Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

25) Does your organisation enforce equivalent technical security controls on BYOD endpoint devices before allowing access to company data or services?

August 30, 2022

Answer yes if your organisation has a process and technical solution that allows any lost or compromised laptop device to be remotely wiped.

If your organisation allows employees to access company data or services using BYOD endpoint devices, those devices must be protected with technical security controls before access is granted. This is typically achieved through a Mobile Device Management (MDM) or similar technologies that can enforce policies on personal devices.

From a security perspective, the key controls include:

Requiring a PIN or biometric-based lock with a reasonable lockout time;
Ensuring all devices are encrypted;Allowing company data to be remotely wiped if a device is lost or stolen;
Controlling the download and installation of applications;
Controlling the transfer of company data on and off the device, and between secure and non-secure areas on the device.

These controls can often be enforced using third-party MDM/UEM software or through built-in capabilities within enterprise platforms such as Microsoft 365 and Google Workspace.

How to implement the control

There are a number of ways to enforce technical security controls on endpoint devices, including those owned by employees (BYOD).

Many enterprise platforms (e.g. Microsoft 365 and Google Workspace) include built-in Mobile Device Management (MDM) features that allow you to enforce policies such as screen locks, encryption, application controls, and the ability to remotely wipe company data if a device is lost or stolen.

If your existing platforms do not support these capabilities, you can use a third-party MDM/UEM solution to manage and secure both company-owned and employee-owned devices across your environment.

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.