Allowing employees to use personal mobile devices for work purposes is fast, and rather haphazardly, becoming the norm for companies keen to empower worker mobility and increase their productivity on the go. What most companies don't realise is that this comes with a host of implications, not only for network access control and data security, but also employees' privacy.
"When employees are allowed to use their own mobile devices for work purposes, it is essential that a few ground rules are established. This is to ensure that the company's security requirements are being met while at the same time acknowledging employees' right to privacy," says Dries Morris, Operations Director at Securicom, a local IT security management and consulting company that offers end-to-end managed IT security solutions, including MDM.
"Companies must also be cognisant that if they monitor personal mobile devices used by employees to access company resources and conduct business, it raises privacy concerns and they could be subject to legal liability.
"To ensure that everyone is on the same page, it is becoming increasingly important for companies to implement a well-constructed security policy around the use of personal devices for business-related purposes and enforce it with a mobile device management (MDM) solution.
"At the moment, the vast majority of South African companies that have allowed employees to bring their own devices to work do not have a sound mobile strategy and have not implemented security policies around the use of personal devices. They are putting their data and networks at risk, and are being opened up to the risk of liability as well," says Morris.
Securicom's MDM solution uses Zenprise, which is one of the most comprehensive and robust MDM offerings available on the market. Securicom offers the technology as a cloud-based solution in terms of a partnership with Blue Turtle Technologies, which has the rights to distribute Zenprise in South Africa.
Michael Hutchinson, Infrastructure Product Manager at Blue Turtle Technologies, which offers Zenprise as an on-premise solution to companies, says companies must formally define the parameters around the usage of personal devices.
"Companies must enforce access and security policies that clearly define the parameters relating to the use of personal devices for work purposes. The policy should detail the security requirements for each type of personal device that is used in the workplace and connected to the corporate network. This could include the way that passwords are configured, prohibit specific types of applications being installed on the device, and the encryption of data stored on devices.
"Enforcing a security policy also enables companies to limit the activities that employees are allowed to perform on devices at work and enforce periodic IT audits to ensure devices meet minimum security requirements.
"Due to the personal nature of the devices, employees must be clearly informed of company confidentiality rules, and the security and incident response implications of using their own devices for work purposes. The policy should also consider the impact on employees' privacy when they use personal devices for work.
"As such, the complex legal implications of BYOD must be carefully considered using a multi-disciplinary approach that would include security, IT, legal, privacy and risk management, among others," he says.
Hutchinson advises companies to introduce policies in terms of data and network access in a transparent and 'public' manner that clearly and concisely protects the company and mobile users. Policies should be a signed agreement that forms part of employees' standard terms and conditions of employment.
He also recommends that employers make employees aware that, as part of the policy, the network administrator has permission to monitor their use of personal devices on the company network. Evaluation of a company's security requirements and assessment of risks should be done on a continuous basis, as new risks and challenges are constantly emerging.
Share
Blue Turtle
Blue Turtle Technologies provides solutions for optimising, enhancing and leveraging existing IT investment, and supporting the cost-effective delivery of new technology initiatives. With experience from mainframe to desktop, Blue Turtle delivers solutions for the effective management of IT infrastructures employing innovative software products, backed by 'best-practice' implementation services. Blue Turtle's strategy leverages 'best-in-class' software products brought together from leading international and South African software providers to deliver compelling and cost-effective technology management solutions to customers. For more information, visit http://www.blueturtle.co.za.
For more information regarding Blue Turtle Technologies, please contact:
Michael Hutchinson
(011) 206 5600
Securicom
Securicom is a South African IT security management and consulting company. It is one of only a handful of South African technology companies to offer an end-to-end range of fully managed IT security services in the cloud.
Securicor's holistic suite of solutions provides comprehensive weaponry and proactive defence against the host of threats that afflict businesses today, from perimeter and endpoint protection, to WAN, LAN, cloud and mobile.
Their solutions operate on only the best-of-breed technology, including Symantec Brightmail, Riverbed, Zenprise and Trustwave; and are hosted offsite at Securicom's local data centres.
Securicom has offices in Johannesburg, Cape Town and Namibia; and offers its services in 10 other African countries. For more information on Securicom, please visit www.securicom.co.za.
Media enquiries, please contact:
Kerry Webb
(082) 496 0713
The Zenprise Partner Network
The Zenprise Partner Network is a key component of Zenprise's global go-to-market strategy. With two levels of partnership - Authorised and Premier - the Zenprise Partner Network is designed to provide all partners the opportunity to grow their businesses. All partners start at the Authorised level. As partners grow with Zenprise and achieve certain milestones, they can achieve Premier status. Premier level comes with additional support and compensation benefits, including growth rebates and lead sharing.
Zenprise
Headquartered in Silicon Valley, Zenprise is the leader in secure mobile device management. Only Zenprise protects all layers of the mobile enterprise, keeping organisations secure and compliant. Zenprise MobileManager and Zencloud let IT say "yes" to mobile device choice while safeguarding sensitive corporate data, shielding the network from mobile threats, and maintaining compliance with regulatory and corporate policies. This gives IT peace of mind, lets executives take their businesses mobile, and makes employees productive while on the go.
Zenprise's extensive list of global customers and partners spans a cross-section of countries and vertical industries, including: aerospace and defence, financial services, healthcare, oil and gas, legal, telecommunications, retail, entertainment, and federal, state and local governments.
For more information about Zenprise, please visit www.zenprise.com or follow the Zenprise blog, Facebook, and Twitter (@Zenprise_Inc).
(c) 2012 Zenprise, Inc. All rights reserved.
Zenprise is a registered trademark, and Zenprise Mobile Manager, Zenprise Secure Mobile Gateway and Zencloud are trademarks of Zenprise, Inc. All third-party trademarks, trade names, or service marks may be claimed as the property of their respective owners.
Editorial contacts