BYOD considerations and alternatives
BYOD (Bring Your Own Device) is, according to Forrester Research, an unstoppable force for change in corporate IT. Technology-savvy staff are increasingly requesting network access from their personal devices so that they can respond to company email or complete other work-related tasks while on the move. Forrester’s study (pdf) suggests that 29% of the world’s knowledge workers are already using BYOD.
BYOD provides businesses with a way to increase productivity and output as staff willingly extend their own working day. However BYOD adoption needs to be managed from the outset, or organisations will face significant challenges trying to resolve issues later on. At Dootrix we work with business and enterprise to help them understand and implement their mobilisation needs and strategy.
Here are some of the major considerations every business, regardless of size need to address in terms of the use of personal devices for corporate applications.
By far the most obvious concern for BYOD adoption is data security. By increasing the number of access points to sensitive data, the greater the risk of compromise.
In situations where data is downloaded to smartphones or tablets, the dangers are even more acute. Loss or theft of the device means that thieves can access sensitive information without even having to connect to the company network, not unlike leaving a briefcase full of business documents on the train for instance.
Simple steps such as requiring staff to use screen locks on their devices is a good start, but for proper protection the CIO should be considering ways of providing mobile access to data without letting it leave the company firewall, i.e. preventing data from being stored insecurely on the local device wherever possible.
The more devices your business has accessing corporate data, the more points of exposure are made available to cybercriminals. IT security will already manage each connection to company systems, however the number of connections will increase, creating an increased administrative burden in the process.
The theft of a device authorised for BYOD use could allow direct access to company resources. By using such a device, cybercriminals can easily steal data, simply by using the stored credentials of a company employee.
As mobile computing becomes more important, hackers and cybercriminals are devoting additional time and resources to developing mobile exploits. Open platforms like Android OS have already proven fertile ground for malware developers, suggesting sophisticated data theft apps like those seen on PCs will not be far behind.
The CIO and his team will need to thoroughly investigate securing mobile endpoints to prevent unauthorised access through the use of VPN connectivity or similar technologies. They will also need to look at implementing across each platform that staff use to ensure that network security is enforced consistently.
As more devices join the company network, the available bandwidth will be further reduced as each connection takes a proportion for itself. Where the activities are business-related, any loss of quality can be justified. However personal devices are also used for personal activities like streaming video and audio. Should these activities cause a significant increase in network load (and a corresponding drop in service level), BYOD could become a major technical and political problem.
For those organisations looking at implementing BYOD “properly”, they will need to estimate bandwidth usage and upgrade where necessary. It would also be good practice to address acceptable use of company resources in advance.
3rd party apps
Personal devices tend to have personal apps installed that could hide all manner of undesirable features and functions that compromise network security and steal data. Without control over what is being installed on a device, the IT team face a much bigger struggle trying to prevent unauthorised apps accessing sensitive systems on the company network.
Businesses will need to negotiate with their employees to “vet” apps, and agreeing not to use those which have been identified as containing malware. Insisting on the use of a mobile antivirus solution for any BYOD devices will also help in reducing incidences of data theft and loss. Your business may have to bear the cost of AV software, but the investment will pay for itself in the long run if data loss can be prevented.
When an employee leaves, their personal device goes with them. If there is no procedure or mechanism in place to recover company data, staff could be taking intellectual property or protected data with them to their next role at a competitor. Where the staff member is leaving under less than amicable circumstances, the need to recover company data and block access to business systems is even more pronounced.
Where the workforce remains relatively small, managing BYOD is relatively simple. However when there are multiple devices, each with its own mobile operating systems and apps, the administrative burden becomes far greater. Additional resources may be required to support users and devices, eroding many of the proposed cost savings and benefits.
One solution is to offer CYOD – Choose Your Own Device. Under this scenario staff can select from a list of approved mobile devices. In this way, IT departments can ensure that they are familiar with the OS, can define “safe” apps, install security software and reduce the administrative burden somewhat. Introducing CYOD can be difficult – people like to choose their own personal devices according to their specific preferences. Instead businesses may need to consider providing company devices to approved staff, potentially losing some of the hardware cost benefits of BYOD.
Another approach is using an MDM – Mobile Device Management solution. An effectively implemented MDM solution can neutralise a large number of these potential issues as well as providing other benefits to the organisation. Of course, they are not a perfect match for BYOD and we will examine the pros and cons of such an approach in our next post.
As a CIO you would do well to remember that members of your organisation want to use their mobile devices, in part, because of the freedom they offer in allowing them to work the way that they want to work. There is benefit in allowing them to blend their personal lives with their work lives. If you get this balance wrong then not only is the benefit lost but you could even risk alienating your team, damaging both morale and productivity.
Subscribe to our newsletter for free advice delivered to your inbox on a fortnightly basis.
What does iOS7 mean for the Enterprise?
Much of the media focus has been on the cosmetic changes to iOS7 which represent the first major change in UI design for iOS since the launch of the original […]