FEATURE: BYOD
Protecting data and loss prevention:
One of the largest challenges with
any BYOD implementation is ensuring
protection of corporate data. IT will
have to have a strategy for protecting
business data on all devices whether
corporate managed or employee selfsupported and managed.
This may include a secure business
partition on the device, which acts
as a container of corporate data that
can be tightly controlled and may also
include the need for a Virtual Desktop
Infrastructure (VDI) application to allow
access to sensitive or confidential data
without storing the data on the device.
Potential for new attack vectors:
Because the devices accessing the
corporate network have wide-ranging
capabilities and IT may not be able to
fully evaluate, qualify and approve each
and every device, there is the potential
for new security attack vectors to be
opened. The challenge for IT will be
how to permit the growing number of
devices and capabilities to be used,
while still maintaining the control to
enforce policies, such as automatically
disabling an ad hoc WLAN function on
an authorised connected device.
RABIH DABBOUSSI
General Manager,
UAE, Cisco
and application use may be subject to
different policies when a user is on their
personal time and network and when
they are accessing the corporate network
during work hours.
Visibility of devices on the network:
With BYOD adoption, each employee
is likely to have three, four, or more
devices connected to the network
simultaneously. Many of the devices
will have multiple modes, able to
transition from wired Ethernet to WiFi
to 3G/4G mobile networks, moving in
and out of these different connectivity
modes during a session. It will be
critical for IT to have tools that provide
visibility of all the devices on the
corporate network and beyond.
32
INTELLIGENTCIO
Adoption strategy
The process of creating a safe and
productive BYOD environment begins
with understanding the goals of the
organisation with respect to mobile
devices. Some businesses in the Middle
East have minor security concerns and
actively encourage the use of any type
of mobile device, while in some other
businesses, the vast majority of data
must be protected with the highest levels
of security. Most organisations fall into
the following four categories:
Limited: Typically selected by
organisations that require tight control
of information, such as government
offices, trading floor operators, and
healthcare establishments. The only
devices allowed on these networks are
supplied by the business. No personal
mobile device access policy is required
because these devices never have
network access.
www.intelligentcio.com