As I wrote the previous Post – BYOD Program & Controls Requirement I received the comment on WFH, but I am certainly not covering that in this article, as that is a separate topic of discussion. What is more interesting that broke out as a discussion point with a colleague over a cup of coffee. The discussion actually presented a counter argument to the Jump Server configuration.
While in the discussion, I was very much inclined to and well still am that an organization as the first step to BYOD program should define the set of machines that they would allow. It is pretty much important for the organization to define whether they are going to allow. The Deep Dive on the topic reveals that the selection of devices would prompt additional thought process or should I say depending on the Support Strategy for the BYOD program the organization needs to define what devices would be allowed.
The various strategies would revolve around user experience v/s technological deployments. If an organization would like to restrict user experience and go with technological deployments that would ensure Data Security and related controls, the organization would then need to restrict the BYOD to Laptops and Desktops (may be or when its WFH). In this case the controls would be around the set of controls that have already been discussed in the previous post as mentioned above.
In case the organization would select User Experience then the organization would need to ensure that they provide support to any device and enhance the Mobility aspect of the user. This decision however needs to be based on the following decisions –
- What applications would be supported for BYOD and what level of modifications / application changes would need to be carried out?
- What level of Security would be needed to extend the support to the devices?
- What would be the application support, would it be Browser based only or Client based with a part of the program sits on the client side
- Would VPN security be extended to these Devices that would be supported?
There are many more questions that need to be answered for a Successful BYOD program. The Organization would additionally need to check if One Device One Number sort of Program be adopted or not. If the organization would decide to implement this program for increased mobility they need to ensure the Soft Phone Support.
The BYOD Program as it seems is not actually an easy decision to take as the organization would require to answer many other questions and Specifically that would help them ensure mitigating Risks and meeting Compliance Requirements in Operationally Effective and Efficient Manner
Comments
Thanks a Ton to @tsingh4IT to share his valuable views on the aspect. Without his points, this article wouldn't have been covered the details