BYOD Program & Controls Requirement

BYOD or Bring Your Own Device is the way organizations are planning to take.  The talk is going abuzz in the corporate world as it would help organizations reduce their IT budget and increase operational efficiency.  In my view it is not that bad an idea, but would require looking a bit deeper at the Compliance perspective and the risks that would emanate when an organization would run BYOD.  The Organizations would require investing and managing various technological solutions to ensure that the Data Privacy and Protection Laws of the world are addresses and that the common framework of controls is enforced across all the devices that come in being due to BYOD. 
The BYOD program from the aspect of controlling data access and ensuring data protection would need to evaluate and consider deploying following technologies:
  •   Jump Server – to log in to the organizations corporate network and provide viral desktop environment to the users.  The virtual desktop would have all the desired user settings including file & print configuration, Proxy settings, mailbox configuration and the application shortcuts for the desired applications for the user concerned
  • Network Admission Control – to control the risks emanating from the unpatched and unprotected personal devices that can introduce Trojans, viruses, worms, BOTS etc in the corporate network.  The Organizations would need to critically look at investing on a strict Anti-Virus & Patch Management Regime Supported by the Network Admission Control devices.
  • Two Factor Authentications – to ensure that the password compromises do not impact / provide access to the corporate network. Additionally this would also help organizations to be able to support the Work from Home (WFH) program thus further reducing their operational cost associated with Facility Management for the ever growing number of seats with workforce increase.

These are just the indicative controls that should be considered or rather implemented by the organizations seriously going the BYOD path.  Certainly the CXOs of the world would be better placed to take the final decision on the set of controls from the likes of IDM, DLP, SSO to add to.  This would certainly require an indepth assessment on the requirements and the risks emanating to an organization.

Comments

  1. Sripati

    Good post!

    The point that caught my imagination was the "work from home" thing and the impact that it could have on the opex.

    If only organizations would hear (sigh!).

    On the other hand, owing to a multitude of problems in the infrastructure (power, for one), it sounds prudent for organizations to ask everyone to come to office so that they can ensure that work is getting done (sorry-can't-deliver-work-unscheduled-power-cut).

    How do you think organizations should address that?

  2. Sripati

    Good post!

    The point that caught my imagination was the "work from home" thing and the impact that it could have on the opex.

    If only organizations would hear (sigh!).

    On the other hand, owing to a multitude of problems in the infrastructure (power, for one), it sounds prudent for organizations to ask everyone to come to office so that they can ensure that work is getting done (sorry-can't-deliver-work-unscheduled-power-cut).

    How do you think organizations should address that?

Comments are closed.