5 more post-holiday BYOD strategies and considerations

Now that the holidays have gone by, it's time to focus on solving the problems of employees returning to work with new devices

Just before the Christmas holiday, CSO offered five strategies the help mitigate post-holiday BYOD problems. Now that employees are returning to work, shiny new devices in hand, here's some additional insight.

For this recap, CSO once again spoke with Jonathan Dale, the Director of Marketing at Fiberlink, a mobile management and security firm recently acquired by IBM. The questions this time around centered on the aftermath of the post-holiday mobile boom, and what IT can do to keep things both secure and easily managed.

Education (it never ends):

As mentioned previously, education is important. Make sure that employees have some kind of a reminder when it comes to corporate policies governing personally owned mobile devices. If there's some type of mobile management solution in place, make sure employees know how to enroll.

Another tip that's good the second time around focuses on proactive education. Remind employees of the steps needed to enable Wi-Fi on their new devices in the office, including the steps needed for iOS and Android. Dont forget to touch basics such as SSID and automatic connections.


Another topic that was covered previously, which still applies, is privacy. Make sure employees know what parts of the device the company has access to, and what can be done with that access.

"Privacy is a major part of a successful BYOD program. There are several options so, know what abilities you as IT have and figure out what works best for your company culture or CEO," Dale said at the time.

Another side to that topic comes from a CSO reader, who commented that their organization has little BYOD enrollment. This is due to the clearly stated fact that on the corporate network, there is no expectation of privacy. In fact, outside of a small user base, their BYOD program is dead.

"Our BYOD policy clearly states there is no expectation of privacy when connected to the corporate network and using corporate systems. Pretty much stops most BYOD adoption dead in it's tracks. The rest that enroll get frustrated with the limited access our BYOD program provides so they opt out after a couple months," the comment explains.

Existing MDM considerations:

Assuming that an MDM solution has already been deployed within the organization, there are a few key considerations that need to be taken into account, including working with, and not against the user.

"How does IT achieve this? They ensure that they have not only prepared and allowed for the new shiny gadgets, they've shown users that they're on their side and are enabling them to the fullest extent," Dale said.

If a mobility management solution exists, then dealing with new devices will mainly be a matter of ensuring that policies assigned to each user or group are right for their specific access level and behavior.

Needlessly restrictive policies don't help anyone, and no one wants to be "the one blocking Netflix or YouTube on an employee owned device," Dale added. On the other hand, checking to ensure the device is using encryption and isn't jailbroken is generally acceptable.

"It's also recommended that you ensure your users know where to get apps that the company supports and recommends. This is done through your EMM supplied app catalog. Users love that they do not have to go searching for company supported apps or worse, have to pay for apps that most coworkers use. If you are taking advantage of Apple's VPP, that makes the deal even sweeter," Dale explained.

Finally, make sure that users are able to access their corporate assets, such as SharePoint and network drives, securely. This can be done inside most mobility management programs.

"Let's face it; most users go through a progression. It happens immediately for some users and slower for others. Everyone wants mail. Then apps. Then more access to their own documents and content. By proactively giving employees access to these features, they get what they want and IT gets to guide them," Dale said.

Considerations for organizations without an MDM solution:

So while there is plenty to be done if the organization has an MDM solution, what about organizations that don't have one? According to Dale, this won't pose a problem until something keeps the users from getting what they want, or getting what they want within a reasonable timeframe.

"If the company allows mobile devices but does little to manage or enable them, users win in the short term and IT loses all around. It's likely that your users are employing several different ways to gain access to what they need (apps and company data) and are not waiting on you for a solution," Dale said.

That means the company's data is likely on several private cloud sharing applications, and there is no way for the company to account for them. Passing audits in the retail, financial, and healthcare sectors would be a nightmare at this point.

"Most companies move away from relying on just native ActiveSync controls when manually on-boarding devices gets to be a headache, app enablement becomes necessary, and compliance issues start to occur," Dale added.

Are there any pre-loaded apps that could pose a risk to the organization, which should be monitored?

"Most apps are pretty safe, especially preloaded apps. If users are downloading apps strictly from their respective app stores, the potential for a dangerous or malicious app is greatly reduced, but not 100 percent eliminated," Dale said.

"IT should keep an eye out for and educate users about apps that chew up large amounts of data. A 5GB plan can be eaten up very quickly while streaming HD movies over 4G. Since many devices are often shared by other members of the family, including children, a close eye needs to be used. No one wants to see overage charges, but they can be a major concern."

Budget constraints (Is it free?):

MDM offerings can be costly, and budgets are tight. No matter how affordable some vendors make their products, some organizations simply cannot swing the expense. When that happens, the business chooses to accept the security risks and problems that can arise due to BYOD initiatives. We asked Dale about this situation, and he noted that it really isn't an option to enable mobility without a proper mobility management platform.

"Several companies we know could not leverage tablets for their sales team or enable BYOD without a solution. Its no longer about [enterprise mobility management] cost per device. It is simply necessary to enable mobility," Dale said.

With that said, there are free alternatives on the market. One such alternative is Spiceworks.

Spiceworks will enable basic MDM, such as monitoring, reporting, and security including monitoring app installation, checking for jailbroken devices, and passcode enforcement. It's also a general IT application that includes other services such as helpdesk and network management.

The catch however, is that it is vendor supported, and some functionality is only available if discounted licenses are purchased. MDM restrictions include remote wipe, group policy management and enforcement, and mobile app distribution. So it's free, but not completely free.

Another alternative, which is actually rather comprehensive, is Cisco's Meraki. Cisco's cloud-based management platform works with iOS, OS X, Windows, and Android, and offers a wide range of options, including security and granular management.

It's free, and Cisco does this because they hope the organization will enjoy it so much that "you'll consider other Cisco Meraki products when you're ready to upgrade your Wi-Fi, switching, or security appliance infrastructure."

But there's a catch. As it turns out, Meraki profiles can be removed from the device. In an FAQ, Cisco addresses this issue by offering the following advice:

"On iOS devices, due to Apple's restrictions, there's nothing that prevents a savvy user from doing this. Thus, we encourage administrators to provide incentive to the user to keep the profile on the device, for example by including the wireless network credentials in the MDM profile. Then, if the profile is removed, so is network access. Administrators can also configure email alerts to be sent in the event a profile is removed."

Free can be good for the budget, but when it comes to the influx of employee owned devices, and the fact that most employees choose to work from anywhere they happen to be located at any given moment, free could end up being rather problematic and costly in the long run.

Join the CSO newsletter!

Error: Please check your email address.

Tags business issuesFiberlinkIBMsecuritybest practicesCSOIT management

More about AppleCiscoCSOIBM AustraliaNetflixSpiceworks

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Steve Ragan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts