Ian Parker, Technical Consultant at Imtech ICT UK tackles the security and management challenges businesses are facing when it comes to their BYOD strategy and provides some key insights as to how to fight off the internet bad guys.
Ian is responsible for Technical Design, Implementation, Consultancy and Training for all Technical Projects and Opportunities at Imtech ICT UK.
So the first thing to understand is what is BYOD…
Bring your own device (BYOD), Choose Your Own Device (CYOD), Bring Your Own Technology (BYOT), Bring Your Own Phone (BYOP) or Bring Your Own PC (BYOPC) – whatever you choose to call it, BYOD, (like the word security), is a term that has different connotations depending on who you talk to.
Employees now have access to loads of affordable
next generation tablets and smartphones that are essentially whizz-bang PC’s in a small, transportable format. From experience, we all know that these devices are as essential to us as carrying a handbag or a wallet – ever left your phone at home and felt your right arm had been cut off? Ironically, my wife says my iPad is my “manbag” as it very rarely leaves my side, at work or at home. Right, you get the idea.
Managing the business challenges
So if you are in a company that has decided to embrace BYOD and allow employees to use their newest gadget/device as a piece of work equipment, you will not be surprised to face a number of business challenges in trying to agree on how to manage them. According to Gartner , businesses face 3 main challenges when it comes to BYOD.
1. Governance & Compliance
2. Mobile Device Management (MDM) and
Aside from usage policies, agreements between employers and employees and defining what devices are acceptable and what are not, security for me is the main crux of the debate, except security is yet another collective term that is not very specific. To me, security – from a company ICT network perspective – is having the ability to control access to sensitive corporate data and the devices that access it.
Similarly, BYOD does not just mean “Bring your Own Device” into the office in the same analogy as “Bring a Bottle” to the party. If a company wants to control the access to parts of the corporate network using the employee owned devices, the access must be managed inside the office and outside the office, using remote access control and management of device itself. But BYOD by its nature, means businesses can define their own company policy and processes – that employees will have to embrace in order to use their one device/s
Efficiency and optimisation
Another area to think about is employee efficiency and optimisation. While employees with BYOD will be working in a hospitable and flexible organisation with the intention to improve productivity, the employee might have access to apps that they generally use at home, which in turn, can make the employee less productive. This is where visibility into application usage is key to developing a policy that works well with both parties. The most difficult hurdle to overcome is the company rights over the employee owned device when company data is accessed using it – and this seems to be one of the biggest challenges of all.
My experience… The majority of companies I have spoken to decide against support for BYOD purely based on the fact that, although they have come into the 21st Century, it was becoming too sensitive and complicated to agree on the governance. If you develop a network that is able to control access from employee owned devices using a wired, wireless, remote access or mobile connections and then provide access to company data, there is a good chance that some sensitive company data will be stored locally on these devices themselves. So, immediately the risk of the data being accessed by unauthorised personnel increases massively. As a result, the company usually requires a written policy agreement stating that if the Employee wants to bring their own device to access company material they agree that the company has rights to monitor and possibly wipe the device in the event it is stolen or compromised – now that’s opening a can of worms!
Based on the difficulty around governance and agreement, smart companies are looking for other options. One option that is proving very popula, is to offer the Employee a choice of a next generation device(s) that the company owns itself. This option is called CYOD (Choice your own Device) and essentially, the company has full control of the device and usage without the need of any agreement or governance from the user. If the Employee then uses the device for personal use (i.e. Music, Photos, Apps etc) and have not backed up their data, or deleted personal / sensitive information, then that is their choice and you can’t argue about that.
What I will say is that BYOD is not just as simple as bringing a device to work, it’s more complicated than that and believe it or not technology is not the barrier.
What challenges do you see companies facing with BYOD?