Simple model for approaching BYOD

  • Article

For some time I’ve been trying to work out with colleagues how to articulate what I see as a solid model for dealing with consumerisation of IT in the workplace or even allowing people to bring their own devices.  It’s quite tough to find some mental model to help people to understand the kind of approaches that work.  I’m looking for a way to help you manage more than the standard IT desktop, to make more sense of productivity at work and with a view of IT security risks.

coit goodbetterbest

 

The key is balancing the approach: do more with less, more permissive access to less secure stuff.  Most of an organisations “stuff” tends to require less security than IT think.  Be a guide not a gate keeper.

Good, Better, Best, seems to be the most applicable that I’ve found.

GOOD is most open, your users being able to access your network, get IP addresses, get to some apps / services / data.  They probably have to keep entering credentials and they may be storing those credentials on their device.

BETTER is having some modicum of remediation over the device – the ability to remote wipe it for example.

BEST is having an authenticated connection with general purpose security (you could say domain joined PC)

N+1 is having the ability to ensure end to end security, encrypted device, encrypted communications, rights managed documents, remote wipe, policy based management, policy based enforcement.

Not all devices will fit into all categories, in-fact probably only Domain joined Windows PCs will be able to enter the N+1 category (that’s because all the things mentioned are built in from the ground up).  That said most people probably don’t need everything in the N+1 category.  Most organisations will also see their users adding GOOD and BETTER devices to their mobile worker armoury along with a BEST or N+1 devices.

A further note on N+1 is that this is where I see private cloud hosted apps and desktops and there is no reason that a GOOD, BETTER or BEST device can’t be used to access an N+1 hosted app or desktop.

*caveat: this is a simple model, there will be many exceptions, the key is mixture.