security plan that covers everything from the network, to the device, to the information. Traditional malware protection should be combined with data loss prevention tools and data at rest and data in motion encryption, to protect your data wherever it resides. Consider adopting mobile application management, which allows less intrusive control over devices, securing the individual applications that have access to sensitive business information rather than locking down the entire device.
Educate employees: As technology progresses, the need for effective employee training remains constant. You need to make sure your employees know how to safely access data on their mobile devices. As the first line of defense, they can minimize risks by taking care as they use their devices, particularly when connected to public networks. Establish consistent policies for information use across platforms, for all employees, paying special attention to your acceptable use policies. They also need to be aware of how to report issues, in case of malware infection or stolen or lost devices.
While the first inclination of IT administrators might be to prevent employees from using their own mobile devices for work, BYOD can help boost employee productivity and improve customer service when implemented intelligently. With the right combination of technology and training, you can avoid the messes of an unorganized, undisciplined program and – like having a well-trained dog – enjoy a productive and comfortable relationship for years.
For more information on mobile protection, visit Symantec’s Mobile Security and Management webpage.