FEATURE: BYOD
“The mobile
revolution
has redefined
business. It is hard
now to imagine not
being equipped
with at least one or
two mobile devices
as essential
working tools.”
Elma du Plessis, Channel Manager
at Securicom
Ian Jansen van Rensburg, Senior
Manager: Systems Engineering,
VMware Southern Africa
much tighter than BYOD. Non-
regulated verticals with manageable
‘crown jewels’ lean towards BYOD
since mobile devices are used for
communication and not necessarily
access to sensitive information.”
Jansen van Rensburg believes often a
combination of all three allows for the
most efficient management of mobile
environments. He says mobility is not
a one-size-fits-all concept and cost,
security, and work functionalities can
vary drastically between organisations.
BYOD policy
Brian Timperley, Managing Director and
co-founder, Turrito Networks
configure devices with all the necessary
applications for employee productivity
and the protection of sensitive data.
Morey Haber, Vice President of
Technology at BeyondTrust, claims that
the decision of which programme to
use seems to be vertical-based: “For
example, government organisations
are leaning more towards CYOD
since the assets can be controlled
34
INTELLIGENTCIO
An essential but often overlooked part
of enabling BYOD in your organisation
is the accompanying implementation
of a BYOD policy, as Haber points
out, “If BYOD devices are allowed to
connect without any policies, controls or
restrictions, the outcome will absolutely
be quantifiable as a security threat”.
The requirements of a policy will vary
based on the industry, geographical
and organisational needs but Haber
recommends the following as a base of
any effective BYOD policy:
• Details on acceptable and
inappropriate applications
• No jailbroken or rooted devices
• Geolocation enabled
• Authentication hardening by
password or biometrics (which should
be periodically rotated)
• Sandboxing of sensitive applications
• The ability to remote wipe the device
in case of theft
Jansen van Rensburg points out that a
BYOD policy should also clearly disclose
what the IT department will be able to
see and manage on personal devices, so
there is no fear of personal data being
compromised or exposed.
Whilst a thorough policy is necessary,
Shiraaz Singh, Enterprise Infrastructure
Solutions Specialist at Aptronics
warns that “Too much security has the
potential to affect employees’ user
experience, so much so that they may
resort to shadow IT, using unauthorised
apps and unsecured software to get
their work done at all.” BYOD is driven
by the flexibility it offers staff; if this
flexibility is overridden by excessive
regulation and monitoring it may
well lose its appeal to employees
altogether. It’s about finding the
balance, and again, this will vary
between organisations and the type of
programme implemented (BYOD, COPE
or CYOD).
Security in the age of BYOD
Despite all the benefits that BYOD can
bring an organisation surrounding
employee productivity, satisfaction and
mobility, it brings with it cybersecurity
www.intelligentcio.com