Just as organisations need to manage their owned devices effectively, it’s increasingly common for employees, pupils, students etc. to want or need to bring their own devices into an organisation. 

This is another area where a clear policy and policy enforcement is required.

It is increasingly common with smartphones and tablets, where organisations do not routinely issue these devices, but in some organisations laptops, MacBooks etc. are also commonly in this category, and common productivity and other per use licensed software often allows users to install the software on their own devices / home computers as well as on organisational devices. 

These devices are more likely present a higher risk to organisations then their own devices and some commonly encountered issues include:

  • Out of date or unsupported operating systems and applications.
  • Newest versions of operating systems that may not be available organisationally, often presenting as application compatibility or driver incompatibility.
  • Unpatched software.
  • Unlicensed software, or software that may be licensed or free for personal use, but requires a license for organisational or corporate use.
  • Gaming platforms
  • Lack of antivirus / anti malware solutions or AV solutions with build in ‘privacy’ applications or VPN’s may be in use.
  • Users using privileged local accounts for every day access.
  • Persistent malware, virus, adware infections.
  • May have software installed and licensed to previous employers or external organisations, or previous mdm enrolments to other organisations.
  • Commercial VPN and Proxy software, and or browser extensions may be installed.

Many of the same mobile device management (MDM) solutions can be applied to personal devices, however as the devices are not owned by the organisation, they cannot be forced to enrol at device setup, instead utilising some kind of integration solution to enabled device enrolment, required software deployment etc. before access to an organisation network is granted for example. There are many deployment options and choices.

Some Issues to consider or watch out for:

  • Ongoing integration and device support can be problematic.
  • Blocklisting applications on personal devices may be unreasonable and will certainly require significant ongoing maintenance to keep up to date and functional
  • With MDM software in this mode, it is possible for users to defeat it more easily, as they own the device and have privileged access. It may appear a users device(s) are enrolled correctly, but there are no updates to installed software list, versions etc.
  • For example, enrolment is necessary to download a client certificate for network access control (NAC), once that certificate has been installed the user can un-enrol from MDM, but leave the client certificate installed.
  • Not all user devices can easily be supported on mdm platforms, smart speakers, readers such as kindles, gaming consoles, and some mdm platforms have limited or no support for some mainstream operating systems.
  • Personal cloud storage software may be installed, facilitating download of corporate work to local storage that is then synced to unauthorised third party cloud providers. This is not only an ICT issue, but an intellectual property and possible data protection issue as well.

Our Products:

We do not sell or recommend solutions in the space, however we can assist with evaluations and integrations or compliance resolution as part of a consulting engagement.

Blocking VPN and Proxy traffic effectively is critical component of BYOD management.