Secure BYOD Is About Containing Not Restraining

Secure BYOD with containers

It has become very difficult to read about IT systems management lately without reading something about BYOD; the risks; the challenges; the dilemma; the conundrum. You get the idea. BYOD is a hot topic because it presents traditional IT departments and providers with a unique set of system management concerns that can’t be overlooked.

First efforts surrounding BYOD were policy driven for most IT pros. IT had to choose a position on whether THEY were going to allow users to BYOD or not. It was a logical first response, but now the reality is that IT, in most cases, has been overruled by the users and frankly by the business value of allowing end users to use their own mobile devices for company work.

The article above from CRN points out 10 of the most critical aspects of the BYOD challenge, but here at Kaseya we see it coming down to 3 main areas: Risk, Manageability and User Acceptance.

Risk

Generally, as a business, how much do you care about data falling into the hands of others? Some businesses are very sensitive to this, others don’t care if a few emails and docs get out. While understanding your organization’s data sensitivity will drive your approach to BYOD, the most comprehensive risk management solution also ends up being one of the more simple. Cordon off the corporate data, and in fact all the corporate activity into a secure encrypted container that doesn’t commingle with the personal data and apps on the end users’ devices.

Additionally, by having users’ mobile devices stay on their own network (mobile provider network) and not letting them directly access the corporate network via mobile VPN or even wifi, we don’t introduce the risk of unmanaged devices granting or gaining access through compromised devices.

Manageability

There are technical solutions to every BYOD challenge, but IT doesn’t necessarily want to have to take over complete management of a user’s device. This isn’t just because users don’t want IT to do this, but because it creates overhead and complexity. Containerization means that configuration of corporate access is managed by IT, but the device is still in control of the user.

It also means that to give users access to corporate systems means they only need to install an App, something they do all the time, rather than having to go into system settings and figure out how to configure mail, VPN settings, special authentication etc

User Acceptance

It has been some time since much thought was given to how users feel about the systems they use for corporate access. BYOD has brought this back to center stage where every day users often have strong opinions on what brand or model of device they use, and don’t like the idea of being forced to use a corporate device. After all, how many times have you heard people say: “No one wants to have to drag around two phones!”

Let’s be honest, users want to use the device of their choice along with how and when they want it. If they want to play Angry Birds on the train on their way home that’s their choice. If they want the latest and greatest smartphone or tablet, that’s up to them.

Using the concept of containerization, the user doesn’t have to worry about what they do outside of the corporate app. All the business data is contained inside that app fully encrypted and separate. The worst-case scenario would be to have them find ways to use their favorite device to access corporate data in less secure ways.

Nothing helps users accept things as they would with money. In many cases, a corporation might choose to offer a fixed contribution towards device purchase and ongoing data costs but leave everything else up to the user to choose. That’s the way to breed user loyalty and have IT be the friend rather or “business partner” than the foe!

BYOD becomes a much tamer beast when you take an approach which allows you to secure the business data and apps and keep them separate from the personal data.  This builds trust in IT from users who are happy to be on their choice of device and trust from the C-suite that the business data is safe and secure and manageable.

Here at Kaseya we are always looking for solutions that make sense, and the container approach to BYOD is great example.  So we’ve made some moves to extend our world class IT systems management with the acquisition of Rover Apps.

 

4 thoughts on “Secure BYOD Is About Containing Not Restraining

  1. Brendan, you make some good points in that technology can solve most of the BYOD challenges but balance is required to not overwhelm IT or the Users with tech blitz. Fortunately we’ve used Linoma Software’s GoAnywhere product that makes it very easy for the User to use and highly manageable for the IT staff to utilize. So BYOD was not much of an issue for us as it was a win-win for both sides of the equation.

    GoAnywhere integrates the smartphone app (http://blog.goanywheremft.com/2013/06/26/goanywhere-android-app/) into it’s MFT solutions in a way that makes BYOD management so very easy. I have really taken it for granted how great a job GoAnywhere does in simplifying my job.

    1. Hi Daniel,

      Thanks for the reply! File sharing is certainly one aspect that needs to be managed, but there’s also a distinct need to secure LOB apps, and access to company networks and systems. If your business is one that demands HIPAA, PCI, SOX, FFIEC compliance the imperative for data encryption and control becomes even greater.

  2. Brendan – great post. The approach of containerization is surely a good tool in the approach, but was curious how this would be used in conjunction with tools that are already in the consumer space that are used for business functions (YouTube, Skype, etc.). Some of these functions could be taken over by internal systems, but assuming that a company is relying on some consumer products to conduct business operation how could you manage this solely by this approach.

    Though this was a cool video that also talked about approaches to a BYOD policy: https://www.youtube.com/watch?v=ITP-02z02tI. I think you might find it interesting (plus who doesn’t love pirates).

    1. Hi Alan,
      There is a point at which a business’ reliance on consumer products to conduct business isn’t a BYOD “problem” per se because regardless of who owns a device its that USER not the DEVICE that becomes a compliance problem. In other words, containerization makes it easier to enable use of corp LOB apps, and corp network access with less impact to a personal device and less risk for the corp data on that personal device but it doesn’t allow for containerization of users. 🙂 Unless we’re all just a part of the matrix….

Leave a Reply

Your email address will not be published. Required fields are marked *