By Toby Makepeace, Technical Director, Netutils
This post contains original thoughts posted by Toby Makepeace, Technical Director, Network (Utilities) Systems Ltd. These views are his own.
As the boundaries between personal and professional devices continue to blur as do the risks to your sensitive corporate data. This places significant and increasing pressure on the IT department to devise & implement a robust BYOD strategy.
As Juniper’s trusted mobility index reports ‘…Already today, nearly one-third (30 percent) of all IT leaders report their company has experienced a security threat as a result of personal mobile devices accessing company data.’
It is likely that your staff already access your company data via their personal devices. So you probably already need a BYOD strategy but the big question is where do you start?
First, consider your reasons for implementing a policy in the first place. In our experience the most common initial reason for considering a BYOD strategy is because the IT department is experiencing pressure from the users themselves. Today’s digital society means that more & more people have smart devices as personal devices, and want to use them!
According to the Juniper Networks’ survey, ‘ mobile users worldwide own an average of three Internet-connected devices – from smartphones and tablets to eReaders and portable video game systems. Nearly one in five people (18 percent) own five or more devices. And today, people depend on these devices for everything from financial transactions and business operations to personal connections’.
Based on those findings we know that initial user demand is for access to the internet, so users can access media rich content, normally on platforms like Facebook, Twitter, YouTube, and to access online banking services. However, users probably justify their requirement for internet access around a desire to access their business applications and email.
What we have experienced however, is that once users start using their personal devices for business use their productivity increases. Employees start responding to emails at lunch, reading emails at home, tweeting at the weekend, that kind of thing. So it’s worth considering the cost benefits here – after all users pay and maintain their own devices – so perhaps you should consider how your BYOD strategy can support this.
So why allow access to business applications on personal devices when you probably already supply users with a business device like a blackberry or laptop?
This question is best answered with another .How many users do you know who leave their personal mobile at home when they come to work? None, that I know off. People are glued to their mobile devices and feel lost without them. And following on from that – how many people take their business devices down the pub at the weekend? Or out shopping with the family? Not that many would be my guess!
So it’s clear there are company and cost benefits to be had, but what are your reasons for considering BYOD? Is it just user pressure or does your company actually see the benefits of the BYOD trend and want to embrace it?
If you do not fully see the need to embrace the trend, and are bowing to user pressure to bring personal mobile devices to work then I suggest you provide a simple guest access network, where the staff can self-provision access for themselves or the guests visiting your company.
Remember though there is still a requirement to audit access to the internet however you provide it, whether it is for guests, contractors or staff. To do this a flexible wireless system with a multi SSID VLAN separation is recommended with a system that allows you to put together a flex authentication process that can separate a trusted device from an un-trusted device on your network (Network Access Control). Do not fall into the trap of just putting up a quick fix of an “Open Guest” network, you (as the corporate IT department) have responsibilities to provide an audit of who is using your network to access the internet. (Read our follow up article about providing guest access, coming soon)
If you do intend to fully embrace a BYOD strategy, what do you need to do….?
Well much the same as providing a guest network, you need a flexible wireless system with a multi SSID VLAN separation, a system that allows you to put together a flex authentication process that can separate a trusted device from an un-trusted device on your network (Network Access Control). So not a lot of difference on the basic requirement really, however what is different is the policy you are going to put in place to support it.
The questions you need to ask yourself and the business are:
- What business applications and resources are you going to allow your users to access?
- What level of checks are you going to put in place to support access?
- How are you going to separate access?
In addition, my suggestion is that your BYOD strategy needs to flow directly from a company-wide business policy which considers these 3 questions.
In summary and to answer our initial question on where to start – consider why you need a policy in the 1stplace –a) to simply provide guest internet access? or b) to fully embrace the BYOD trend and realise the cost and company benefits?
Additional blog topics: