Creating End-User Mobility Policies
August 28th, 2013 By: Industry Perspectives
Bill Kleyman is a virtualization and cloud solutions architect at MTM Technologies where he works extensively with data center, cloud, networking, and storage design projects. You can find him on LinkedIn.BILL KLEYMAN
IT consumerization has taken many organizations by storm. Users are asking IT administrators to help them support more devices which want access to corporate data. Smartphones, tablets and ever personal laptops are all being used by end-users to be more productive and have a more positive computing experience. The Age of Bring-Your-Own-Device has arrived, yet the implementation is where the underlying challenge begins to arise. With all of these devices, how does an IT department manage the data being delivered to these devices and how can they continue to provide a powerful end-user experience?
In developing a BYOD platform, it’s important to understand that the goal isn’t to manage the end-point, rather, the idea is to control the data and the flow of information. By setting good policies and have the right tools in place, administrators are able to control the IT consumerization phenomenon.
- Data/computer usage policies. Part of any great technology policy is the ability to not confuse the end-user. In working with BYOD usage policies, it’s important to take the time and differentiate between what is the user’s responsibility, what their personal information is, and what corporate data they may be accessing. A BYOD policy should outline that although devices may belong to the user, the information they are accessing – even by simply viewing it on a phone for example – will place them under the computer or technology policy. Furthermore, although IT administrators aren’t really supposed to be working on end-user devices, the user’s data usage may be monitored. This means that any device accessing corporate information may be monitored (only that specific session) for suspicious activity.
- Stipend programs. One widely adopted policy has been to look at various ways to offset existing end-point costs. Let’s look at the typical PC within a large organization. Over the life of the machine – approximately 3-5 years – the maintenance costs may average $5K a year. This includes software, hardware, and general administrative costs. Now, imagine offsetting almost all of that into a stipend-backed BYOD program. A user can select an approved device from a general corporate-provided list for about $2-$3K. The device, the hardware, and all of the maintenance will fall on the user. The corporation will subsidize the purchase of the device, provide a client for access, and allow the user to use the machine for business and personal consumption. The benefit here is that the organization can streamline management costs, provide a better end-user experience, and provide an end-user buyout option. At the end of the life of the device, the organization can offer the end-user a $1 (or some similar amount) buyout option. This way, a company is able to write off the machine and not be responsible for disposal of the hardware.
- Creating an approved device list. In creating a BYOD policy, it’s very important to create a structured list of approved devices or pieces of hardware. This can range from phones, to tablets and of course – PC machines. Given today’s similarities in hardware and even OS platforms from an end-user perspective, the list can be fairly all-encompassing. Still, it will provide a certain element of rigidity when it comes to device selection. In some cases, certain types of devices just won’t work with a corporate workload delivery infrastructure. Whether some type of client provides challenges or an application isn’t compatible – there needs to be a good understanding of which devices will operate with the least amount of administration requirements for the IT staff and the end-user.
- Controlling remote access. One of the challenges with BYOD is that information can be access from almost any device in any location – given an Internet connection. This means that there have to be good security policies in place to monitor where an end-user is coming from. One of the policy requirements may be that a secure connection is required. Administrators are actually able to interrogate a device and see where it’s coming from. If the location is deemed as unsafe, administrators may actually block or provide only partial access to the corporate data. In creating a remote access policy – ensure that users are aware that although the device belongs to them, the corporate data does not. In light of that, they need to exercise caution in how they access the information. From the data center side, administrators can do some of the following to further secure remote access:
– Access Control Lists (ACLS)
– Mobile Device Management (MDM) platforms
– Device Interrogation Policies
– Intrusion Detection/Prevention Services (IPS/IDS)
– Data Leakage Prevention (DLP) Engines
The most important rule with any BYOD initiative is to prevent an unmanaged free-for-all. The end-user computing experience and the data that the end-point receives must be monitored and controlled. Using advanced security technologies capable of managing all sorts of endpoints will simplify the device control process. New tools are able to monitor everything from mobile phones to what a user is trying to send out when accessing corporate data. This type of granular control will help administrators manage the BYOD initiative and prevent potential security issues. With good policies and a solid deployment plan, BYOD can help organizations support a wider and more diverse user base.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.
Dale FurilloPosted September 2nd, 2013
Any good data usage policy for the enterprise must implicitly ban cloud data storage. It’s the only way companies can remain in control of their data.
There are now plenty of good on-premise options for mobile data access, and the benefits of those options far outweigh any duplicate storage based options in regards to impact on work process and thus speed of ROI.