Why A BYOD Policy Is Useless Without Monitoring

Media Division | March 12, 2014

The BYOD era has been under scrutiny even since its earnest beginning.  4G tablets, smartphone and other new offerings are coming under the bring-your-own-device umbrella, increasing the stakes – and headaches & complications.

Raymond Boggs and Christopher Chute, analysts at IDC, inform that the BYOD trend has been favorable for small and medium-sized companies. BYOD program introductions have seen the biggest rise in organizations of this size according to the official report ‘U.S. 2014 SMB Corporate-Owned and BYOD Mobile Device Survey’.

In anticipation, MarketsandMarkets estimates that the BYOD market would be valued $181 billion with a 30% percent annual increase till 2017. The motivation for SMEs and large corporations is streamlined communication channels and increased productivity.

Companies joining the BYOD bandwagon can choose compliance to different regulations and standards; most of them like ISO 27001 already focus on aspects capable of improving a company-wide policy.

Implementing a BYOD policy

A flexible policy would allow an enterprise to fulfill its distinct needs. If CEO and higher level management conclude certain apps or devices unsuitable for company functions, they can be filtered during policy integration.

Then there’s also the need to define employee privacy requirements to avoid knee-jerk resistance to the policy. It can involve a binding agreement when devices are owned by employees; the agreement can explain the consequences of the device becoming non-compliant or if it causes a security threat.

Of course a BYOD policy isn’t an easy proposition; companies need to ensure compliance on the part of actual employee behavior with devices around enterprise data.

And this meticulous focus can be achieved through monitoring.

The BYOD environment is associated with employee and device best practices associated with their own procurement plans and checklists; monitoring ensures the environment stays sustainable as the use continues to expand.

BYOD monitoring: accessing use and behavior

A BYOD policy can go off track in several different ways – employees being negligent with policy restriction(s), network bandwidth overuse and connecting devices to unsecured WiFi networks are few examples.

However, with monitoring, some of these pitfalls can be mitigated. Enterprises can monitor compliance to a BYOD policy in some of the following ways:

Monitoring network use

BYOD traffic can overwhelm a company’s network and bandwidth, so it’s important for employers to make sure that the increase is actually work related. One of the best ways to track BYOD device impact on company network is to use monitoring software equipped with features such as filtering Mac addresses and WiFi overuse.

Such software may also include network access control to monitor device type and username for network authentication and then integrate policy restrictions to the network responsible for communicating with the device.

Archiving data provides a powerful insight into network BYOD traffic, which helps in detection of any suspicious trends.

Monitoring employee behavior

Installing monitoring software on employee devices without their consent can translate into legal troubles. Federal and state laws prohibit unauthorized access to personal devices of employees. ECPA (Electronic Communications Privacy Act) has a SCA (Stored Communications Act) that states punishment for unauthorized access.

Enterprises can however monitor employee behavior towards policy implementation; regular surveys and workshops that allow feedback can provide detail on current behavior towards BYOD standards.

For example, a survey report from GFI Software shows that only 12% of employees would not connect to public WiFi networks. So if a BYOD policy restricts employees from connecting to public WiFi, employers can conduct surveys and rate employees in terms of compliance and remind them about policy breach consequences.

Monitoring physical device location

Coca Cola earlier in the year admitted of falling victim to a bizarre device breach; an employee managed to steal 55 laptops over a 6 year period, without being noticed. Organizations can mitigate such occurrences by keeping tabs on areas where devices are kept and used.

If a BYOD policy permits employees to use and keep devices in a particular area or room, employers can assign a monitoring team for that region. An additional measure can be security cameras that can be referred to for monitoring and recognition of employees, and their devices.

At the end of day, monitoring compliance to a BYOD policy can improve a company’s bottom line; along with ensuring policy breach is kept to a minimum.


Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.