BYOD or Bring Your Own Device is
the way organizations are planning to take.
The talk is going abuzz in the corporate world as it would help
organizations reduce their IT budget and increase operational efficiency. In my view it is not that bad an idea, but would
require looking a bit deeper at the Compliance perspective and the risks that
would emanate when an organization would run BYOD. The Organizations would require investing and
managing various technological solutions to ensure that the Data Privacy and
Protection Laws of the world are addresses and that the common framework of controls
is enforced across all the devices that come in being due to BYOD.
The BYOD program from the aspect
of controlling data access and ensuring data protection would need to evaluate
and consider deploying following technologies:
- Jump Server – to log in to the organizations corporate network and provide viral desktop environment to the users. The virtual desktop would have all the desired user settings including file & print configuration, Proxy settings, mailbox configuration and the application shortcuts for the desired applications for the user concerned
- Network Admission Control – to control the risks emanating from the unpatched and unprotected personal devices that can introduce Trojans, viruses, worms, BOTS etc in the corporate network. The Organizations would need to critically look at investing on a strict Anti-Virus & Patch Management Regime Supported by the Network Admission Control devices.
- Two Factor Authentications – to ensure that the password compromises do not impact / provide access to the corporate network. Additionally this would also help organizations to be able to support the Work from Home (WFH) program thus further reducing their operational cost associated with Facility Management for the ever growing number of seats with workforce increase.
These are just the indicative controls
that should be considered or rather implemented by the organizations seriously
going the BYOD path. Certainly the CXOs
of the world would be better placed to take the final decision on the set of
controls from the likes of IDM, DLP, SSO to add to. This would certainly require an indepth assessment
on the requirements and the risks emanating to an organization.
2 comments:
Good post!
The point that caught my imagination was the "work from home" thing and the impact that it could have on the opex.
If only organizations would hear (sigh!).
On the other hand, owing to a multitude of problems in the infrastructure (power, for one), it sounds prudent for organizations to ask everyone to come to office so that they can ensure that work is getting done (sorry-can't-deliver-work-unscheduled-power-cut).
How do you think organizations should address that?
Good post!
The point that caught my imagination was the "work from home" thing and the impact that it could have on the opex.
If only organizations would hear (sigh!).
On the other hand, owing to a multitude of problems in the infrastructure (power, for one), it sounds prudent for organizations to ask everyone to come to office so that they can ensure that work is getting done (sorry-can't-deliver-work-unscheduled-power-cut).
How do you think organizations should address that?
Post a Comment