Is the DoD mobile device strategy applicable to enterprises?

New mobile devices, including those running BlackBerry 10 and Samsung's Knox, were recently approved for employee use under the U.S. DoD mobile device strategy. If the Department of Defense approves a device, is it safe to expedite BYOD approval of those devices in an enterprise environment?

    Requires Free Membership to View

Ask the Expert

Have questions about enterprise security? Send them via email today! (All questions are anonymous.)

You shouldn't look to the U.S. Department of Defense's approval of mobile devices as the basis of device approval for your bring your own device (BYOD) strategy. The Department of Defense approved these devices, but only after applying strict configuration guidelines. The configuration of these devices is just as crucial to a BYOD deployment as the configuration of PCs and servers in enterprise networks.

The DoD configuration may be applicable to your environment, but it sacrifices usability for security. For example, under the DoD's configuration, CEOs would not be able to use their iPhone on a public network or with their in-car Bluetooth. I doubt that this would be acceptable in an enterprise environment where usability tends to have more sway than security. The information security practitioner who implements such a configuration could even run into job security issues.

The DoD mobile device strategy is based on a risk management process. Any company looking to implement BYOD should start there as well. First, determine the information that should be protected on the applicable devices and analyze any potential risks to that information. Then, build a custom configuration and device management strategy by weighing these risks with the company's risk tolerance. Such steps help build a better balance between usability and security for a BYOD deployment.

This was first published in January 2014

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: