One in four devices used for work are now either smartphones or tablets, and on average, an individual carries or has access to at least three devices. It is not surprising that the ability to work anywhere and anytime has led to the growth of ‘Bring Your Own Device’ (BYOD) – part of the broader consumerization of IT trend – where employees are using personally-owned devices for business purposes.
BYOD can provide a number of benefits to organizations of any size: enabling a mobile workforce, improving productivity, reducing costs, etc. It offers employees flexibility, providing them the ability to have a work-life balance that is personalized. Although the BYOD trend brings benefits, it also has corporate security implications.
IT departments often perceive personal devices as a corporate risk, because it is a foreign object to the IT infrastructure, with an unknown history, unknown level of security measures and no control over the level of access.
Corporations can take the stance of prohibiting personal devices, but it would not solve the issue, as employees are often undeterred by security policies and access corporate data anyway, which means it will be unmonitored and even more of a security threat to the IT network.
It has been predicted that by 2018, 70% of professionals will conduct their work on personal devices. Companies need to embrace the trend by taking a structured approach to BYOD with detailed policies in place. A non-structured approach can potentially weaken a company’s data security barrier, cause compliance issues and increase vulnerability to cyber crimes.
Corporations also need to assess the benefits and tailor the policies to the company culture and regulatory requirements. For example, IBM adopted a BYOD policy, but they banned the use of Dropbox, a cloud storage provider, and Siri, Apple’s personal assistant service, due to security concerns.
BYOD policies need to be carefully considered and implemented. Employees must be educated about the importance of data security and incident reporting; procedures must be in place if a device containing business data is lost or stolen, as it can have huge data security implications. Data security needs to be built into the corporate culture.
Protection from data breaches need to be considered when implementing BYOD, like having a mobile management system in place that would allow an IT administrator to carry out tasks such as enforcing corporate security policies or wiping the device if it was lost or stolen. Ensuring devices have authentication processes and encryption is also advisable.
BYOD and the mobile workforce trends are set to grow, despite the security concerns. If BYOD deployment is executed with a structured approach, with sufficient policies and security measures in place and employees are educated on the importance of data security, corporations will benefit from BYOD in the long term.