Organisations need to consider three main factors as part of their "bring your own device" (BYOD) policy, technology research firm Gartner said this week.
The first thing to consider is the increased risk of data leakage and exploiting of vulnerabilities resulting from a conflict between users' right to leverage the capabilities of their own devices and the enterprise's mobile security policies. Organisations can use mobile device management software to deal with this and possibly a URL filtering tool, such as a cloud-based secure Web gateway service, to protect and enforce their policy on Internet traffic.
Another factor is the difficulty organisations may face in securing certain devices and keeping track of vulnerabilities and updates because of the various devices with no adequate security and the user's freedom to choose a device. Organisations should introduce a security baseline and deny access to enterprise resources from devices that cannot support it, according to Gartner.
The third factor is related to privacy concerns arising from the fact that the user owns the device and data on it, which can be a hurdle for corrective action for compromised devices. A possible solution for this problem is for the firm to ask users for their explicit, written consent to delete their data using "remote wipe" if their device is compromised, lost or stolen.
Gartner's advice comes as a recent survey by the firm showed that 70% of organisations had or were planning to introduce a BYOD policy over the coming year. A third of respondents already had such policies in place for mobile devices.
Copyright © Misco 2012. Misco is a trading name of Misco UK Ltd. All rights reserved. E&OE Registered in Scotland Number 114143. Registered Office: Caledonian Exchange, 19a Canning Street, Edinburgh, EH3 8HE. VAT number: 494 1756 15. All prices mentioned (pounds) exclude postage and packaging. All orders comply to Misco terms and conditions.