MasterCard secure BYOD programme a year old - Priceless

MasterCard secure BYOD programme a year old - Priceless

MasterCard Worldwide is a year into its BYOD policy and the programme is growing strong while the company keeps a watchful eye on security

Article comments

More than a year into its bring-your-own-device (BYOD) programme, MasterCard Worldwide continuously assesses the security technology and policies that allow 30% of its employees worldwide to use their personal iPhones, iPads and Android devices at work.

"Security is a high priority for us," says Edgar Aguilar, group executive of infrastructure and operation services at the $6.7 billion credit card company.

Employees can get work email on their devices and merge their personal and business contacts and calendars. "We are giving them access to their own information in a form factor they feel familiar with," Aguilar says. (The company issues BlackBerrys, which aren't part of the BYOD programme.)

For participants in the BYOD programme, MasterCard sets strict conditions of use.

Data stored on or transmitted to or from the device is encrypted. MasterCard also requires passwords to lock the smartphone or tablet or to get on the corporate network. "It's essentially a secure container," Aguilar says.

If the device is lost or stolen, MasterCard can wipe just the corporate information. "It's up to the users to make sure they protect their personal information."

Best practices

Janco Associates, an IT management consulting firm, says CIOs should consider reaching further into the home life of employees. A BYOD policy template it recently published stipulates that any personal device that synchronises with a sanctioned BYOD machine must use antivirus software "deemed necessary" by the IT group. Also important: IT must install mobile virtual private network software on the device, or at least approve of the package the employee uses.

About 2,000 of MasterCard's 6,700 employees worldwide have signed up for BYOD so far, and that number is growing, Aguilar says. "We keep hiring new employees around the world and we see more requests for BYOD."

Aguilar's next step was allowing access to the corporate intranet on personal devices, a feature he enabled early last year. Whatever new applications it deploys, MasterCard, which does business nearly every country, wants to do it globally, not favouring any one country over another, he says. That means knowing how wildly different data privacy rules affect the use of personal smartphones and tablets.

MasterCard can simply tweak its policies for laptops, for example. But the difficulty with personal devices is being able to prove that the company complies with privacy regulations in the event of audits or lawsuits. MasterCard wants to have archiving and usage logs in place and tested before opening other applications to the BYOD programme, Aguilar says.

Janco advises IT departments to store records of mobile device activity in a number of ways: based on files, individual users and groups of users, IP address, and material downloaded, uploaded and previewed. At MasterCard, an in-house attorney has been involved in the BYOD rollout from the planning stages. "They provide advice throughout the process, not at the tail end."


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *