10 worst-case BYOD scenarios (and how to prevent them)

A lire sur:  http://www.techrepublic.com/blog/10things/10-worst-case-byod-scenarios-and-how-to-prevent-them/3673

By Jack Wallen

April 11, 2013, 1:46 PM PDT

Takeaway: When it comes to BYOD, the best defense is a good offense. These proactive strategies will help you anticipate and avoid potential problems.

Bring Your Own Device has stirred plenty of controversy. Companies are either embracing it to its fullest extent or avoiding it like the plague. BYOD can potentially save you money and help make your employees happier and more productive. But it also brings along with it a number of possible pitfalls, from security to compatibility and everything in between. For the most part, those pitfalls can be avoided with just a little planning and education. “No way,” you say? Let’s look at some likely worst-case scenarios and see how you can prevent them from occurring.

1: Exposed data

Exposing sensitive company data is always a fear — BYOD or not. But employees bringing in their own devices adds an extra layer to that fear sandwich. People lose smartphones and tablets. These devices also get stolen frequently. When that happens, your data can easily fall into the wrong hands. Avoid this by adopting a secure wipe policy, so that when a device is lost or stolen, company data is removed remotely. This type of policy should be set in place immediately.

2: Passwords in the wild

Your employees could be carrying with them the keys to a number of kingdoms. These passwords can either be stored in applications (logon information) or stored on the device memory. You must have a policy in place stating that no company password is to be saved in the cache of any application on the device. Another policy should state that if employees need to retain company passwords (or even information) on their device, the information/passwords must be saved within an application that can be securely encrypted.

3: Declining productivity

What happens when your employees take advantage of the BYOD plan and spend most of their time on social networking sites, snap chatting with friends, or worse? Because many of those devices will have carrier networks, employees will most likely know they can get away with usage outside of company policy. To avoid this, establish a company policy that requires users to agree that when a device is being used within the company, it will be on the company wireless network. If those employees know they must use the wireless network, they will be less inclined to spend as much time on social networking sites — or doing anything counterproductive.

4: Compatibility issues

With BYOD comes a deluge of possible devices and platforms. You could go to work one day and all of a sudden be looking at the prospect of supporting Android, IOS, OS X, Blackberry, Linux, Windows 8… and although the list may not seem huge, the hurdles could be. Instead of allowing any platform, you could do one of two things: Limit the platforms allowed or make it clear you will support only company-approved platforms and that for all other platform users will be on their own.

5: Bandwidth overuse

So many companies already stutter on their network. Most assume they can get by with the bare minimum — a gross mistake. One of the beauties of BYOD is that your end users will be more prone to work outside the office (thereby using their carrier network or their own wireless); when in the office, they will be using both their desktop and their device. With the added stress on your network, you’ll want to make sure you have a big enough pipe to handle the extra usage. Though most businesses are already prepared for this, some smaller businesses might be attempting to run on a standard DSL. This will not do.

6: Device management

Many are already asking the question of how to manage the devices. With various devices, on various carriers, you can’t exactly set them up on a management console to better control how those machines are used. What you can do is set up a network access control (NAC) like PacketFence, and control each device via MAC address. Yes, this will require you to set up a process where end users allow you to record the MAC address of their devices. But it will go a long way toward managing those devices and how each device uses your network resources.

7: Wireless bottlenecks

With all of those extra devices coming into the company, all of them depending upon wireless networking, you are going to have to make sure your wireless is up to snuff. You won’t be able to depend upon a consumer-grade wireless router. Not only will that router possibly choke on the bandwidth usage, it might not handle the level of security you need. Before you open this floodgate, purchase wireless equipment that won’t bottleneck and won’t open up a vast array of security holes.

8: Autonomy overuse

When you allow BYOD you are, effectively, telling your end users that you trust them enough to grant them a higher level of autonomy. This, of course, can be abused. The last thing you want is a handful of users who think they are an island and, thus, above the rule of the company. Though you are allowing BYOD, you must still make sure they understand that this does not give them free rein to break the rules and do as they please. If you have to, make employees sign a contract confirming that they understand the limits of the freedoms they’ve been given.

9: Virus infections

Most mobile platforms are not as susceptible to viruses as their desktop counterparts are. But that doesn’t mean they can’t pass along infected files. Because of this, end users need to understand they must employ an antivirus solution on any machine (or device) that passes files on to end users. Any antivirus must be approved by the company and regularly maintained and updated.

10: Compatibility complaints

You’re going to face a wash of raging users complaining that the applications they have on their devices can’t open files necessary for work. You’ll need to make it clear that they simply have to purchase/install applications that can open company-supported file formats. One of the best office suites for this is Kingsoft Office. That will cover Microsoft Office and LibreOffice. Also make sure users have an alternative browser (like Firefox), in case their default browser is unable to handle web-based applications your company relies upon. In the end, there still may be issues they can’t overcome with those devices. When that happens, there are always tools like Logmein (to gain access to their desktop) or even RDP clients.

Bring Your Own Drama

It’s coming to an IT department near you. When it does, be prepared for anything and everything. You’re dealing with the teen years of mobile devices and you’re going to have to have tricks up your sleeve you never thought you’d need. But if you’re prepared, and if you’ve prepared your users, that drama will hardly get the chance to rear its ugly head.