BYOD Doesn’t Have to Be a Headache

Everywhere we turn lately, we hear the term “BYOD.” While it is always fun to guess acronyms, this one -- meaning “bring your own device” -- is making VARs stand up and take notice. VARs whom I h

Everywhere we turn lately, we hear the term “BYOD.” While it is always fun to guess acronyms, this one — meaning “bring your own device” — is making VARs stand up and take notice. VARs whom I have spoken with have told me that managing a BYOD environment for their customers can be a daunting task. Not only do companies have to manage corporate-owned devices that are issued to employees, but many now manage devices employees bring into the company.

Employees bringing their own devices to the workplace is a logical step in the evolution of the mobile workforce trend. However, it isn’t without its risks. It’s not just about protecting end users’ vacation photos and personal information; a company’s information is at stake as well.

Symantec recently conducted an experiment in several large cities around the United States, in which 50 smartphones were intentionally “lost” in busy locations in each city. The phones were outfitted with simulated corporate applications and data. Symantec tracked the devices found by passersby. In an ideal world, we would all hope that our phones would be safely returned to us. But those of us who live in the real world know that isn’t always the case. What happened next in the experiment highlights the importance of properly securing mobile devices.

The study showed that 83 percent of the phones recorded attempts to access corporate data, and only half of them were ever returned. And the data breaches weren’t accidental — the finders were attempting to access files such as “HR Salaries,” which clearly contained confidential information. That’s pretty scary and demonstrates why VARs and IT departments worldwide are losing sleep over BYOD. Imagine if an employee does drop his or her phone containing company information — what could the finder access, and what could it do to the company’s image and bottom line?

Thankfully, there are several ways to combat this, and the most obvious for VARs is to ensure that mobile protection and device management software is loaded onto each phone to reduce the risk of unauthorized access to sensitive corporate information.

Symantec has a few other tips to share with VARs that, when implemented, could make the difference between a company’s information remaining confidential, and being out there for the world to see:

Enable purposefully: VARs should have their customers poll their employees to find out what they need access to and then enable access securely. Proactively develop a plan to provide line-of-business apps that will improve productivity while minimizing risk.
Think strategically: While VARs plan a mobile strategy for their customers, they should explore the risks such a strategy presents, and take a cross-functional approach to keep data secure wherever it resides.
Manage effectively: Keep in mind that smartphones and tablets are endpoints, and take steps to secure them accordingly. VARs need to ensure that mobile management is integrated into the overall IT management plan, and policies should be developed and enforced as with other areas of technology.
Enforce appropriately: VARs may need to advise their customers to create or adjust corporate policies to accommodate devices that are corporate- and employee-owned. They also should plan for accommodating new devices being brought into their customers’ infrastructure as they’re brought to market.
Secure comprehensively: VARs know it’s not just devices at risk, but also the information they contain. Basic password policies should be supplemented with technologies that include data loss prevention, encryption, authentication, antimalware, and the ability to remotely wipe and disable the device to provide complete protection.

All in all, BYOD isn’t as scary as it might seem. VARs simply need to advise their customers to implement software, policies and procedures for employee-owned devices, just as they would a company-issued device. As VARs well know, it isn’t about the device, it’s about the information on the device. If VARs keep that information under their belt, they are already headed in the right direction for BYOD deployments.

John Eldh is VP of channel sales for the Americas at Symantec. Monthly guest blogs such as this one are part of The VAR Guy’s annual sponsorship program. Read all of Symantec’s guest blogs here.