WIXLIB

The ultimateguide to BYOD490 East Middlefield Road, Mountain View, CA 94043Tel: 1.877.819.3451Fax : 1.650.919.8006www.mobileiron.comMKT EN 0219 US V61

INTRODUCTIONBYOD: How to move from zero trust to total trustToday’s working environments are no longer controlled byrigid security perimeters. Enterprise users frequently workanywhere, on any network, often using their own devicesto access business apps and data. The “bring your owndevice” (BYOD) trend has been around for many years, andisn’t going away any time soon. In fact, the BYOD market isexpected to grow to almost 367 billion by 2022, up fromjust 30 billion in 2014.1Here’s what’s also growing: security threats againstenterprise apps and data on unsecured devices, especiallythose owned by employees. As attacks become moresophisticated, security professionals must reconsiderthe best practices on which they’ve previously relied-- especially when it comes to BYOD. Many are alreadystarting to implement (or at least evaluate) solutions thatprovide a secure, contextual connection based on device,app, user, environment, network, and everything else that’sinvolved in accessing their data.1. Forbes, “The Future Of BYOD: Statistics, Predictions And Best Practices To Prep For The Future,” Jan. 21, 2019.Building trust in a zero-trust worldAn enterprise environment based on “zero trust” -- that is,one that treats all endpoints, apps, networks, and clouds tobe compromised and hostile -- has emerged as a successfulsecurity model for protecting company apps and datain a BYOD world. Zero trust assumes that all access tocorporate resources should be restricted until the user hasestablished their identity and access permissions and untilthe device has passed a security profile check.As organizations build and refine their BYOD programs,incorporating zero-trust security should be top of mind.In the following sections, we’ll look at best practices andrecommendations for preparing, building, rolling out, andsustaining a secure and successful BYOD program over thelong term.2

PART I: PREPARE YOUR ORGANIZATIONDetermine your BYOD risk toleranceUnderstanding your company’s risk toleranceis the first step to understanding how BYODcan work in your organization. Your company’sindustry may be the main factor determiningyour risk tolerance. For instance, organizationsin healthcare, biotech, financial services, government, or security services will likely adopta more defensive position toward BYOD thanstartup tech companies.Risk tolerance level and impact on BYOD ssdevice choiceMoredevice choiceEmail/calendaronlyConsumer/corporate appsMore restrictivepoliciesFull helpdesk supportMore openpoliciesUserself-help3

Engage stakeholders early to define program goalsOne of the most important steps to developing a BYOD program is gettingearly buy-in from critical players across the company. While it can bedifficult to align the interests of diverse company leaders from executivemanagement, HR, legal, finance, and IT, their support is critical for buildinga successful program.While the approval of executive-level stakeholders is essential, you alsoneed to ensure the program will meet the needs and expectations of endusers. In general, mobile users expect access to the data they need forboth work and personal business, on their device of choice, wherever they are. AnyBYOD program that fails to meet these requirements will likely be rejected by themajority of users.To avoid this outcome, adding one or two employee representatives to the teamcan help you gain valuable input and feedback on end-user preferences, devicerequirements, support and communication needs, and more. Anticipating these andother common objections to BYOD can also help you facilitate the planning phase.EXECUTIVESPONSORSHIPHUMAN RESOURCESFINANCEIT OPERATIONSWe can’t get executivesupport, but let’s move theBYOD plan forward anyway.The company cannot be held responsible forcompromised personal data on employeeowned devices.We can’t fund a program that doesn’t offerdemonstrated cost savings.We cannot support thehuge variety of apps thatthe business wants onpersonal devices.A BYOD project can easilyWorking together, HR and IT should designMany enterprise workers are already using their devices to accessHaving the ability tosponsorship. Becausepersonal data. Also, your end-user agreementWhen the organization enables secure choice computing, it gives ITupdate security policies,derail without executiveBYOD programs requireparticipation from diversestakeholders, executiveleadership is often necessaryto ensure deadlines andresponsibilities are met.clear boundaries between corporate andshould specify that the company may accesspersonal data if the device is subject to forensicanalysis. Also, upon separation from the company, all attempts will be made to preservepersonal data on the employee’s device, buta full data wipe may be issued if deemednecessary.and share company data, email attachments, and other content.a high level of control over corporate apps and data. Secure BYODalso improves user productivity by preserving the native deviceexperience employees already know and love — which directlytranslates to the bottom line. Specific cost savings can be realizedby reducing support costs through an end user, self-service modelthat leverages self-help tools, user support communities, socialnetworks, and user forums.dynamically modify oruser access, andserver configurations onalready deployed mobileapps will reduce theoperational overhead ofmanaging mobile apps.To help resolve these and other concerns from the start, you should form a BYOD steering committee comprised of representatives from all stakeholderdepartments. A steering committee can help groups with different priorities build consensus and define program goals that all stakeholders agree upon.Documenting these goals will serve as a valuable resource to help all stakeholders stay focused on the overall objectives as the BYOD program evolves.4

Survey and communicate with employeesAfter you have determined your company’s BYOD risk toleranceand stakeholder goals, the next step is to issue a short but specificemployee survey across the company. The greater your risktolerance, the more important it is to tailor the survey to capture userpreferences for devices, apps, communication tools, and tech support.To ensure you gather the information needed to design a successfulBYOD program, your survey should include questions that identify: Which OS/devices do employees currently own and plan topurchase in the future? Which factors would encourage BYOD participation? Which factors would discourage BYOD participation? Which corporate apps are most valuable to users? How comfortable are users with self-service support? What is the impact of BYOD on company perception, productivity,and work/life balance?55

Identify your mobile IT capabilitiesNow that you know your BYOD risk tolerance, program goals, and userpreferences, do you know if you have the right people and resources to buildthe program your company needs and users want? A capability assessmentcan help you determine if you have the right people, processes, andtechnology to enable employees to use their preferred devices, apps, andcloud services.A capability assessment is actually a simple checklist of requirements, thestatus of completion or availability and where the capability or task is in theprocurement process. For example, an IT staffing checklist would include all ofthe resources needed to implement the program, whether those resources arecurrently available or not, and who is responsible for bringing those people onboard. Here’s a snapshot of just a few of the staffing requirements you wouldneed to include in the BYOD capability assessment:Please place an ‘X’ in the appropriate columnSufficient staffingReadyPlannedNoneN/ACommentsIT resourcesDevice expertsAndroid: list name(s) iOS: list name(s) Windows 10: list name(s) Device testingDesign process: list name(s) 6

PART II: BUILD THE PROGRAMEnsure your resourcescan support BYODThe technology skills needed to manage a mobile IT infrastructure differ dramatically from thoseneeded to run a traditional desktop enterprise. Procuring the right expertise is critical to executing asuccessful BYOD program. Here are the recommended roles needed to build and sustain BYOD (keepin mind that one individual can wear many hats; you don’t necessarily need one person for each role).Mobile systems engineerMobile device expertA mobile systems engineer is a subject matterexpert for all aspects of mobile technology. This roleencompasses all hardware, software, and networkingtechnologies required to implement a BYOD program.The mobile systems engineer also provides expertisein integrating mobile technologies with enterprisecomponents such as identity, messaging, security,networking, and database services. Their domain ofexpertise includes:A mobile device expert is a “gadget hound” whostays on top of both existing and future devicesand software releases that can impact the mobileinfrastructure. By staying on top of mobiletechnology trends, the device expert can preparethe environment to either support or restrict theuse of new devices. The device expert is fullyversed in popular platforms and manufacturersincluding: Mobile operating systems, such as iOS,Android, and Windows 10 Android: Samsung, Motorola, HTC, LG, Sony,Huawei, Lenovo, Acer, ASUS Carrier networking technologies, such asGSM/CDMA/LTE and underlying protocols Mobile hardware, software, applications, applicationprogramming interfaces (APIs), and developmenttoolkits iOS and macOS: All Apple devices Windows 10: Lumia, HP, Alcatel77

Ensure your resources can support BYOD, continued.Mobile securityexpertMobile applicationsdeveloperMobile service andsupport resourcesA mobile security expert is responsible forestablishing and updating mobile securitypolicies and controls. The mobile securityexpert also educates users on social andbehavioral security risks, sets appropriate usepolicy, and helps develop strategies for:Regardless of whether your enterprisedevelops its own applications or outsourcesmobile app development, you may needonsite app developers with the followingskills:The accelerated lifecycle of mobile devices and servicesrequires an infrastructure that can quickly adapt toconstantly evolving conditions. To respond effectively, yourenterprise must customize the way services and supportare delivered to mobile users, because they have muchdifferent needs and expectations than PC users. To beeffective, mobile service and support resources must beable to: Mobile security and risk mitigation Mobile data protection Mobile OS platform review and positioning Mobile application threat management Experience with application developmentlifecycles and methodologies Ability to design and develop iOS, macOS,Android, and Windows 10 apps Hands-on experience in Objective-C,Cocoa Touch, iOS SDK, XCode, Developerprograms, Java, Google Play, Android SDKand device manufacturer APIs, .NET, WebServices, XML, and HTML5 Strong object-oriented programming anddesign skills Provide self-service tools to help improve usersatisfaction and reduce costs. Establish a core mobile support group that manages allmobile escalations. Develop and distribute knowledge base articles, supportscripts, and procedures to all users. Share knowledge through social networking and mobilecommunities. Establish clear and regular communication acrossmultiple channels to keep users up to date on servicestatus and changes.8