This article is part 2 in a series called “The Evolving Workforce,” which explores the blend of IT trends, customer expectations and consequences of enabling employees to be productive “anytime, anywhere, from any device.”
Enterprise networks are run like exclusive clubs: You need just the right credentials to join, and if you don’t fit the bill, you don’t get in. However, there are good reasons for requiring authorized access as far as the networks go. Corporate data centers are full of sensitive security, compliance and competitive information that you can put at risk if you give the wrong person access.
No doubt, bring your own device (BYOD) can add more challenges to an already complex data management picture. Suddenly, different types of devices, with different capabilities and security architectures, are seeking network access. In many cases, users add their own applications to their devices or tinker with the hardware in ways that can impact the integrity of corporate networks. Administrators have legitimate concerns about unsecured users getting access to corporate networks. Fortunately, solutions are available that can secure corporate data without limiting user productivity.
Profiles are here to help
Profiles – sets of rules that devices must follow – can help you manage network access in a BYOD world. Each time a device requests access, the profile linked to that device can check to ensure specified conditions are met before allowing access. You can create a profile that requires a secure connection. Then that profile will reject access if a user tries to connect from an open network at the local coffee house. Or, you can set up a profile to reject a request if too many have been made within a short period.
Profiles typically align employee roles with the responsibilities associated with that role. For instance, an engineer’s profile probably wouldn’t qualify for access to HR systems. Profiles can even control access based on geographic location or time of day. The possibilities are limitless.
Used wisely, profiles can enable an enterprise to walk a tricky line. They can give employees access to the tools they need to do their job, ensure security and compliance and check all the other boxes on the vigilant CIO’s checklist.
So how do businesses get profiles right? Implementations may vary, but best practices can steer companies to solutions that work for everyone.
Start with the essentials
You can create profiles that are extremely granular in what they check for and allow. Profiles can vary widely from employee to employee. Some businesses develop highly nuanced profiles, while others don’t get so detailed. When it comes to BYOD, what they all need, however, are core rules.
“You need to look for a couple of things when a device registers with your network,” says Jason Moody, BYOD technology specialist at Dell. “Your profile should check for a device password or PIN, and in the case of iOS devices or rooted Android-based hardware, the profile needs to reject devices that are ‘jailbroken.’ A jailbroken or rooted device has had its security layer removed, which opens the door for hackers. A profile can check for these things and reject devices that don’t play by the rules defined in the profile. ”
Sync your profiles with your BYOD strategy
You can expand your profile settings beyond the basics, but you should use your company’s BYOD strategy to guide you. Many businesses see BYOD as a way to facilitate access to business email, contacts and calendars. The profiles they create allow access to those resources, but not to other IT systems. Other companies want high visibility into how BYOD devices are being used. Certain businesses have heightened security concerns. They may need to create profiles that prohibit network access from certain applications on devices or less secure connections. “Aligning your profiles with your strategy is a must,” says Moody. “Companies have specific goals and concerns when they adopt BYOD, and their profiles should reflect both.”
Leverage mobile device management software
Your company’s profiles can be detailed, but they don’t have to be complicated. The same mobile device management (MDM) software many enterprises use to monitor and administer their BYOD programs can be used to fine-tune profiles. “MDM platforms can walk you through the process,” says Moody. “You can use them to set all manner of rules, such as not allowing a single password to be used for more than 90 days or for restricting certain applications. You can quickly create highly customized profiles for each user and tweak them as circumstances, such as job responsibilities, change.”
Some users may need more than one
Some circumstances require temporary, but substantial, changes in how users access the corporate network. When an employee travels to a country where security concerns are heightened, the activities allowed back home might have to be restricted. In those cases, an alternate profile – with a different set of rules – can prove handy. It’s simple to implement an alternate profile when you use an MDM platform. “You can set up your profile to notify the MDM to switch profiles when the device is on international roaming,” says Moody. “Then the alternate profile can address your concerns, like access to certain data and applications, and initiate a set of services designed specifically for the alternate environment.”
Profiles are an effective way to control your environment. But, just like all new business models, BYOD has to be implemented wisely before you can realize its full potential.Tags: BYOD,Software,Technology,Virtualization