BYOPC Strategy: Policies and Problem Solving
-
Upload
andre-goyette -
Category
Documents
-
view
219 -
download
1
description
Transcript of BYOPC Strategy: Policies and Problem Solving
BYOPC Strategy: Policies and Problem Solving
Page 2 of 7 Sponsored by
BYOPC Strategy: Policies and Problem Solving
Contents
Creating BYOPC Policies: A Win-Win for IT and Users
BYOPC Support: How to Troubleshoot Before Issues Emerge
When it comes to developing a Bring your own PC (BYOPC) strategy, the first and most important step is to implement BYOPC policies. Once these policies are set in place, it makes it easier to be proactive in troubleshooting issues. This expert E-Guide dives into the benefits of creating BYOPC policies and the tasks to consider before problems arise.
Creating BYOPC Policies: A Win-Win for IT and Users By: Dan Sullivan
The first step in developing a BYOPC strategy is to create BYOPC policies,
and for this you need to understand the scope of your strategy. Jumping into
implementation without knowing what you are implementing will likely waste
time. You should consider acceptable use, liability, privacy, governance and
enterprise-supported device policies.
Create and define BYOPC policies
When a company purchases, provisions and supports a computer, the
company understandably expects to have full control over how employees
use that computer. In a bring your own PC (BYOPC) environment, the lines
of responsibility around proper use are blurred.
For example, a business may decide that employees shouldn't use company-
owned desktops for personal tasks, such as tracking a family budget. This is
precisely the kind of thing many employees would do with their own PCs, and
they may not think that using a corporate device is any different.
Balancing the family budget with a company PC is unlikely to cause any
problems, but devices with inappropriate material, such as illegally
downloaded media or pornography, could become a human resources issue.
Your organization should also clearly state BYOPC policies governing topics
such as harassment with respect to personally owned devices.
Page 3 of 7 Sponsored by
BYOPC Strategy: Policies and Problem Solving
Contents
Creating BYOPC Policies: A Win-Win for IT and Users
BYOPC Support: How to Troubleshoot Before Issues Emerge
One of the most important BYOPC policies is an acceptable use policy,
which should specify the device owner's responsibility for protecting
corporate information. For instance, employees should take care to protect
personal devices that store sensitive data from loss or theft. If users install
unauthorized applications on the same PCs that access corporate systems,
IT must mitigate the risk of a user's PC eventually transmitting malware to
company computers or data leaking through an inadequately secured PC.
IT can implement security controls in various ways, including verifying that
anti-malware and personal firewall software are installed and up to date.
When an employee's device does not meet minimal BYOPC security
requirements, you can deny it access to the corporate network. Network
administrators can require virtual private network use to further protect
communications between business systems and the employee's PC.
IT professionals may determine that the best way to balance protecting the
business while allowing BYOPC is to use virtual desktops and applications.
With this approach, an employee connects to an access gateway to reach a
centrally managed virtualized application or desktop. This allows IT admins
to maintain control over corporate apps and data without implementing
substantial controls on employee-owned PCs. In such a scenario, you'd need
to define policies describing how to use the virtualized desktops, establish
access restrictions and describe how users would be grouped according to
their roles and responsibilities.
Comprehending the intricacies of liability will no doubt require legal advice.
Some instances that may raise liability questions include a private or
confidential data leak from a personal device and personal data loss because
of a business application error, or as a result of poor advice from technical
support.
User agreements can capture company policies, but employees should
understand the details of those policies. Having an employee click through
an end-user agreement may meet legal requirements for consent, but it does
not mean employees understand the scope of the policies.
Page 4 of 7 Sponsored by
BYOPC Strategy: Policies and Problem Solving
Contents
Creating BYOPC Policies: A Win-Win for IT and Users
BYOPC Support: How to Troubleshoot Before Issues Emerge
It's better for an employee to know up front that the business retains the right
to alter a device connected to the corporate network -- including erasing
personal data -- than to find out unexpectedly that the family photos are gone
for good. When you describe key provisions of end-user agreements, it is
also a good time to review best practices for protecting personal data, such
as performing regular backups.
Clearly state your BYOPC policies and your privacy policy. Will the business
download data from the employee's personal computer? For example, some
mobile device apps download contact lists from mobile devices after
installation. Users may have agreed to this by clicking through the end-user
agreement, but it was a surprise to many and created a public backlash in at
least one data-mining case. If you intend to perform operations on a
personally owned computer, such as scanning for malware or checking
security configurations, tell employees before you do it. Employees who do
not wish to have required operations performed on their devices should be
denied access to the corporate network.
About the author
Dan Sullivan, who holds a master's degree in computer science, is an author,
systems architect and consultant with over 20 years of IT experience, with
engagements in advanced analytics, systems architecture, database design,
enterprise security and business intelligence.
BYOPC Support: How to Troubleshoot Before Issues Emerge By: Dan Sullivan
Once your policies and security practices are in place and your employees
are working with enterprise applications, you'll start getting BYOPC support
requests.
Consider how IT administrators will troubleshoot problems with users'
personal devices. Ideally, the BYOPC support staff will have its own devices
running all company-supported platforms. IT support groups should test
Page 5 of 7 Sponsored by
BYOPC Strategy: Policies and Problem Solving
Contents
Creating BYOPC Policies: A Win-Win for IT and Users
BYOPC Support: How to Troubleshoot Before Issues Emerge
enterprise applications on various devices before announcing support for
them.
Establish guidelines that outline what types of BYOPC support advice you'll
offer -- for example, don't suggest wiping the device -- and set limits on the
time and resources that you'll dedicate to troubleshooting employee-owned
PCs and related devices. When using virtual desktop environments,
determine which clients you support and test for usability and performance.
As part of enterprise support of BYOPC policies, consider the following tasks:
Define acceptable use policy.
Understand liability and privacy issues (now would be a good time to
call your legal department).
Formulate a governance model and understand what role, if any, end
users will have in setting or changing policies.
Determine which enterprise applications will be accessible in BYOPC
and under what circumstances (e.g., Application X can only be used
when on a virtual private network or through a virtual desktop).
Specify BYOPC authentication and encryption requirements.
Determine how you will enforce policies. Will existing management
systems, such as Exchange ActiveSync, meet your needs, or will
you need mobile device management software?
Create a list of requirements for managing personally owned PCs.
Assess existing systems for meeting those requirements, and then
consider if additional functionality is needed.
Assess your ability to support multiple applications on multiple
platforms. What limits will you have to prevent undue burdens on IT
support staff?
Page 6 of 7 Sponsored by
BYOPC Strategy: Policies and Problem Solving
Contents
Creating BYOPC Policies: A Win-Win for IT and Users
BYOPC Support: How to Troubleshoot Before Issues Emerge
Determine which methods for delivering enterprise applications your
organization will support, and test enterprise applications for usability
and performance.
The success of a BYOPC strategy depends in large part on the ability of
desktop administrators to help executives and managers understand its risks
and benefits and to implement policies and enforcement mechanisms.
Administrators will be required to work on a wide range of BYOPC support
tasks, from specifying security controls and evaluating applications to
determining the best methods for enforcing policies. Implementing a BYOPC
or BYOD program is challenging because it requires you to keep in mind the
best interests of the business and employees while maximizing the benefits
to both.
About the author:
Dan Sullivan, who holds a master's degree in computer science, is an author,
systems architect and consultant with over 20 years of IT experience, with
engagements in advanced analytics, systems architecture, database design,
enterprise security and business intelligence.
Page 7 of 7 Sponsored by
BYOPC Strategy: Policies and Problem Solving
Contents
Creating BYOPC Policies: A Win-Win for IT and Users
BYOPC Support: How to Troubleshoot Before Issues Emerge
Free resources for technology professionals TechTarget publishes targeted technology media that address your need for
information and resources for researching products, developing strategy and
making cost-effective purchase decisions. Our network of technology-specific
Web sites gives you access to industry experts, independent content and
analysis and the Web’s largest library of vendor-provided white papers,
webcasts, podcasts, videos, virtual trade shows, research reports and more
—drawing on the rich R&D resources of technology providers to address
market trends, challenges and solutions. Our live events and virtual seminars
give you access to vendor neutral, expert commentary and advice on the
issues and challenges you face daily. Our social community IT Knowledge
Exchange allows you to share real world information in real time with peers
and experts.
What makes TechTarget unique? TechTarget is squarely focused on the enterprise IT space. Our team of
editors and network of industry experts provide the richest, most relevant
content to IT professionals and management. We leverage the immediacy of
the Web, the networking and face-to-face opportunities of events and virtual
events, and the ability to interact with peers—all to create compelling and
actionable information for enterprise IT professionals across all industries
and markets.
Related TechTarget Websites