What if your company told you that you no longer were allowed to make business-related calls from your smartphone, but instead had to use a company-issued phone so that all communications could be closely monitored and controlled? How would that sit?
Consider that in the near future, employees of industrial firms might feel the same way about being denied access from their smartphones and tablets to enterprise and operating information that's readily accessible from their work computers.
Besides meeting employee expectations, there are many other benefits to bring[ing] your own device (BYOD).
Before discussing BYOD benefits, let's look at the security challenges to integrate BYOD into the enterprise, as they are the main impediment to widespread adoption.
BYOD is an area where IT must interface with many other departments within a company to ensure proper implementation of security policies. "Our view of BYOD is not focused on mobile device management, but rather on mobile application management (MAM)," says Paul Stamas, CIO and vice president of information technology at paper manufacturer Mohawk. "MAM describes software and services responsible for provisioning and controlling access to internally developed and commercially available applications used in business settings on both company-provided devices and BYODs." (For more on how Mohawk uses BYOD, see the sidebar "Mohawk Buys into BYOD.")
"BYOD and security aren't necessarily at odds," says Richard Clark, security engineer at Indusoft. "Most BYOD concerns are centered on the security of the device, but the real issue is where and how such devices will be allowed.
"I bring my own OSX Apple MacBook Pro notebook to work. The issue is not so much whether to allow it on the network, but how to handle it when it is."
Clark says the MacBook Pro is virtually transparent on the network, but has several client applications, some running Windows operating systems, that are authenticated as individual machines on the network. This, he adds, is the security model that must be used when accepting any other device within an area or location.
"Security needs to be managed in some of the same ways all other corporate network access is managed," says Ben Orchard, Opto 22's applications engineer. "First decide who gets access to what. Then look at three levels of security: secure the device, secure the network and secure the application."
Also Read: Is BYOD Inevitable in the Manufacturing Space?
Securing the device with a PIN, swipe pattern or other method is fairly simple. To secure the network, Orchard says, use IT best practices for keeping data safe and allow only authorized users. "Segment your control network and critical equipment," he advises. "If the user is required to access the plant or process after hours, then use a VPN."
Next, secure the device's remote access application, which will either be a browser or an app. "The application itself should be password protected, first to open and then for levels of access," Orchard says. "A worker's username should allow only him or her access to pertinent parts reflecting work requirements. Perhaps some users need to monitor equipment, but not control it; their screens would not have any buttons or input methods. The application should adjust to higher levels of username/password, and allow control only to those who require it."