By Greg Keller Posted April 17, 2017
Like it or not, BYOD has arrived.
Actually, BYOD has been around for awhile now. But it’s growing every day. Most companies support it and most employees end up using personal devices for work regardless of BYOD policy (sources). So there’s simply no avoiding it and IT organizations continue to struggle.
The question at the core of the struggle is: How do you manage end users and their systems? It’s all well and good to give end users their choice of platforms. But as an IT organization, you are chartered with protecting the network and digital assets. That’s no easy feat when you consider that you don’t technically control all of those devices.
Rule #1: Be Proactive
For BYOD, it’s always better to be ahead of the curve. The alternative is always to react to the reality of employee device use after the fact. So some of the best IT organizations make a deal of sorts with their users. They may let them bring whatever type of device they want into the company, including Mac and Linux systems, as long as IT manages it.
But that’s often easier said than done.
Historically, IT management tools were built for the most dominant platform, Microsoft Windows. Today, Windows accounts for just one in five devices (Forbes). But since Microsoft Active Directory® is still the identity management platform for so many organizations, hooking up BYOD devices isn’t always easy or possible.
But there is good news. IT can fulfill their part of the bargain and successfully manage the BYOD device. Let’s take a look at the two options.
Two Ways to Achieve Cross-Platform BYOD Support
The first option is to leverage Active Directory as the authoritative directory service and extend those identities to BYOD devices and their users.
The other alternative is to replace Active Directory with a complete cloud identity management platform that works with all of the various types of IT resources, including Mac and Linux devices.
Both options can be delivered by a cloud identity management platform called Directory-as-a-Service®. Integrated with BYOD policies, this modern IDaaS solution can deliver the control and visibility that IT admins are looking. All while still giving end users the choice of their favorite devices.
IT organizations simply place a lightweight agent on the BYOD device. From that point on, they can manage it as if it were their own. The end user would still have control over their device. But IT would have an admin login to provide support and security. If the end user leaves the organization, IT can simply remove the agent and the device reverts back to its previous state.
Don’t Forget Your BYOD Policy
Remember the core struggle: how can IT admins control, secure, and support their end users and devices? Without an agreement that lets them do so, IT organizations are at the mercy of their non-technical users. That’s a big risk to take when you are responsible for securing the organization’s digital assets.
We’ve compiled a list of best practices for BYOD, and in it give an overview of how to craft and enforce an effective BYOD policy. Here are the quick bullet points for what should be included:
- List of permitted devices
- Lay out your Security Policy
- Establish a Service Policy
- Determine Ownership over apps and data
- List of Allowed / Banned Apps
- Set up terms in case of employee exit / termination
Cloud Identity Management is the Ultimate Tool
A cloud identity management solution one of the most critical technologies that BYOD organizations can leverage and gives IT the control that they need over each and every system in the organization. If you would like to learn more about how JumpCloud’s IDaaS platform can support your BYOD policy, drop us a note.
We also have a case study you can read in which Full Contact chronicles their journey overcoming BYOD obstacles using this platform. If you’re more of a hands-on learner, feel free to sign up for an account with JumpCloud’s Cloud IAM platform. Give it a try for yourself. Your first 10 users are free forever.