Everyone knows that bring your own technology (BYOT) is here – you only have to walk around your office to see the number of people already using their own smartphone or tablet for work purposes. And as long as they go on accessing your corporate systems unsecured and unmanaged, you’re leaving your network open to any number of problems. If you want to grab the bull by its horns and take control of the situation by setting up an official BYOT scheme, it’s important to have a firm plan in place from the get-go. To help you understand what’s involved, we’ve put together a step-by-step guide to developing a mobile strategy.
Step 1: Sort out your IT requirements
What smartphones and OSes will you support? It’s important to decide at the beginning, what operating systems you’re going to support and therefore what devices people will be able to use; you’re probably not going to want to manage every type of smartphone out there – it would be far too time consuming and costly. If you’re planning on rolling out a shared purchase scheme, you’re already taking steps to restrict the types of device accessing your network, but if your scheme is true BYOT, here are some questions you’ll want to consider when weighing up the pros and cons of each OS:
– Security Does the operating system include built-in encryption? Will you be able to tell if the device has been jailbroken or rooted? Can you enforce passwords and locate, lock and wipe lost devices? Are you able to partially wipe devices (important if they are personally owned)?
– Manageability Is the operating system open to mobile device management (MDM) and mobile app management (MAM)? Does it support Exchange ActiveSync and comply to company standards?
– Apps What corporate-level apps are available for the OS? Does the platform support the development and deployment of custom apps?
How will you deal with new devices accessing your network? If devices are going to need to access your WiFi as part of the enrolment process, now is the best time to ensure your network is ready. We’d recommend setting up a guest SSID/wireless network that is separate from your internal network, where employees can visit an enrolment page and download the necessary profiles. Once enrolled, you can then use MDM to assign privileges and restrictions that make the device safe to join the main network, including email, WiFi and your VPN.
How will you ensure the device has access to corporate documents? Employees need to access corporate documents on their mobile device, and if you don’t provide them with a way to do so securely (mobilEcho is one solution that lets iOS users access corporate file structures) or if restrictions are too strong, they’ll find a way themselves – probably at the risk of corporate data.
Step 2: Put together the paperwork
The mobile device policy This is a company-wide document that lays down how mobile devices will integrate into your business, and is one of the most important parts of the deployment. It should include the requirements of the organisation, and have input from stakeholders, legal, HR, IT and employees.
The policy checklist:
– who is responsible for the device
– consequences for policy violation
– which devices are supported
Device usage and funding
– how devices should be used
– how security requirements will be communicated
– the funding requirements (who’s going to pay for what?)
– how the policy will deal with contractors
– what corporate data is too risky to allow access to out of office
– who is allowed access to sensitive data on their device
– what steps will be taken in the event of lost data
The legal stuff
– regional and country data privacy laws
– details of the company’s intent to monitor activity on personally-owned devices
– liability for malpractice
– the process of removing company content from the device employee obligations if the device goes missing
– control over corporate info
– policies that deal with personally-owned devices during work hours
– employee awareness and training
The mobile device agreement This is a simpler document than the device policy that you can use to acknowledge whether or not employees have agreed to the guidelines laid down in the scheme. By accepting the terms in this document, each employee is effectively saying that your IT team has the right to secure their device and the data on it, if required. Basically, it’s your way of checking the employee was aware of the policy when they started using their device for work purposes.
Step 3: Find the right way to manage devices
There are now more ways to manage mobile devices than we can begin to go into here, and choosing between them is far from cut and dry. Apple’s own MDM solution, for example, will cover off the basics for iOS devices, but if you need more specific management tools or a cross-platform solution, there are solutions by JAMF, Absolute Software, MobileIron and many more. So, if you are considering BYOT and are looking for an MDM solution, it’s a good idea to get in touch with our team who can help you. As a first port of call, though, you should identify what your requirements are. Here are some things to think about:
What platforms are supported? You’ll need to look at whether the device management solution will fit into your existing environment, how it fits in with your current security, and which OSes it covers – JAMF’s Casper, for example, is purely iOS and OS X, Absolute Manage adds Android and Windows into the mix, and MobileIron covers all mobile devices.
Will it meet your admin needs? You may need a solution that allows you to administrate all devices using the same policies, or one that lets you define specific user groups within your business and set role-based rules.
Do you need app management as well? Will you need to control the apps on each device? This is a feature that’s not available in all MDM solutions but, if you’re looking to distribute in-house or commercial apps, is important to have.
Does it meet your security requirements? Consider what features you’ll need to properly secure devices. Common features of MDM include: multiple security policies per device (you may need a blanket policy for all devices, and more specific ones depending on type of user), automated removal of non-compliant devices, secure document distribution, remote locks and wipes, and the ability to set password complexity.
It’s important to remember that every BYOT setup is going to be different, and we’d always recommend getting in touch with us to help you find out your exact needs – one size does not fit all. We work with some of the world’s leading MDM solutions providers, and can help you enrol just about any device into your business.
To find out more about developing your own mobile strategy, and for more information about how we can help, get in touch with us on 03332 409 219, email B2B@Jigsaw24.com or visit our dedicated Apple for business site.