I've written many times about the Bring Your Own Device movement (BYOD) and the need for increasing security controls.
For years, we've controlled device settings on Blackberry devices with the Blackberry Enterprise Server (BES). We force passwords, encryption, and device memory wipes for ten failed passwords so that every user has enterprise enforced security
With iPhones and Android devices it's harder to control settings and behavior on personal equipment.
We think the best we can do within the limitations of present server-side technology is to enforce the use of passwords on all devices using Active Sync, require a timeout of 10 minutes, and eliminate the use of the most simple passwords (1234, 1111 etc). Microsoft Exchange/Active Sync can query the device for the settings currently in place and only synchronize email if the device adheres to enterprise security policies.
We'll eliminate support for POP and IMAP protocols because these cannot be used to inspect and enforce desirable device settings.
We've debated the use of settings that automatically wipe the device for 10 failed password attempts, as we do with Blackberry. However, given that we cannot selectively purge corporate verses personal data, we'll likely avoid that setting for now.
BYOD management is a journey. Server side tools that inspect personal devices and only allow synchronization of corporate data such as email when settings are consistent with policies seem like a cool solution.
In the future, we may add client software (Mobile Device Management) to each device to provide more control over encryption on Android devices and permit selective memory wiping of corporate data.
I welcome comments on what others have done. BYOD is here to stay. Compliance and IT departments need to collaborate on a set of policies and technologies that will meet the needs of regulatory requirements while maintaining service capabilities and user productivity.
Friday, May 11, 2012
3:00 AM
dssadsds
No comments
Related Posts:
Cool Technology of the WeekIn the aftermath of the Blackberry outage last week, many people have asked me about iPhone 4S and Droid devices. As I wrote about yesterday, I chose the iPhone 4S to achieve a consistent user experience between my pho… Read More
The Technology I Own, 2011 editionIn 2009, I wrote about the technology I own.In 2011, I own less. My devices have converged and everything I need is available in two products:1. A Macbook Air 11" with 4G of RAM and 128 G of SSD running Mac OSX 1… Read More
The October HIT Standards Committee MeetingThe October HIT Standards Committee meeting included recommendations for privacy/security certification criteria, a discussion of next steps for the Standards and Interoperability framework priorities, and a review of the com… Read More
Reflections on My Daughter's College ExperienceMy daughter made the transition from high school to college about 2 months ago. Already, she's matured emotionally, intellectually, and physically, becoming an independent adult.When I reflect on my own college experien… Read More
An Update on Massachusetts Health Information ExchangeAs I've described previously, Meaningful Use Stage 1 was focused on the electronic capture of data into EHRs. The standards we specified included content and vocabulary but not transport.Stage 2 will be more focused on … Read More
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment