TechSoup.org The place for nonprofits, charities, and libraries

Bring Your Own Device (BYOD)

  • Until recently, my org has been dead set against allowing people to bring in personal devices to use on our network for business purposes. We have been slowly changing our philosophy as these devices have more practical use. For example, Ipod touch and Ipads have apps for our doctors that help them properly prescribe medication doses. With that being said, how are your orgs handling BYOD? Do you have any security measures in place to prevent a security breach?

     

    Gary

    Gary Network/Systems Admin Berlin, NH
    Host Non-profit Tech Careers, Security Forums
    Co-Host Networks, Hardware, & Telecommunications Forum

  • *Just* noticed that there is a July 25, 2013 TechSoup blog on this very subject!

    forums.techsoup.org/.../how-to-stop-worrying-and-embrace-the-nonprofit-byod-workplace.aspx

    What do you think of this advice, Gary - or anyone else? You can say so here or in the blog comments.

    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
    Jayne Cravens
    TechSoup Community Forum Manager

  • Gary,

    I'm sure you've done a ton of research on this. The best way, especially being a system admin, is to separate personal and company data while maintaining full control of policies and device configurations on YOUR network. That's the key is YOUR network. Once you've defined your organizations mobile strategy that creates both productivity and employee satisfaction, you'll be able to:

    • Set device restrictions on features, applications and content ratings

    • Detect and restrict jail broken and rooted devices

    • Deploy real-time compliance rules

    • Geo-fencing rules enforce location-based compliance

    • Managed over-the-air configuration of email, calendar, contacts Wi-Fi and VPN profiles

    • Distribute and manage company approved applications

    • Selectively wipe corporate data leaving personal data intact

    • Remotely locate, lock and wipe lost or stolen devices

    • Decommission devices by removing company data

    Obviously, the best way to do this is via a software tool. There are many other there. I hope this helps.

    Please feel free to reach out to me on this forum if I can help.

    Manny W. "Manny" Lloyd

    Certified ITIL®, Cisco®, Oracle®, ESRI®, Microsoft®, & Kroll Ontrack®

     

    Manny W. "Manny" Lloyd,  Manuel W. Lloyd Consulting®

    Subject Matter Expert In ITIL®, Cisco®, Oracle®, ESRI®, Microsoft®, & Kroll Ontrack

  • Hi Jayne, That is a great article.  I can certainly see non-profits trending in this direction.  Manny, thank you for your input.  Our org uses software (Untangle) to control what our users can get to on the web, and we are able to restrict access to our network shares from non-company devices.  We will soon be rolling out a new sonicwall sra that will allow SSL vpn access via IOS to allow RDP connections.  

    Gary Network/Systems Admin Berlin, NH
    Host Non-profit Tech Careers, Security Forums
    Co-Host Networks, Hardware, & Telecommunications Forum

  • From a TechRepublic article called The Dark Side of BYOD:

    There is most definitely a dark side to BYOD. For the most part, I am an advocate for the consumerization of IT (using non-standard apps and tools as a way to increase end user engagement and productivity) and support the bring-your-own-device model.

    However, as a seasoned manager and IT operations leader, I recognize the risks that come with the model if organizations do not properly plan out their strategies, putting sufficient protections and governance practices in place to manage the potential risks that could come from these unsupported devices and applications. End users often want what’s NEW, but there are valid reasons for imposing and enforcing safeguards when giving mobile business users access to your otherwise secure, scalable, and compliant systems.

    Some people equate governance with bureaucracy and hierarchical systems, but those perceptions often come from a lack of appreciation for the potential risks involved. Governance is about checks and balances -- supporting the tools and systems your end users want, but in a way that is manageable and which follows defined protocols.

    It goes on to offer a LOT of advice re: creating a BYOD policy.

    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
    Jayne Cravens
    TechSoup Community Forum Manager

  • Just found many more articles on this subject at workforce.com:

    BYOD Brings Security Risks for Companies, April 2, 2013
    While bring-your-own-device policies at the office have their benefits, they also pose a serious security risk if workers aren't careful with their devices.

    Young Workers Often Breach Electronic-Device Policies: Survey, April 2, 2013
    Millennial workers admit to ignoring BYOD rules in the workplace.

    Data Bank Focus: Bring Your Own Device to Work, June 7, 2012

    Companies Bring Bring-Your-Own-Device Policies to the Party, April 6, 2012
    More and more companies are establishing bring-your-own-device policies. Once they get past the initial security concerns, most company leaders are finding little downside to allowing employees to use their own smartphones and tablets for work.

    The Hidden Costs of Allowing Workers to Bring Their Own Devices, April 6, 2012
    Bring-your-own-devices policies should clearly state who can use personal devices for work, what devices they may use, what carriers they may use, and who is responsible for overages if they occur. 

    Creating a Secure 'Sandbox' on Employee Devices, April 2, 2013
    Companies are tackling questions of security on worker mobile phones and tablets by creating special compartments in the devices.

    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
    Jayne Cravens
    TechSoup Community Forum Manager