Monitor where your data is going
This is where IT can shine. By setting up shared company file servers and as well as protocols for who can access files and how, IT can monitor people accessing any locally hosted files.
Weiss says that TeliApp runs on the understanding that anything on the company server is company property, and so users don't copy files to their desktops. If someone does copy a file, the action is immediately logged and remedied. "Everyone understands the policy after their first well-meaning screw-up," Weiss says.
Try to keep data off local devices
When choosing applications and services, make sure a lot of data can't be downloaded and saved to local devices. One of the keys to minimizing risk in a BYOD workplace is restricting user access to networks and central repositories. You'll want to find tools that can sync all user data to a central account that an administrator controls access to. You'll also want to find ways to place intermediary technologies between the company network and employee devices. It will ultimately reduce IT's workload and add a layer of security to the company's networks.
"If you mobile-enable users and they have access to your enterprise data in an unrestricted fashion, you have to actively manage that device, which is difficult to do," Veague says.
One example of a cloud-based service that can minimize risk to the BYOD workplace: YouMail. The voicemail service stores all its customers' voicemails and call history in the cloud, so an employer who has YouMail as its voicemail standard will retain contact information and voicemail content even after an individual user leaves. The downside? In the current business-class offerings, users can still access their old accounts. However, in a forthcoming enterprise product, which is still in private beta, but aiming for customer deployment by the end of the summer, an administrator will be able to activate and deactivate individual user accounts.
You'll also want tools that let an administrator remotely wipe or delete an account. This way, former workers can maintain their device, yet they will no longer have access to their old accounts in certain apps.
Find applications that minimize the amount of data that's downloaded to any mobile device, Veague suggests, and follow this rule of thumb: "If you can't access the app, you can't access the data." If this rule is followed, then all an IT admin has to do when an employee leaves is shut off the individual user account; the data remains safe.
Do sweeps regularly
One of the downsides of a self-provisioning workforce is that not every worker is going to be as assiduous about application updates, security measures, and backups as a dedicated IT professional is. So have IT step in and do regular security check-ups on any devices that are allowed to access company networks. Because security requirements will be written into any BYOD policy, users will know that their devices are going to be scanned and updated regularly.
Sign up for Computerworld eNewsletters.