Manage Learn to apply best practices and optimize your operations.

BYOD best practices call for mobility governance team

Mobile devices increase employee productivity, but there's a big price to pay in terms of a greater risk of data loss. To combat that risk, enterprise mobility management systems and best practices are a baseline requirement for companies going mobile, whether that means implementing a bring your own device (BYOD) strategy or outfitting employees with operational mobile devices to do their jobs.

"With a BYOD program, you're going to have more devices hitting your network," said Bryan Barringer, an enterprise mobility expert, in a recent SearchCompliance webcast titled Policies for Effective BYOD Management and Endpoint Security. This increase in devices brings an increase in bandwidth consumption as well as an increase in vulnerabilities, most notably potential intellectual property loss.

Barringer suggested limiting network access -- especially access through a corporate VPN -- as a BYOD best practice to help prevent these losses. Allowing mobile devices to have network access at all times can leave data exposed, but limiting access to the VPN to only when employees are actually working can help protect data. "You want to make sure that you have that device really well secured and locked down when the user is not actively using it," Barringer said.

Another risk to intellectual property lies in the fact that there's more unencrypted data than ever before, Barringer said, even when users set their devices to encrypt data. "Once you … go past the [mobile device's] lock screen, that device is not encrypted anymore," he said. "It's encrypted when it's locked, but for the most part when it's unlocked, that is an open device."

But intellectual property loss is not the only problem facing enterprises with mobility and BYOD initiatives. Barringer also discussed some general enterprise mobility and BYOD best practices to help confront the many other possible challenges.

Barringer suggested to first form a mobility governance team, which he calls an "Enterprise Office of Mobility." This team should be comprised of people from departments all over the company, including IT, HR, finance, legal and sourcing procurement. More departments should become involved as the team and the processes mature, with the team eventually evolving into a "Center of Excellence" that will oversee all things mobile, Barringer said.

Though he said that he prefers to keep the group intact, Barringer did acknowledge that for some enterprises it works well to split the team into two groups: one that focuses on internal operations and another that focuses on the customer base. However, even if the team is split into two, "there is a baseline infrastructure that should be shared across both."

Once this mobility governance team has been created, enterprises can then create BYOD policies and standards. These policies should cover appropriate use for each device and consequences if a device is misused.

Another item on Barringer's list of BYOD best practices: Each device should have "trust factor" standards. "Trust factor is based off of the device's purpose," Barringer said. Each type of device, whether personally or corporately owned, would have a trust factor that corresponds with a set of standards and rules for what can and cannot be done with that device. This makes for more complete and thorough BYOD strategy, he added.

Visit SearchCompliance to catch up on part one, where Barringer explains some BYOD legal issues, or continue with part three, where Barringer continues his discussion with technologies for mobility and BYOD management.

Let us know what you think about the story; email Ben Cole, site editor. For IT compliance news and updates throughout the week, follow us on Twitter @ITCompliance.

View All Videos