New mobile devices, including those running BlackBerry 10 and Samsung's Knox, were recently approved for employee use under the U.S. DoD mobile device strategy. If the Department of Defense approves a device, is it safe to expedite BYOD approval of those devices in an enterprise environment?
Ask the Expert
Have questions about enterprise security? Send them via email today! (All questions are anonymous.)
You shouldn't look to the U.S. Department of Defense's approval of mobile devices as the basis of device approval for your bring your own device (BYOD) strategy. The Department of Defense approved these devices, but only after applying strict configuration guidelines. The configuration of these devices is just as crucial to a BYOD deployment as the configuration of PCs and servers in enterprise networks.
The DoD configuration may be applicable to your environment, but it sacrifices usability for security. For example, under the DoD's configuration, CEOs would not be able to use their iPhone on a public network or with their in-car Bluetooth. I doubt that this would be acceptable in an enterprise environment where usability tends to have more sway than security. The information security practitioner who implements such a configuration could even run into job security issues.
The DoD mobile device strategy is based on a risk management process. Any company looking to implement BYOD should start there as well. First, determine the information that should be protected on the applicable devices and analyze any potential risks to that information. Then, build a custom configuration and device management strategy by weighing these risks with the company's risk tolerance. Such steps help build a better balance between usability and security for a BYOD deployment.
Dig Deeper on Handheld and Mobile Device Security Best Practices
Related Q&A from Joseph Granneman, Security Management
An IT security governance board is a key feature in security budgeting, but who makes up this body? Expert Joseph Granneman outlines the best ...continue reading
The security data breach public response times from Target and Neiman Marcus were noticeably different. Expert Joseph Granneman explains which one ...continue reading
Security staffing can be tricky, but talent can be found in unconventional places. Expert Joseph Granneman explains the pros and cons of hiring data ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.