One in four devices used for work are now either smartphones or tablets, and on average, an individual carries or has access to at least three devices. It is not surprising that the ability to work anywhere and anytime has led to the growth of ‘Bring Your Own Device’ (BYOD) – part of the broader consumerization of IT trend – where employees are using personally-owned devices for business purposes.
BYOD can provide a number of benefits to organizations of any size: enabling a mobile workforce, improving productivity, reducing costs, etc. It offers employees flexibility, providing them the ability to have a work-life balance that is personalized. Although the BYOD trend brings benefits, it also has corporate security implications.
IT departments often perceive personal devices as a corporate risk, because it is a foreign object to the IT infrastructure, with an unknown history, unknown level of security measures and no control over the level of access.
Corporations can take the stance of prohibiting personal devices, but it would not solve the issue, as employees are often undeterred by security policies and access corporate data anyway, which means it will be unmonitored and even more of a security threat to the IT network.
It has been predicted that by 2018, 70% of professionals will conduct their work on personal devices. Companies need to embrace the trend by taking a structured approach to BYOD with detailed policies in place. A non-structured approach can potentially weaken a company’s data security barrier, cause compliance issues and increase vulnerability to cyber crimes.
Corporations also need to assess the benefits and tailor the policies to the company culture and regulatory requirements. For example, IBM adopted a BYOD policy, but they banned the use of Dropbox, a cloud storage provider, and Siri, Apple’s personal assistant service, due to security concerns.
BYOD policies need to be carefully considered and implemented. Employees must be educated about the importance of data security and incident reporting; procedures must be in place if a device containing business data is lost or stolen, as it can have huge data security implications. Data security needs to be built into the corporate culture.
Protection from data breaches need to be considered when implementing BYOD, like having a mobile management system in place that would allow an IT administrator to carry out tasks such as enforcing corporate security policies or wiping the device if it was lost or stolen. Ensuring devices have authentication processes and encryption is also advisable.
BYOD and the mobile workforce trends are set to grow, despite the security concerns. If BYOD deployment is executed with a structured approach, with sufficient policies and security measures in place and employees are educated on the importance of data security, corporations will benefit from BYOD in the long term.
If you require more information on BYOD implementation and security please contact us. This article originally appeared in the April 2013 issue of AmCham Connect.
Netshield Managed IT Services 
Part of the problem around BYOD is that organisations are not procedurally ready in most cases. Often employees are already BYODing without their employers knowledge or permission which means that the policy or procedure is either not in place, has not been educated through or is being ignored. It is creating a vulnerability. This is where a lot of the danger lies (though clearly not all of it) as any security required to protect an organisation’s information assets may not have been applied and instances of rogue apps that corrupt or steal data without the users knowledge or agreement, can be potentially allowed into sensitive or valuable data.
The points you have made are definitely valid and I agree. Often employees do go under the radar and use their personal devices for work purposes, which creates corporate vulnerability. That is why businesses need to be aware of BYOD, the risks, have policies in place and educate employees on the importance of mobile device data security.
BYOD is a trend that you cannot stop, and if you want to attract the best employees in the Nordics, you have to provide BYOD. I think you have to look at the security issue a bit different.
The security should not be focusing on the device. but instead the security should concentrate on how you connect to the company network and information.
http://byodsecurity.org