There’s a good chance that you, your staff, and coworkers will acquire smart devices including watches, smartphones and others. How will you ensure that they’re secure?
New Devices, New Risks
Rapid innovation in consumer products technology is now the norm. With price points falling, the number of users able to purchase innovative products continues to rise. Great for users, no doubt, but maybe not so great for organizations that will see an associated rise in security threats from new endpoints.
For organizations, especially small and medium-sized enterprises, now is the time to plan and adjust for the season of new devices. Each additional device introduces vulnerabilities; employees who may be thrilled with exploring the latest features aren’t likely to dedicate the same energy to considering their security stance.
No matter where or what the device is, consider these risks, including insecure networks, from which employees may be logging in and insufficient (or nonexistent) endpoint protection policies or software. Beyond security issues, establishing simple access for employees raises other considerations. Employees need to connect to both cloud and on-prem resources, and they want that connection to be simple and easy. IT teams have the responsibility of making that happen without adding friction, no matter the device an employee uses.
When it comes to the latest gadgets, workers are going to use them; IT needs visibility and participation in device strategy to best secure an organization. To achieve this, IT teams should adopt a “Yes, and” or “No, but” approach for partnering with coworkers on new devices, platforms, and technologies. Done well, the result can be a positive one; one recent study on IT empowerment found a connection between those that actively use consumer IT and higher levels of perceived performance, as well as a close relationship between IT empowerment and perceived innovative work behaviors.
Build a Collaborative Approach to Device Management
Here are a few tips to get started with a collaborative approach to device management to ensure that new devices don’t undermine your organization’s security.
Establish policies around employee devices
For bring-your-own-device (BYOD) environments, recognize that BYOD involves bidirectional considerations. Employees (and anyone using their device) must adhere to rules and practices that protect both their device and the resources connected to it. IT teams need to respect parameters on an employee-owned device and not infringe on employee privacy. An IT approach of “Yes, and” or “No, but” establishes mutual responsibility, and respect, for each party’s interests.
To best protect boundaries and resources, draft an organization-wide policy about the parameters of BYOD that:
– Spells out approved devices and operating systems, and includes the flexibility to add others,
– Establishes clearly what the organization can and can’t do with each device,
– Makes clear what responsibilities each device user has in terms of accessing sensitive systems and data.
– Sets parameters around document and file transfers to personal devices, and
– Makes explicit the protocol around lost or stolen devices.
Use an MDM
A mobile device management system (MDM) gives IT the ability to manage devices on a network centrally. There is a feature spectrum of MDM tools, but organizations that allow BYOD environments should look for those with optional enrollment policies to garner trust and maintain employee autonomy. Where devices are organization-owned, MDM policies can be more restrictive.
For employee-owned devices, the organization should have limits on control, but an MDM should be able to perform basic functions like:
– Adding shortcuts to a home screen,
– Requiring a passcode,
– Creating customer configuration for policies, profiles, and applications, and
– Being able to lock and wipe the device remotely in the case of device theft or lock.
Leverage native biometrics for MFA
Despite years of debate surrounding the potential extinction of password-based systems, many organizations continue to rely on them to ensure proper employee access. A simple way to ensure more robust security in a password environment is to add multi-factor authentication (MFA) via the biometrics readers built into new devices. It’s now standard for devices to have fingerprint readers, either on-screen, through the touchpad, or on the back of the device. Many also have face recognition ability. By leveraging existing tools on new devices, the IT organization can capitalize on consumer tech innovation and help employees become accustomed to better security practices.
For IT teams, resistance is futile. New gadgets are coming and employees will soon be using them to access work resources. You can’t control device use but, by establishing solid processes for BYOD use and adopting tools that help IT manage devices with ease, you can ensure your organization’s security isn’t compromised.
About the Author
Tom Bridge is the Principal Product Manager for Apple Technologies at JumpCloud. He is also the producer of the Mac Admins Podcast and a co-chair and board member of the Mac Admins Foundation, whose mission is to foster connections, share and preserve knowledge, protect the independence of the community, and maintain broad accessibility to all community resources. Prior to joining JumpCloud, he was a partner at Technolutionary LLC, where he managed IT operations for over 15 years