Some BYOD and Mobility Resources

This is just a brief post – the eighth in my Bring Your Own Device (BYOD) series – to mention some good resources on mobility and BYOD that enterprise IT professionals should be aware of, especially if you work in government ICT (in whatever jurisdiction).

The Australian Defence Signals Directorate has released a hardening guide for Apple iOS 5 that is well worth taking a look at. It includes good advice on how to use iOS in both corporate owned and BYOD scenarios, as well as recommendations as to settings that should be used. While written explicitly for Australian government agencies, it has much wider applicability. It can be used by government agencies in other jurisdictions with minimal change, and much of the advice is relevant to any enterprise.

The USA National Institute for Standards and Technology Computer Security Resource Center has released a draft document Guidelines for Managing and Securing Mobile Devices in the Enterprise.  This contains some very good advice, especially for government agencies, around securing mobile devices. In particular I like the advice that organisations should create their own threat model for mobile devices, so stakeholders can understand what the risks and issues are around security for mobile devices. My experience is that most people, especially business users are not aware of and have never thought of what the real security threats are around mobile devices, especially with respect to BYOD. On the downside it is a security focussed document, and doesn’t balance the security issues with concerns around usability and benefit, leading to a somewhat lopsided discussion.

The USA Federal CIO Council has recently issued a BYOD toolkit. It includes three case studies, some advice about the sorts of things that should be considered when implementing BYOD, and some sample policies. I found their characterisation of the three main technical approaches to BYOD particularly useful: (1) Virtualisation (providing access to applications and dat through some form of desktop virtualisation); (2) Walled Garden (having a separate application on the device where applications and data reside); and, (3) Limited Separation (allow the use of personal devices, but implement security controls through policy enforcement). In addition the case studies illustrate the variety of possibilities, and especially that BYOD can be a cost saving mechanism if managed correctly. Otherwise this is a fairly lightweight document which gives little concrete advice and more than anything shows the lack of penetration of BYOD and the necessary thinking around it within the US federal government.

Advertisements

2 Responses to “Some BYOD and Mobility Resources”

  1. They really should aware about it.Mobility in any part of the world seem really useful,in Helsinki Finland i seen most of the business know what is the advantage for them of mobility in fact i heard that Finland is one of the leading country on giving a design services for mobile application and other mobility stuff which i seen really amazing.Anyway thanks for sharing this.

Trackbacks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: