The modern office, small and large, have largely driven the practice of access to company data anywhere at any time. With COVID-19 forcing many companies to adopt a remote workforce, organizations must provide access solutions to their workers in order to safely and efficiently perform their tasks. The cost to provide organization provided devices can be expensive so the rise of BYOD (bring your own device) policies have largely given rise to the concept of using employee-owned devices to access organizational resources. This reduces the cost of equipment and reduces IT overhead by not having to purchase and configure mobile devices for end-users. However, using non-company owned or managed devices to access company information introduces all sorts of security risks and considerations. Allowing users to bring untrusted devices into an organization and connect them to the company network can have a major impact on the security of the corporate network.
So, what are the security considerations an organization should implement or consider with a bring your own device policy? The easiest and most applicable form of device security should be a mandatory device passcode that is required for access. A device passcode policy complying with industry best practices including a complex passcode should be enforced upon all devices within a BYOD environment to prevent unauthorized access to the device. Another consideration is the use of containerization in the form of a second password used to access corporate information. A secondary password should be a different password when the standard device unlock passcode with security features ranging from device locking after three incorrect password attempts to a serious security feature of completely wiping the device after an incorrect number of attempts. Another security consideration is a BYOD permitted applications list for allowed or approved applications to be installed on the device itself. With so many potential rogue or malware applications available on the various app stores it is important to enforce only a handful of approved applications to execute on devices that might have access to corporate data. Finally, a BYOD security policy should include also full-disk encryption as a mandatory requirement to safeguard corporate data.
With so many of these complex BYOD security policy requirements, it is recommended that organizations utilize a mobile device management solution to track and manage enrolled devices. MDM solutions support many of the previously mentioned features but also ease overall device management. With an MDM solution, if a device is lost or stolen the user can report it to the company and the company can have the device remotely wiped thereby preventing corporate data from being accessed. An MDM solution also supports multifactor authentication which increases the security over the standard device passcode which makes it more complex in harder to access. MDM solutions also support IP allow lists to restrict access to certain IP addresses or ranges which prevents anyone without a predetermined IP address from gaining access to the MDM.
BYOD security policies and MDM solutions can be complex to undertake if not properly analyzed and determined for your corporate requirements. Let the consultants at Grove help. Our Grove consultants can help build a secure MDM solution adhering to various cybersecurity compliance needs. So contact us a call today to schedule an appointment!