Contact Us

Can Managed Services Balance BYOD Security and Compliance Concerns?

BYOD security is and has been a major point of interest (perhaps hype) in IT for some time now. The desire for employees to use their own smartphones and devices frames an opportunity for businesses to cut capital expenses and increase efficiency. Despite the potential upsides, and while there are many companies that have come to embrace such an approach, there are major hurdles where security and compliance are concerned.

As an added layer of complexity, many companies are also balancing the cloud and network requirements of BYOD with the degree to which they have outsourced their infrastructure to managed service providers or other outsourced cloud and infrastructure providers.

What primary concerns of BYOD do managed services figure in?

Security: One of the chief challenges to BYOD, and a major component of maintaining compliance, security on the technical end benefits from seasoned practitioners. Most companies instituting BYOD policies and procedures might have several well trained technicians, but if the company is looking at managed service providers anyway, the reality is that they are looking to take advantage of the technical bench at the MSP for a range of expertise reasons – security chief among them. Depending on the scale of BYOD implementation in an organization, more security checks on the technical end must be instituted. Physical security will reside with the company itself, given those employees’ phones, laptops, and other devices remain within the individual employee’s control.

Monitoring: BYOD usage is a difficult security proposition and monitoring is a key to ensuring compliance and accountability on the part of the actual use of devices around company data. There are many ways that BYOD can go bad: exposing internal networks to viruses, employees taking sensitive data, misusing of network bandwidth, as noted by However, with the right network access controls and policies in place, combined with multifactor authentication and consistent password update protocols, some of the threats/pitfalls can be mitigated. Again, the experience of the MSP comes into play since they have seen so many different kinds of business implement so many different kinds of infrastructure approaches. Where monitoring is concerned, MSPs are truly experts, as the offering is part of the package they develop for every client.

Data Control: Central to security, monitoring, and ultimately compliance, data control is possibly the most important aspect of balancing BYOD momentum with smart business policy. While there are many threats to data from a BYOD perspective (employees losing phones, taking documents on flash drives, etc.) that MSPs cannot control, there are other ways in which MSPs can directly help ensure data integrity. From a cloud architecture perspective, best practices for redundancy, high availability, and disaster recovery are an MSP’s bread and butter. Most MSPs will not interact with the application layer of a client’s business. However, depending on the nature of the relationship, and the associated compliance requirements, an MSP can become a business associate. Signing a BAA does not make the MSP responsible for the data, but does assign the limits of liability in the case of a breach or some other disruption or exposure, since the infrastructure the client company uses is related to the MSP.

Compliance: Whether PCI compliance, HIPAA, SSAE16, NIST, FISMA, or any other the other numerous types of compliance that businesses have to comply with, utilizing managed service providers to manage audits and procedure is always a good idea. Layer on BYOD compliance requirements, which almost every MSP has to handle internally anyway, and you have a readymade policy foundation on which your company can model its own approach. Depending on the degree of infrastructure an MSP maintains for your company, you can also utilize their security and compliance protocols as a runway to enhance your own and utilize their compliance audit to fulfill at least some portion of your compliance obligation.

How else do MSPs enable or hinder BYOD for your organization? Let us know on Twitter @CloudGathering

By Jake Gardner

Posted on September 30, 2013 in Cloud Computing Industry

Share the Story

About the Author

Responses (6)

  1. […] There is no doubt that hiring a managed services provider (MSP) for your IT needs can greatly help your IT applications and processes. But even then, a  lot of businesses are apprehensive about hiring managed IT services in San Jose. […]

  2. […] Network Solutions offers  managed IT services in Santa Clara. Get in touch with us today to get started with your own disaster recovery and business continuity […]

  3. […] tackle these risks, as an MSP, you need to create policies for your managed services in San Jose that will monitor the BYOD usage for end users and will also offer robust protection from outside […]

  4. […] In my next posts, I will be taking on more concerns that you need to address while hiring managed IT services in Santa Clara. […]

  5. […] monitoring networks is a part of the package for managed IT services in Santa Clara so you do not have to allocate additional resources to this […]

  6. Challenges of Managed IT Services in Santa Clara
    February 22, 2014 at 3:45 pm ·

    […] Contact Myers Network Solutions today for managed IT services in Santa Clara. […]

Leave a reply

Back to Top