The right way to manage BYOD

A tiered access approach to information assets is the key to effective mobile security

Page 2 of 2

Now that you've defined the tiered access to your corporate ecosystem, you have to look at all the devices that are in the market and determine what tiers they reside in. The table below defines Tier 0 compatibility very specifically but gets more generic as it moves through the other tiers -- that's intentional, as you need to be very exacting as to what gets the most access, but not so much on devices that get less access.

Tier 0 Tier 1 Tier 2 Tier 3

BlackBerry 10

Apple iOS 6

Google Android 4.2 from Samsung with Samsung Knox

Google Android 4.2 from HTC and Motorola

Google Android 4.x from other vendors

Microsoft Windows Phone 8

Barnes & Noble Nook Kindle

Google Android 2.x through 3.x

You can build as many tiers as you like, although the more you build, the harder it becomes to define what devices go where. The goal is to make this a very easy list to maintain. IT just needs to evaluate new devices as they come out and add them to the appropriate tier in the list.

Next comes the easy part. You have defined the different levels of ecosystem access, so now it's time to turn your BYOD program into a managed one. The way to do this is quite simply to publish this list of device tiers and make sure every user is aware of it. This has to be something that is accessible on the corporate intranet and hits every user's inbox.

Now the magic happens. Users who participate in your BYOD program will look at the list to determine what device they're going to buy based on what type of access they want. They know if they buy a Windows Phone 8 device, for example, they're going to have access only to email through a third-party client. If they want more access they want, they'll choose a device that better maps your information security neeeds, like an iPhone 5, a BlackBerry Z10, or a Galaxy S 4.

In this approach, neither IT nor the business unit is telling the user what device to buy. Instead, they are limiting what the users can do based on the device they choose. This approach turns any BYOD program into a self-managed BYOD program. Users have the guidance they need to make an informed choice, and the security team is happy because it has the tools in place to protect the company's data even on noncorporate devices.

This article, "The right way to manage BYOD," originally appeared at A Screw's Loose and is republished at with permission (© Brian Katz). Read more of Brian Katz's The Squeaky Wheel blog at or at A Screw's Loose. For the latest business technology news, follow on Twitter.

| 1 2 Page 2