IT | Security

BYOD Policy: Shaped by the Data Not the Device

By: Absolute Editorial Team | 5/23/2013

When it comes to your BYOD policy, it's time to stop thinking about the device and start thinking about the data. As summarized by Absolute Software's CEO John Livingston for SiliconANGLE, setting up separate policies based on device type (phone, tablet, portable media, laptop, desktop) is both an "inefficient and expensive experience."

A typical employee will use many different device types which can leave IT trying to juggle too many factors and operating systems unnecessarily. If the focus shifts from managing devices to managing data, the number of devices becomes a moot point.

Regardless of the device an employee uses – their access to data, networks, and other corporate information will remain the same. And if there is access or data to which they are restricted, these restrictions should be maintained regardless of the device or operating system. The only constant in this equation is the user.

When you define your data by the individual, you have a greater control over understanding what data access is needed, where the data is being used and how to respond if a security incident occurs. The article on SiliconANGLE goes into detail on how to develop a template for groups of users that outlines their rights and permissions based on their needs. This way of approaching BYOD or CoPE allows businesses both the security and flexibility needed to meet business objectives.

The approach may sound very open, but it is not a free-for-all; devices that do not meet minimum security requirements can be blocked from accessing the network and BYOD devices need to be registered and controlled in the event the device becomes non-compliant. To fit the user-centric model, efficient businesses should create a single BYOD policy tailored with the end user in mind:

The BYOD policy should act as a complement to an existing baseline IT policy that covers all devices and is in effect regardless if the device is owned by the employee or the organization. It should be a constant protocol that IT implements based on scenario and user activity – not on the type of device.

For more of our thoughts on the data vs device positioning, you can also read our thoughts featured in Health Management Technology Magazine and in Mobile Enterprise Magazine. For more on creating an efficient BYOD policy, read our guide on How to Implement a BYOD Policy in 3 Simple Steps.