New mobile devices, including those running BlackBerry 10 and Samsung's Knox, were recently approved for employee use under the U.S. DoD mobile device strategy. If the Department of Defense approves a device, is it safe to expedite BYOD approval of those devices in an enterprise environment?
Ask the Expert
Have questions about enterprise security? Send them via email today! (All questions are anonymous.)
You shouldn't look to the U.S. Department of Defense's approval of mobile devices as the basis of device approval for your bring your own device (BYOD) strategy. The Department of Defense approved these devices, but only after applying strict configuration guidelines. The configuration of these devices is just as crucial to a BYOD deployment as the configuration of PCs and servers in enterprise networks.
The DoD configuration may be applicable to your environment, but it sacrifices usability for security. For example, under the DoD's configuration, CEOs would not be able to use their iPhone on a public network or with their in-car Bluetooth. I doubt that this would be acceptable in an enterprise environment where usability tends to have more sway than security. The information security practitioner who implements such a configuration could even run into job security issues.
The DoD mobile device strategy is based on a risk management process. Any company looking to implement BYOD should start there as well. First, determine the information that should be protected on the applicable devices and analyze any potential risks to that information. Then, build a custom configuration and device management strategy by weighing these risks with the company's risk tolerance. Such steps help build a better balance between usability and security for a BYOD deployment.
Dig Deeper on BYOD and mobile device security best practices
Related Q&A from Joseph Granneman
The consequences of phishing attacks could fall on the victims as enterprises start to punish employees who fall for this age-old scam. Expert Joseph... Continue Reading
CERT's ITPM certification is designed to help enterprises with their insider threat programs. Expert Joseph Granneman discusses the certification and... Continue Reading
Privileged users pose a growing threat to organizations. Expert Joseph Granneman looks at this insider threat and shares ways to mitigate it. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.