Mobile Computing Device Deployment Methods

Mobile Computing Device Deployment Methods

According to L. Gary Boomer, “BYOD policies make employees happier”, while Amy Vetter adds; “employers that oppose the trend are fighting a losing battle that could result in employees’ leaving” (Drew). The risk landscape associated with BYOD mobile device deployment is dependent on what can be narrowed down to three key factors; “the organization’s risk profile, current (and future) mobile use cases, and lastly the geographic deployment of the devices” (Ernst & Young Bring).  For the first factor, the organization’s risk profile, the definition, as well as the treatment of risks, by the organization plays a crucial role in the identification of the proper security controls to employ. The second factor, current (and future) mobile use cases, is crucial primarily due to the fact that there is not a “one size fits all” use case. Finally, the third factor, the geographic deployment of the devices, is important due to the laws and regulations related to privacy concerns from an international standpoint. Moving forward in the process of conducting a mobile device configuration review audit from a BYOD perspective the associated risk factors are divided amongst three areas, “securing mobile devices, addressing app risk, and managing the mobile environment” (Ernst & Young Bring). A BYOD system is easily implemented, and a BYOD policy usually addresses ten general areas. These areas include, general security requirements for mobile devices, authentication (passcode/PIN) requirements, storage/transmission encryption requirements, requirements to automatically wipe devices after a number of failed login attempts, usage restrictions for mobile devices, company liability, rights to monitor, manage, and wipe, support model, leading practices for mobile data usage on international travel, acceptable use (if different from the normal acceptable use policy). Additionally, the process of securing and improving the BYOD system involves a series of eight steps. These steps include, creating a strategy for BYOD with a business case and a goal statement, involving stakeholders early through the formation of a mobility group, creating a support and operations model, analyzing the risk, creating a BYOD policy that adheres to the requirements previously discussed, securing devices and apps, testing and verifying the security of the implementation, and lastly measuring the success, ROI, and roll-forward lessons learned.  Lastly the hidden service costs associated with BYOD include, user device control, users’ expectations relating the support of BYOD, costs associated with request fulfillment, and the additional costs associated with the training of service desk staff (Ernst & Young Bring).