From The Sip Trunking Experts

TMCNet:  Establishing a realistic BYOD governance policy [KM World]

[January 14, 2013]

Establishing a realistic BYOD governance policy [KM World]

(KM World Via Acquire Media NewsEdge) BYOD - Bring Your Own Device - is becoming a reality of office life these days. It's a natural consequence in a world where people are bringing iPads, iPhones, Androids and Blackberrys to work.

"As a result, organizations have been compelled to open up their networks to a wider variety of these devices that their employees want to use," says Apoorv Durga, senior analyst with Real Story Group (real

For corporations trying to save IT dollars, BYOD is good news. Employees are now paying to acquire and maintain smart phones, tablets and laptops that were once funded by the GG budget. "These organizations have realized that encouraging employees to bring in their own devices can be a win-win situation for them, as well as for their employees," Durga says.

On the downside, the ever-growing variety of BYOD devices - and the fact that they are owned/controlled by employees - poses serious security, workflow and GG management issues for employers. Among those concerns are hackers accessing corporate data through relatively insecure consumer devices, the challenge of integrating BYOD platforms with enterprisewide corporate software, and extra IT funds being required to support a myriad of BYOD platforms.

Proper handling "This is why it is vital for employers to establish a realistic, comprehensive BYOD governance policy," says Christian Kane, an infrastructure and operations analyst with Forrester ( "Properly handled, BYOD can be a benefit to your business. But mishandled, it can compromise your security, reduce your productivity and cost you money." The fundamental issue associated with BYOD is the transfer of device responsibility and control from the enterprise to the employee. No longer can the employer dictate which devices are used, in which security parameters and under what conditions. Under BYOD, the most they can do is to define and control what levels of access BYOD equipment has to their networks, applications and corporate data.

The challenge doesn't end there: GG managers must cope with the fact that popular BYODs may not be well suited for the corporate environment. That is because businesses have typically purchased smart phones, tablets and laptops based on a combination of job functionality, security and ruggedness. Employees, on the other hand, tend to buy those devices based on fashion, peer pressure and even downright whim.

This is not to say that all employees lack "due diligence" in selecting their BYODs. But the fact is that style rules in consumer technology. Employees are more likely to choose a device that makes them look cool, rather than one that guarantees the security of the data stored onboard.

More challenges Add the weak password choices people often make for their own technology - which explains why celebrities' supposedly private smart-phone photos keep turning up on the Web - and one can see why BYOD could drive an GG manager to drink.

Even if every BYOD smart phone, tablet and laptop were secure, the sheer volume of options also provides headaches for GG departments. 'The diversity of devices and platforms to be supported is a major challenge," says Aravind Ajad Yarra, lead architect at Wipro ( and a member of the team that devised/implemented the company's BYOD governance strategy. 'This is especially an issue with Android devices, because there are multiple versions with multiple capabilities, made by multiple manufacturers," he says.

Finally, there is the issue of access: Who gets access to what data, and who should be blocked And should a vice president using a BYOD that is known to be secure have more access than a VP with a relatively insecure BYOD Those are the issues that have to be tackled when devising a BYOD governance strategy - an approach that the experts agree is a must for all GG departments. Here's how to do it.

BYOD governance Step one: Meet with stakeholders and get them involved.

Once upon a time, the GG department could manage GG issues on its own. But such is not the case in today's BYOD world. The devices employees use impinge on the work they do, the corporate secrets they keep and the content that the firm could get sued for. Inappropriate behavior by such employees could be a cause for dismissal.

'This is why you need to bring in the relevant departments, plus HR and legal, when you put together a BYOD governance strategy," says Kane. "You need the big-picture view at the outset; not after the fact when things have gone wrong." "I think first and foremost is to put together a strategy around adoption," adds Yarra; "not just limit it to communication and messaging areas, but broaden it to key enterprise applications. In my view, traditional device management approaches don't work, as those doesn't look at applications and use cases. Because of the investments needed and security-related concerns, the strategy should consider the business use cases, applications and data involved." Step two: Limit access to deter hacking.

Just because employees are using their BYODs for work, doesn't mean they need access to every element of the enterprise on those devices. In fact, it is prudent to decide what applications they really need access to, and then limit their BYOD access to those.

By doing that, GG can beef up the verification and firewall protections around those apps, to deter hacking. They can even run those apps in a separate virtual WAN, keeping them isolated from vital enterprise data. In the same vein, it may make sense to have BYODs operate on a separate e-mail system, with access to separate Wi-Fi networks on the job.

Savvy IT managers will want to talk to mobile device management (MDM) vendors to see which of their software products will work within this new BYOD world. Those vendors include BoxTone (, Mobilelron ( and SAP (Sybase,

Step three: Think beyond the network.

At first glance, one might think that BYOD issues end when an employee leaves the workplace. But they don't.

A case in point: If an employee uploads corporate data in a consumerbased public cloud, "they could be putting your proprietary data into a situation where the cloud operator gets defacto ownership of it," warns Hormazd Romer, Accellion's (accel senior director of product marketing. "Meanwhile, although file transfer services such as Dropbox ( don't make these claims, your data is still under their control once it's been uploaded to them." In response to that threat, Accellion markets secure cloud-based file transfer services for business, ensuring that proprietary data stays proprietary and secure through the file transfer process.

This is just one way BYOD can hurt a corporation. Another is through uncontrolled costs. Once the company has agreed to let a employee use a BYOD while on the road, it has made itself hable for roaming charges. Those can be huge if the employee hasn't taken steps to keep his or her down - and many don't.

This is where iPass ( comes in. "We provide connections to commercial Wi-Fi networks around the globe for business," says Chris Witeck, iPass's senior director of product marketing. "Our plans provide IT departments with reliable, fixed-rate costs that minimize roaming by their employee's BYODs." Step four: Start small.

Supporting BYOD on a corporate level does not obligate an IT department to suddenly support all platforms at once. Instead, it is logical to select a few platforms at the outset - both to allow the rollout of BYOD to work at a reasonable and affordable pace, and to allow IT staff a learning curve to become accustomed to the new way of working.

"Many organizations start small," says Durga. "Instead of allowing employees to bring in just about any device, they give them options from among a set of devices. So, for example, employees can use an iPhone or an Android device. As they mature, they add more device types (like Windows) to the mix." "You have to understand that moving to BYOD is a really wideranging initiative for any IT department," adds Kane. "As a result, you need to take your time. Find out which BYOD is most in demand at your workplace, and start with that one. And don't roll out to all users. Select a few executives as a pilot group, and begin with them. There is so much riding on doing BYOD well that you don't want to rush it." While you're doing that, consider limiting all other BYOD access to core functions, such as e-mail word processing and Web browsing. "But don't go too far, to the extent that you risk alienating your user base," Kane advises. 'There always needs to be a balance between security and accessibility." Step five: Probe for vulnerabilities.

The push for BYOD workplace adoption is being driven by employees, not IT managers. Employees want to use their own devices for the sake of convenience and familiarity. IT managers would likely prefer them not to do so, sticking instead to one corporatetested and approved device whose weaknesses are well understood and anticipated.

Like it or not, the employees are in the driver's seat on this issue, in part because many BYOD users are executives with the power to override GG. So the smart way to deal with this reality is for IT managers to implement a limited BYOD rollout, and then to do their best to hack it, however they can.

It is better for serious flaws to be spotted and remedied by IT than for them to be discovered as the result of a hacking attack. Besides, if one particular BYOD platform proves to be seriously insecure, IT will have enough proof to convince management to keep it off campus.

Step six: Prepare for problems.

Employees lose their own devices all the time. If you are going to provide their BYODs with access to a business WAN, you must be able to deactivate that access easily and quickly. BYODs with network access should be capable of being wiped remotely, so that sensitive data can be removed.

As for the thorny issue of personal content: The same management system that restricts employee access to all network resources should also be used to prevent employer access to the employee's personal content. This will likely involve setting up some sort of password protection on the BYOD, to ensure that unauthorized users cannot access an employee's personal emails and photos.

"You may want to consider having separate data silos on BYODs, so that the employee has one set of passwordprotected apps for business, and another for personal use," says Kane. "This is one way to protect confidentiality on both sides - and to prevent any legal issues arising from employers looking at employee's personal data." The time to act is now BYOD is here, and business knows it. This is why "almost all the organizations that have a reasonably sized IT budget are already rolling out BYOD strategies," says Yarra. Unfortunately, most of those are limited to e-mail and other messagingrelated apps: "Very few have gone beyond these basic apps to business applications," he says.

Harnessing the full power of BYOD will require businesses to take this next step, and to back it up with sufficient safeguards to protect their data and intellectual ownership rights. One thing is certain: The sooner IT departments come to grips with BYOD, the better ... for employers and employees alike.

"Properly handled, BYOD can be a benefit to your business. But mishandled, it can compromise your security, reduce your productivity and cost you money.' "Almost all the organizations that have a reasonably sized IT budget are already rolling out BYOD strategies." James Careless is a freelance writer who has covered business processes for a number of publications, including Streaming Media e-mail

(c) 2013 Information Today, Inc.

[ Back To SIP Trunking Home's Homepage ]

Subscribe here for your FREE
SIP TRUNKING enewslettter.

Featured Partner

Featured Whitepapers

SIP Security for the Enterprise
Voice over IP (VoIP) is incorporated into a variety of computer networks, both public and private, and used for everyday transactions and communications among carriers, businesses, government agencies...

Making A Broadband Purchase Decision
Businesses today have many options for broadband connectivity. Clarifying your particular business needs prior to selecting a broadband provider will ensure an optimal match of broadband service to your requirements.

Voice-Optimized Network Delivers Premier Call Experience
Customers equate call quality with business quality. Real-time communication, interpersonal interaction, and the cordial tone of a call center representative can create a positive impression of your business that no email can match.

Featured Case Studies

Business Telecom Expenses Reduced 50%
A small to medium sized company in the midwest was interested in migrating to IP Communications, but in today's economy, they were hesitant to upgrade their communication system due to their perception that the cost would outweigh the benefits.

Multi-State Company Cuts Telecom Costs 50%
A multi-site, multi-state company with extensive monthly long distance fees and toll-free charges did not have adequate broadband for Broadvox SIP Trunking requirements, nor did they have a SIP enabled telephone system.

Discover Leisure Connects Remote Users to its IP-PBX
Discover Leisure is one of the largest resellers of caravans and motor homes in the UK. With 15 branch of?ces all over the country, the company spent a great deal of money every month just on internal phone calls.

Featured eBOOKS

Internet+: The Way Toward Global Unified Communication
Connecting the telephony of the enterprise PBX or Unified Communications (UC) system using SIP trunks instead of conventional telephone lines has been very successful in recent years.

What is SIP Trunking? Edition 2
SIP trunking is becoming more of a focus for service providers. One key issue many service providers face when deploying SIP trunks is NAT, or Network Address Translation, traversal.

What is SIP Trunking? Edition 1
A vast resource for information about all things SIP - including SIP, security, VoIP, SIP trunking and Unified Communications.

Featured Videos

Broadvox VAR Testimonial VAR 1:
Part 1 of the VAR (Value Added Reseller) Partner Program Testimonials for Broadvox...

E-SBCs AS The Demarcation Point:
Ingate's Steve Johnson talks to Erik Linask about the role session border controller plays as the demarcation point at...

Demystifying DPI
How can deep packet inspection protect your SIP traffic as well as your entire network?

Featured Resources

Partner Program Overview:
Over 4,000 VARs, Master Agents, Solution Providers, and Independent IT Professionals trust Broadvox. We offer customized services and solutions to fit seamlessly into any company's business model. And when you partner with Broadvox, every member of our team stands behind you and your customers 100%...

SIP Trunk UC Summit

What's New

Presenting the New Ingate/Intertex Website:
Internet+ is an extended Internet access allowing high quality SIP (Session Initiation Protocol) based real-time person-to-person communication, everywhere and for any application. It applies to both fixed and mobile networks ...

Featured Blogs

Featured Webinars

Secure SIP Trunking:
What You Need to Know

Successfully Deploying Enterprise SIP Trunking:
Tools and Techniques for Overcoming Common Roadblocks

Featured Podcasts

Getting the Most Out of Your SIP Trunks:
Ingate's Steve Johnson and TMC's Erik Linask discuss how best practices forgetting the most out of SIP Trunking services and common pitfalls to avoid.

Featured Datasheets

Ingate SIParator E-SBCs
Adopting SIP is a simple process with the Ingate SIParator, the secure enterprise session border controller (E-SBC). The SIParator makes secure SIP communications - including VoIP,SIP trunking and more - possible while working seamlessly with your existing network firewall.

Ingate Firewalls
Everyone is talking about enterprise usage of VoIP, instant messaging and other types of realtime communications including presence and conferencing.

SIP Trunk Solutions for Service Providers
The award-winning Ingate Firewall and Ingate SIParator deliver a high quality, reliable SIP trunk connection between the customer's IP-PBX and the service provider network, and solve interoperability issues to simplify deployments and support for remote diagnosis of reported issues.