In the previous blog post we saw that controlling and securing fully managed devices is relatively straightforward for IT teams. However, things become more complex when it comes to handling semi-managed devices and device exceptions.
Gartner describes semi-managed devices in its Managed Diversity Model as devices that their support and security responsibilities are split between IT and the user. In recent years employees demand more choices in mobile and endpoint devices. End users are not only willing to spend their own money on their favorite mobile phone or tablet device if they believe it best supports their productivity; they will work around IT to accomplish it. This reality has pressured IT leaders to implement Bring Your Own Device (BYOD) and Choose Your Own Device (CYOD) programs.
Working in a semi-managed device environment certainly allows IT teams to deliver the personal flexibility end users are demanding on their business devices. But this flexibility opens security concerns, and as result requires enterprise IT leaders to rethink their approach to securing the network.
While with fully managed devices IT is 100% responsible for device, content and applications, with semi-managed devices IT is 100% responsible for enterprise content; but the end user is 100% responsible for the device and applications. Delegating security responsibilities to the end user makes semi-managed devices decidedly more vulnerable to security risks. IT should work with representatives from human resources, legal and finance to help ensure compliance with the enterprise security policies.
But this alone is not enough. Choices for BYOD should be limited by IT to devices that are compatible with management and security tools as well as application support. For example mobile devices that can be managed by Mobile Device Management (MDM) solutions are preferred.
Moreover, IT must be aware that semi-managed devices assume excessive risk when employees access enterprise resources and should enable content-level control rather than device-level control. IT must enforce one of several isolation techniques that separate untrusted areas from trusted areas. In this case, ForeScout CounterACT® has visibility to semi-managed devices in the network, together with integrations of various MDM products and guest management capabilities allows better control and enforcement. This provides the desired mechanism to secure an otherwise untrusted device, while continually maintains the capability to restrict that device’s access to corporate assets when it does not meet the enterprise security requirements.
Overall it may be more challenging to ensure that semi-managed devices maintain compliance with enterprise security policies, but with the right approach, training and tools IT can be an enabler and keep employees feeling satisfied while maintaining network is security.
*To find out more about Gartner’s Managed Diversity Model:
Use Gartner’s Managed Diversity Model for BYOD and CYOD to Manage and Safeguard Users, IT and the Business
25 August 2015 G00276989
Analyst(s): Rich Doheny | Ken Dulaney