This page contains a Flash digital edition of a book.
The Importance of Policy 4 Steps to Consider Before Implementing BYOPC


WRITTEN BY DAN SULLIVAN T


HE first step in developing a Bring Your Own PC (BYOPC) strategy is to create BYOPC


policies, and for this you need to understand the scope of your strategy. Jumping into implementation without knowing what you are implementing will likely waste time. You should consider acceptable use, liability, privacy, governance, and enterprise- supported device policies.


Step 1: Set Some Boundaries When a company purchases,


provisions, and supports a computer, the company understandably expects to have full control over how employees use that computer. In a BYOPC environment, the lines of responsibility around proper use are blurred. For example, a business may decide that employees shouldn't use company-owned desktops for personal tasks, such as tracking a family budget. This is precisely the kind of thing many employees would do with their own PCs, and they may not think that using a corporate device is any different. Balancing the family budget with


a company PC is unlikely to cause any problems, but devices with inappropriate material, such as illegally downloaded media or pornography, could become a human resources issue. Your organization should also clearly state BYOPC policies governing topics such as harassment with respect to personally owned devices.


Step 2: Teach Acceptable Use One of the most important BYOPC


policies is an acceptable use policy, which should specify the device owner´s responsibility for protecting corporate information. For instance, employees should take care to protect personal devices that store sensitive data from loss or theft. If users install unauthorized applications on the same PCs that access corporate systems, IT must mitigate the risk of a user´s PC eventually transmitting malware to company computers or data leaking through an inadequately secured PC.


IT can implement security controls


in various ways, including verifying that anti-malware and personal firewall software are installed and up to date. When an employee´s device does not meet minimal BYOPC security requirements, you can deny it access to the corporate network. Network administrators can require virtual private network use to further protect communications between business systems and the employee´s PC. IT professionals may determine that


the best way to balance protecting the business while allowing BYOPC is to use virtual desktops and applications. With this approach, an employee connects to an access gateway to reach a centrally managed virtualized application or desktop. This allows IT admins to maintain control over corporate apps and data without implementing substantial controls on employee-owned PCs. In such a scenario, you need to define policies describing how to use the virtualized desktops, establish access restrictions, and describe how users would be grouped according to their roles and responsibilities.


Step 3: Ensure Understanding Comprehending the intricacies


of liability will no doubt require legal advice. Some instances that may raise liability questions include a private or confidential data leak from a personal device and personal data loss because of a business application error, or as a result of poor advice from technical support. User agreements can capture


company policies, but employees should understand the details of those policies. Having an employee click through an end-user agreement may


meet legal requirements for consent, but it does not mean employees understand the scope of the policies. It´s better for an employee to know


up front that the business retains the right to alter a device connected to the corporate network—including erasing personal data—than to find out unexpectedly that the family photos are gone for good. When you describe key provisions of end-user agreements, it is also a good time to review best practices for protecting personal data, such as performing regular backups.


Step 4: Be Transparent Clearly state your BYOPC policies


and your privacy policy. Will the business download data from the employee´s personal computer? For example, some mobile device apps download contact lists from mobile devices after installation. Users may have agreed to this by clicking through the end-user agreement, but it was a surprise to many and created a public backlash in at least one data-mining case. If you intend to perform operations on a personally owned computer, such as scanning for malware or checking security configurations, tell employees before you do it. Employees who do not wish to have required operations performed on their devices should be denied access to the corporate network.


ABOUT THE AUTHOR Dan Sullivan holds a master´s degree in computer science. He is an author, systems architect, and consultant with over 20 years of IT experience, with engagements in advanced analytics, systems architecture, database design, enterprise security, and business intelligence.


Is Your Network Ready for BYOPC?


Call today to learn how we can help you prepare your organization. 1.800.800.0014 www.pcconnection.com


28 WWW.PCCONNECTION.COM 1.800.800.0014


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36