Mobile Computing Device Deployment Methods
After the organization has chosen a technology to implement in order to alleviate the risks associated with mobile device computing, the organization must choose a mobile device deployment method as well. Although there are a number of different mobile device deployment methods, the majority of organizations within the United States are primarily using Bring Your Own Device Deployment (BYOD). The concept of a BYOD mobile computing system involves a company’s employees using their own personal mobile devices for company related activities, while still being able to simultaneously use the devices for their own personal wants and needs.
According to L. Gary Boomer, “BYOD policies make employees happier”, while Amy Vetter adds; “employers that oppose the trend are fighting a losing battle that could result in employees’ leaving” (Drew). The risk landscape associated with BYOD mobile device deployment is dependent on what can be narrowed down to three key factors; “the organization’s risk profile, current (and future) mobile use cases, and lastly the geographic deployment of the devices” (Ernst & Young Bring). For the first factor, the organization’s risk profile, the definition, as well as the treatment of risks, by the organization plays a crucial role in the identification of the proper security controls to employ. The second factor, current (and future) mobile use cases, is crucial primarily due to the fact that there is not a “one size fits all” use case. Finally, the third factor, the geographic deployment of the devices, is important due to the laws and regulations related to privacy concerns from an international standpoint. Moving forward in the process of conducting a mobile device configuration review audit from a BYOD perspective the associated risk factors are divided amongst three areas, “securing mobile devices, addressing app risk, and managing the mobile environment” (Ernst & Young Bring). A BYOD system is easily implemented, and a BYOD policy usually addresses ten general areas. These areas include, general security requirements for mobile devices, authentication (passcode/PIN) requirements, storage/transmission encryption requirements, requirements to automatically wipe devices after a number of failed login attempts, usage restrictions for mobile devices, company liability, rights to monitor, manage, and wipe, support model, leading practices for mobile data usage on international travel, acceptable use (if different from the normal acceptable use policy). Additionally, the process of securing and improving the BYOD system involves a series of eight steps. These steps include, creating a strategy for BYOD with a business case and a goal statement, involving stakeholders early through the formation of a mobility group, creating a support and operations model, analyzing the risk, creating a BYOD policy that adheres to the requirements previously discussed, securing devices and apps, testing and verifying the security of the implementation, and lastly measuring the success, ROI, and roll-forward lessons learned. Lastly the hidden service costs associated with BYOD include, user device control, users’ expectations relating the support of BYOD, costs associated with request fulfillment, and the additional costs associated with the training of service desk staff (Ernst & Young Bring).
Do'stlaringiz bilan baham: |