A growing number of employers are accepting the need of allowing employees to bring their own devices – Smartphone, laptops and PDA’s to connect with enterprise applications. This transformation termed as “Bring your own Device” or “BYOD”, is led by increasing adoption of smartphones around the world. Countries such as Australia, UK, Norway, Sweden, Saudi Arabia and UAE have more than 50% of their population using a smartphone. Additionally, United States of America, New Zealand, Denmark, Ireland, Netherlands, Spain and Switzerland have around 40% smartphone penetration.Earlier, a device used in business was very different from the one used by the consumer. The situation has changed in last ten years and now the computing power in a consumer smartphone or PDA is sufficient to fulfill needs of a business enterprise.
Lot of companies now allows employees, partners and other users to use selected devices to access enterprise applications and access data. Most organizations limit the access to smartphone and tablets and some companies even allow the users to use their PC’s. The goal behind the BYOD’s policy is to maximize employee satisfaction and productivity through the use of new technologies, while reducing the cost.
However, the concept of BYOD poses significant challenges to a company and its IT department, which has to find ways to secure various types of devices employees are using to connect to the corporate network. The biggest challenge is security of confidential data accessed from personal devices. A recent survey by an IT governance, risk and compliance services company Coalfire, reveals many companies are not discussing mobile device cyber security issues with their employees and lack policies to protect sensitive company data.
Following is a quick list of measures that can help companies limit the risk arising out of BYOD trend. However, today’s dynamic business environment requires tailor made solutions for each company depending upon the requirement.
Effective BYOD policy
The major concern of companies adapting BYOD is the security of data accessed from the employees through their devices. The security breach can occur in the form of stolen devices, malware applications, transfer of data outside the organization etc. Therefore companies need to implement a very effective BYOD policy to ensure security is not compromised. A policy should ensure administration access to devices, ensure compliance and allow IT departments to de-link the devices when lost or stolen or when an employee no longer with the firm. This policy should be evaluated in regular intervals to keep a check on emerging threats in mobile technologies.
Deployment of IT solutions and Costs involved
BYOD is helping organizations to save cost, as they no longer have to spend money purchasing devices. There are number of factors apart from hardware purchases which affect cost structure and the main one being setting up a BYOD environment. It includes Licensing cost, added workload for IT support team in terms of supporting various devices and a broad range of new technologies. BYOD brings additional compliance and security costs to the company. Companies therefore need to invest and develop an effective BYOD solution which can monitor compliance issues. It also needs to build self-help solutions for various devices/applications which can reduce IT helpdesk load in the long term.
Change Management
Cloud computing is creating easier access to large number of applications and data resources on smartphones, providing a key foundation to the BYOD growth. This will require IT departments to completely shift their focus to support end-user devices. The helpdesk need to be flexible and to be able to adapt to the changing IT capabilities based on the device and operating system used by employees.
Understand various mobile platforms Every mobile platform has different capabilities available in it, as well as threats facing it. A good understanding by IT teams of the various platforms will help them develop security solutions and apply the policy. IT department should be trained/updated with the secure coding for the latest mobile technologies. Companies should hire and train employees with the requisite skill sets and with the right IT expertize to deal with the absolute necessity of security.
Centralized Access
Employees can be given limited/read only access depending on their levels/job responsibilities thus limiting the mobile access to highly sensitive data to avoid data theft issues. Companies should ensure that only right people have access to sensitive data. Providing access from a centralized location will also help IT safeguard the enterprise resources and follow more consistent strategy.
Educating Users
Organizations can implement a stricter and effective control over the applications, but it can go vain if the end-user doesn't have good understanding of the risks. BYOD brings greater responsibility to the end user to protect the enterprise data. Hence, companies should educate its employees on the usage of cloud and the risks associated with it. Users should also be made to sign agreements with responsibilities clearly mentioned in the document. An employee should be immediately made aware of any compliance gaps and implications.Conclusion
Regardless of conservative approach followed by companies, the trend of people using their devices to access corporate resources is unavoidable. A majority of the employees own a Laptop, Smartphones or PDA’s which are more advanced than the company owned systems.
Hence employees prefer to access corporate resources using their own device/technology because it’s already an integral part of their life. Companies that have adapted BYOD have experienced increased productivity, employee retention, enhanced employee satisfaction, and a flexible work environment which provides employees freedom to choose their work timings and place of work. All these factors are ultimately helping firms trimming operating cost.
However this trend is not far from limitations. Creating a mobile environment would involve huge investments from an organizational point of view. Companies would need to deploy infrastructure support, security systems and adequate monitoring systems in place to create a right mobile environment. IT managers are under immense pressure to provide access to the vital company owned information while keeping the data secure across a never ending list of devices and platforms. This is not an easy task and generally requires expertize and services from third party vendors. There are various firms on the market specializing in data security offering. There is a necessity for every firm to create its own mobility strategy and focus on having adequate control of employee owned devices.
BYOD will also shift IT teams focus from procuring right hardware to creating a secure mobile environment. Companies need to hire and train the right skill sets to setup a security teams. A weakest link in the security system would be the end user, as they are the one having access to the most confidential information. A BYOD policy should be in place to enforce a very strong set of rules to monitor employee’s use of devices. Policies should be carefully drafted to meet the needs of all users while safeguarding the organization goals. This policy should be dynamically reviewed to adjust the ever changing threats created by invention of new technologies.
A right mobile environment with the right access and a very secure control system will help companies’ trim cost and gain competitive advantage in the market. Firms which are trying to sail through traditional IT approach are not likely to succeed in the longer term. BYOD holds a tremendous promise and it brings real value in terms of employee satisfaction and increased productivity while speeding up the technology adaption rate of the enterprise.
