Although BYOD (Bring Your Own Device), is an attractive business model allowing greater flexibility and increased productivity, it has a serious impact on the traditional IT model and with that has an impact on organisations security.
The continued growth of BYOD
Research by YouGov has found almost half of UK workers now use personal devices for work purposes. The most common usage for these devices is email (55%), followed by the editing of work documents (37%) and the storing of work documents (36%).
The benefits of BYOD are not limited to the quicker adoption of these tools however. BYOD initiatives are also allowing employees to use technology they are already comfortable with, and from a business perspective this has the advantage of reducing the need for training.
Roger Bjork, director of enterprise mobility at Dell Software Group, explains: “Companies that embrace a user-focused approach to BYOD may reap the biggest rewards, face the fewest obstacles and deliver real and immediate value in terms of greater efficiency, productivity and competitive advantage.”
Encouraging employees to use their own devices is also delivering savings for businesses which no longer need to consider the cost of buying this technology.
David Willis, vice president at Gartner, explains: "What happens if you buy a device for an employee and they leave the job a month later? How are you going to settle up? Better to keep it simple. The employee owns the device, and the company helps to cover usage costs.”
Challenges created by BYOD adoption
Bring your own device initiatives have clear benefits for businesses, however, by not owning these devices businesses have found they have urgently needed to address several issues created.
A huge uptick in the number of device looking for network access within organisations has placed a huge strain on legacy infrastructure. Companies have also found that supporting multiple different operating systems to be much more complicated than in the previous arrangement, where the IT department would keep all employee devices on one system. The biggest headache for organisations however, have been the security risks created by granting numerous personal devices access to the corporate network and its data.
Some concerned companies have attempted to protect themselves by denying access to employee-owned devices. The evidence suggests, however, that in most cases this approach often fails.
Gartner vice president Leif-Olof Wallin explains: “When probing an organisation that denies the existence of BYOD among its staff, it usually admits there are employees taking notes in meetings on personal tablets or employees taking a photo of a whiteboard in a sensitive meeting using a personal smartphone. Outside a couple of very highly security-conscious verticals, BYOD exists and is here to stay.”
By ignoring to existence of BYOD, companies are increasing their risk to cyber security. This is worrying as an unavoidable consequence of BYOD is the line between personal and work lives becomes blurred. As people are not restricted from downloading from untrustworthy sources in their personal lives, there is a genuine concern company networks will become exposed to viruses, malware and data breaches.
Companies should also worry that corporate data stored on these personal devices could be exposed if they are lost or stolen. The Information Commissioner’s Office has made it clear it is prepared to fine organisations of all sizes (and already has) for not taking steps to adequately protect customer data stored on devices which have been lost or stolen.
Customer data along with trade secrets and other valuable company information could also be taken out of the company when employees move on to pastures new, unless steps are taken.
Alastair Mitchell, CEO of Huddle, explains: “Companies need to wake up and realise they’re facing a massive security issue and risk having their intellectual property walk out of the door with people.”
Solutions to these challenges
Companies can begin to safeguard their company by educating staff on the possible risks of not securing devices with passwords, leaving devices unattended in public places and downloading material from untrustworthy sources. Companies have also begun introducing policies covering BYOD which employees are compelled to comply with when using their devices for work.
Mobile management and support
Companies can protect mobile devices by installing security software which will not just block malicious online threats but can also lock, locate and wipe devices remotely in the event they are lost or stolen. Mobile device management software can also help organisations enforce their BYOD policies by acting as an internet gatekeeper. An increasing number of companies are also looking to facilitate and protect flexible working on personal devices by utilising virtualisation technology.
HP chief technologist Tom Flynn explains: “Virtualisation bridges the gap between the network and BYOD by allowing users to connect from anywhere, on any device. Furthermore, BYOD highlights the things that thin clients and virtualisation do best, like securing corporate and customer data.”
As more and more employees seek access to their organisations network it has placed a heavy strain on legacy infrastructure. End-users have found that when too many devices attempt to access this infrastructure performance is impaired. In response, companies have continued to make new investments in wireless local area networks (WLANs).
The main considerations that CEOs must think through are how their infrastructure will cope with the increased number of devices accessing the network, ensuring that their employee’s devices are adequately secured and aren’t breaching the company’s policies. Dermot Hayden, Country Manager at Sophos
Whether there is a debate between IT and finance, security nightmare versas reduced IT spend per head and improved productivity, there are clearly benefits that mean IT needs to nail down BYOD quickly for better business. Critically, corporate data is finding its way onto these devices in the form of emails or documents and new devices are being brought on-site daily, so it must all be regulated.
Security and wireless accessibility are core to this focus and in that order. There is no point in providing access unless it is secure for both the user and the business. The mobile device estate, which has largely driven BYOD, demands superb wireless networking. Without it, user experience and productivity will be hampered. A solid and future-proofed wireless network is critical for making BYOD really work for business.
Organisations need to set policies and educate employees on usage and permissions. There should be consideration of mobile device management software and firewalls to protect band width, the network and data.