Leaving BYOD to its own devices

Most IT managers reckon that they have some sort of BYOD policy in place but does this apparent awareness reflect a false sense of security?

Is BYOD as big a concern to IT as we typically make it out to be? Earlier this year, SolarWinds’ Future of the IT Pro survey which surveyed more than 200 Australia-based IT Professionals found that only 20 per cent of IT managers see “the increasing use of non-company devices on your network” (a synonym for BYOD) as their main challenge.

Not only does it rank relatively low on the list of issues most troubling Australian IT managers, but the majority also have at least a simple policy response already in place. That seems to fly in the face of what most IT pundits are saying: that BYOD’s the most important worry for businesses everywhere.

So what’s going on? BYOD may be at risk of ending up “out of sight and out of mind”: a critical concern which IT managers feel capable of ignoring in favour of more pressing and timely issues. But by incorporating best-practice fundamentals into their BYOD approaches, IT managers can not only eliminate this false sense of security but also deal with many of the broader challenges they now face.

Bringing BYOD back to attention

IT managers may have put BYOD on the backburner for two reasons. First of all, they’re feeling pressures at a far more basic level. The survey found reduced budgets and maintaining security to be the biggest concerns for IT managers – in a case of Maslow’s Law for technologists, you can’t contemplate higher-level concerns like BYOD if your basic survival (in this case, funds and security) are perceived as being at risk.

The other reason seems, more promisingly, to be that the majority of organisations already have some sort of BYOD policy in place. The Future of the IT Pro survey found that 60 per cent of IT managers have indeed implemented a BYOD policy. More than half of the IT professionals agreed on the main success factors for these policies - an “approved applications” list, more network security, and some form of restriction on data access.

But does this apparent awareness reflect a false sense of security? It’s easy to identify the critical elements for a successful BYOD framework, but if it isn’t at the top of the agenda then these elements are unlikely to be supported technically, let alone at best-practice levels. Complacency over BYOD can easily give rapid rise to the very security and network issues which are at front of mind for most IT managers: a rogue device or data leakage can quite easily undermine core security or result in costly privacy breaches and sales losses.

By placing attention back on BYOD, IT managers can tackle many of their biggest current – and future – pain points at the source.

Best-practice makes perfect

The single most important element of strong BYOD policy is that it’s grounded in rigorous analysis of your network and data activity. Knowing what your employees are using their devices for is the critical first step for all other policy elements, from white-listing applications to educating users. If you can’t monitor what’s going on, you won’t know what risks or benefits your organisation currently faces – let alone how to adequately deal with them.

Start with a simple platform for device tracking and port monitoring which can tell an IT manager where and when any device connects to the network, its bandwidth consumption, use of specific ports, and historical patterns of access – all of which will indicate whether that specific device is a risk to the organisation or not.

That same information will also make it much easier for the IT manager to keep track of and control errant devices: by identifying and imposing rules based on devices’ IP/MAC addresses or port selection, for example.

Once you integrate this simple network monitoring platform with a SIEM (Security Information and Event Management) system or a dedicated Mobile Device Management solution, you start to reach the technical capabilities needed to not only manage BYOD, but improve proactive detection of and response to vulnerabilities across the entire IT ecosystem – not just the personal device fleet.

And the canny IT manager will, more likely than not, identify ways to create efficiencies and optimise resources out of that same knowledge: limiting bandwidth allocations on high-consumption devices, for example, not only reduces lag for other users but also cuts expenses for the IT department.

The long-term view

A best-practice approach to BYOD, cemented in rigorous systems monitoring and analysis, address the fundamental pain points which IT managers currently feel most keenly. That shouldn’t come as too much of a surprise. BYOD, after all, reflects the same end-user desires for choice, convenience and usability that have informed IT policies since the earliest days of mainframes and desktops.

Once they know what effect BYOD is having, IT managers become well-placed to not only implement technical fixes but hold informed conversations with their co-workers about how to do what’s best for both themselves and the business. And if they prioritise best-practice approaches now, they won’t have to worry as much about BYOD – or security or budgets, for that matter – in the near future.

Lawrence Garvin is a ‘Head Geek’ and technical product marketing manager at SolarWinds.

Related Articles