Managing Mobile and BYOD: Madrid Community Health Department

The Bring Your Own Device (BYOD) movement is booming. Tech Pro Research's latest survey shows that 74 percent of organizations globally are either already using or planning to allow employees to bring their own devices to work.

Allowing employees to bring their own devices into the office for business use has helped companies cut hardware and service costs, increase flexibility and achieve greater productivity, but there are also inherent security and data protection risks.

According to the same Tech Pro Research study, security concerns were the primary barrier to adoption of BYOD for a large majority (78 percent) of respondents; followed by IT support concerns (49 percent); lack of control over hardware (45 percent); and regulatory compliance issues (39 percent).

The cost of a data breaches is often substantial. Data from the Ponemon Institute shows that in EMEA in 2014 the organisational cost of a breach was some £2.02m in UAE/Saudi Arabia, £2.21m in the United Kingdom and over £2.50m in Germany.

Of course these concerns and costs are understandable, but they needn’t be a showstopper.

Mobile risk analysis

Carrying out a thorough risk analysis of the impact of BYOD can help organizations better understand the associated security, management and compliance issues and help them chose the mobility solution that best aligns with their strategies.

Madrid Community Health Department, the agency in charge of providing public health services in Madrid, found that increasing numbers of physicians and other staff were trying to access the corporate network from their own tablets and smartphones.

Rather than try and resist this rising tide it called in an independent security expert to collaborate with its IT and Legal teams to draw up a list of 18 security requirements its mobility strategy needed to meet.

A full list of these requirements can be found here: [ENG]/[ESP].

It then assessed the capability of three different scenarios in assuring compliance with these statements.

  • A tablet running a Windows 8.1 operating system (OS) managed by Mobile Device Management (MDM)
  • A tablet running an Android OS managed by MDM
  • A tablet running a Windows 8.1 OS managed as a normal PC

Managing Windows 8.1 tablets was shown to meet all 18 compliance statements. Managing Windows 8.1 and Android tablets with MDM was only able to meet eight and 10 user compliance statements respectively.

Managing mobile as a PC

From this Madrid Community Health Department was able to conclude that tablets running a Windows 8.1 OS offered greater flexibility, since they can be managed both with an MDM and as a normal PC.

However, adopting and managing tablets with Windows 8.1 running as a normal enterprise PC can manage and cover most of the defined risks, providing the tablet is given to the employee by Madrid Community Health Department as a normal PC.

For Madrid Community Health Department carrying out a full risk analysis showed that managing Windows 8.1 devices as a normal PC best aligns with its strategies.

If your organization is uncertain which management solution to choose, then a similar analysis could be the way to move you closer towards BYOD.