More and more small and medium business and not for profit organisations (SMB) are facing these type of requests. The bring your own deceive (BYOD) phenomena is not going to get easier but in my opinion it is going to get a lot worse, especially for the SMB’S space.
Here are four ideas to make it easier for your organisation.
Start with a “written” policy. All SMB’S need to have a written policy on device management. This makes it easier for you in the long run as you start with a system of control in place. This policy states where you stand in the management of your data. A written policy will be readily accepted by both users and management as everyone knows where they stand. One of the largest problem is when a device is moved on with outgoing staff. The policy also has to cover the required security of the information on it. Your business does not want to loose intellectual property when someone leaves. A caveat of using your own device is that it can be wiped prior to leaving the organisation.
Segment your network. This allows all wireless connection to be connected outside the main network environment. This means that unless the device is physically plugged into the WIRED network access to restricted information can be managed correctly. Make sure wireless connection also have decent authentication and encryption capability. If the BYOD doesn’t have the correct security requirements then do not lower the security requirements to allow that system to have access. This is one of the points that should never be compromised for a staff member.
Develop a security standard. Just because a staff memeber brings in a device doesn’t mean that it is automatically going to be allowed to be used. Create a standard level of equipment that the business will support and this list needs to be published internally. The list can be added to and subtracted from as new devices become available. This will allow your IT people to have more control over the devices being bought into your organisation. it will also allow your business to restrict the use of the device as well as what can be stored on the device. A combination of Microsoft exchange 2010 policies and the types of devices allows you to control a number of the features.
Draw the line between corporate and personal. Once you start to bring devices onto your network you also need to define what level of support your IT department will supply. Will it just be corporate mail, or will it be the total device. Furthermore do you have the power to remote wipe the device when it is lost or stolen. If there is corporate information on the device this has to be thought through. Again this should be defined in the BYOD policy.
The introduction of hand held devices will improve a business but it has to be tempered with some level of control and management. Without the control, your IT department will be run off their feet trying to keep you staff’s devices in control.