One key to maintaining a sharp competitive edge today is mobility. Laptops, tablets, and smartphones are pressed into service in almost every industry. Sometimes, these are personal devices and fall under the umbrella of a bring your own device (BYOD) policy, and it’s easy to see both the risks and the benefits of this type of policy.

Employees in all industries expect to use mobile devices in their work.

The most obvious benefit of BYOD is cost savings. Additionally, employees can use a device with which they are familiar to get work done. The most obvious risk to BYOD is security. It’s easy to leave a smartphone in the back of a cab, or to log onto a rogue Wi-Fi network. And what happens when a BYOD user leaves the company or is fired? Identity governance is the starting point for BYOD security.

More than one-fifth of organizations have experienced security breaches involving mobile devices, and more than one-third of devices that have connected to malicious Wi-Fi spots have downloaded malware. Yet only 30% of companies plan to increase BYOD security. Better identity and access management solutions are becoming available, however, and these solutions may prompt more organizations to enact real, robust BYOD security.

Planning and Testing Identity Management Solutions

Planning is essential to the identity management process. It’s important for organizations to perform a risk analysis to understand the potential for damage from security breaches. Additionally, it’s wise to identify which security requirements can be met by features of the device itself. The planning stage is also a good time to review the organization’s overall mobile security before defining application security requirements.

Planning also involves identifying security requirements for apps and defining testing methodologies for ensuring solutions do what they should. The identity management team will need to make sure approved apps are downloaded to user devices using encrypted channels, and only to users who need them to accomplish their tasks.

Identity Management and Device Provision

Identity management starts with securing endpoint devices and connecting them with specific users. This involves a combination of mobile device management (MDM) actions and general identity access management. The MDM actions secure the device and associate it with a user, while the identity access management processes validate a user’s identity, determining which apps that user can access, and what permissions are needed. In some cases, existing identity access management infrastructure can be extended with MDM tools to prevent redundancy of efforts.

Identity Management and Locking or Wiping of Devices

There are any number of reasons users may need to be blocked from accessing their work applications, and identity management spells out those reasons, and the process for blocking them. In the case of, say, a lost device, automated processes should be in place that disable the device or wipe it entirely. When an end-user leaves the organization, either voluntarily or involuntarily, disabling actions will need to be executed, along with adjustments to the overall identity access management system.

The Utility of the Enterprise App Store

BYOD involving end-users downloading third party apps from popular app stores like Google Play present numerous risks. Fake and rogue apps are common, and the problems they can cause are wide-ranging. To guard against this, many organizations set up their own enterprise app store containing vetted, tested third party apps as part of their identity access management process. Access and permission policies can be set for different classes of users, so only those authorized to have certain apps can download them through the enterprise app store.

Multifactor Authentication in Identity and Access Management

How do you reconcile your BYOD policy with the use of multifactor authentication, since mobile devices are often used as a second form of identification? Clearly, a company’s MDM strategy must be reexamined and accommodations made so multifactor authentication continues to do what it’s supposed to. In some cases, existing identity access management solutions can, with the help of a software integration specialist, be extended to securing mobile devices, but many access management vendors can integrate MDM without compromising identity management or mobile device management.

Identity management takes on increased importance in a BYOD environment. BYOD is a nearly ubiquitous competitive solution among businesses today, despite the security risks a poorly conceived BYOD policy can invite. Fortunately, outstanding identity management solutions exist, and integrating them with MDM processes is possible. Taking identity management and MDM seriously is the key to enjoying the competitive benefits of BYOD without compromising on security.