As the Bring Your Own Device (BYOD) trend settles in and becomes the norm in enterprises, and employees demand more flexibility, businesses are tasked with the management of a growing variety of mobile devices operating on all platforms. Simply allowing employees to bring their device in to the workplace and use it for business can lead to a number of issues.
Even when the devices used are employer-supplied, breaking the bounds of the office space can create unforeseen problems. To avoid potential mobility pitfalls, enterprises need to develop a comprehensive mobility management plan.
This trend is growing traction in the Middle East as well. “Our Middle East survey reflected that organisations are not shying away but are, in fact looking for solutions to help them implement BYOD in their organisations.
“Research found that nearly 60 percent of Middle East organisations either already support BYOD or intend to do so in the near future,” says Nawar Hasan, Channel SE Manager, Middle East & Turkey at Aruba Networks.
Companies can begin to address this mobile conundrum by implementing a few basic policies to set a standard across all devices and employees. These policies should be flexible enough to allow the necessary autonomy employees require to function efficiently, but firm enough to be effective.
The biggest fear for the company is, of course, loss and misuse of data and information that may be be stored on an employee’s device. Ashish Dass, President, 3i Infotech MEA, suggests, “Any devices storing and transferring company data should be password protected to avoid data theft. Any business applications running on the devices should have the ability to encrypt and decrypt data transfers.” However, password protection and data encryption simply aren’t enough.
Dass goes on to say, “All personal and company devices should be regularly updated to the latest operating systems to stay one step ahead of malwares. In addition, employees should be made to keep their business and personal data separate through use of business applications.”
Partitioning personal data from company data is an important step, but one that may not be practical in the case of some businesses. Depending on the sensitivity of the data, some companies may need to implement slightly more drastic policies. Guurprit Ahuja, Director, Middle East and Africa, Acronis, agrees, “In order to keep the company’s and employee’s resources secure, policies should be focused on protecting and managing the device and the data stored on it in the event that it’s lost or stolen.” However, acknowledging that there are cases when company and personal data may not be able to be partitioned, he says, “It should be expected that in these cases, a policy must be in place that puts the security of company data as the first priority, in which the device would be potentially erased or secured if a breach or loss occurs.”
Of course, one way to minimise the potential pitfalls of BYOD is for enterprises to provide their employees with devices. Deciding on a BYOD policy is an important decision for any enterprise and the pros and cons must be weighed out accordingly. Ashley Woodbridge, Customer Solutions Architect, Cisco UAE, sees the positive side of BYOD. “BYOD offers employees mobility, enhanced productivity, and a better work-personal life balance,” he says.
“On the other hand,” he continues, “employer-owned devices may help the organisation retain full control of the device, which is of course a great asset to data security.”
There is, however, the factor of desirability and comfort with the device to consider. To this end, Woodbridge adds, “If the device is under the control of the company’s IT department, employees may not feel comfortable using it, which might prompt them to bring in their own devices anyway, thus creating even more problems for IT.”
Clearly, there is no easy answer for an enterprise when it comes to developing its BYOD policy. As Chester Wisniewski, Senior Security Consultant, Sophos says, “It’s risky to assume that prohibiting personal devices solves the problem, because employees end up using their own devices anyway, unmonitored and undeterred by company security policies. IT managers should treat BYOD the same as any introduction of new technology: with a controlled and predictable deployment. All organisations have the flexibility, based on their corporate culture and regulatory requirements, to embrace BYOD as much as they deem reasonable.”
As with the introduction of any new technology, companies should seek out and implement the best practice for BYOD. This can be difficult as the trend is still emerging and changing at the rate of the growth and diversity of the mobile devices themselves. In order to make a responsible decision on BYOD and to implement the policy effectively, enterprises must keep a weathered eye on the trend and continually seek the best solutions.
Sebastien Pavie, Regional Sales Director, MEA, Gemalto, suggests that unity may be at the heart of best practice policy when it comes to BYOD. “Unity of a company’s management and policy enforcement are key to addressing budgetary and security concerns,” he says. Pavie continues, stating, “It is essential for security administrators to have a centralised, unified way to manage authentication across smartphones, tablets, laptops, desktops, and a wide range of other IT arenas.”
When it comes to data, security is always the elephant in the room. BYOD policy is no different, and in fact, may very well be exacerbating existing data security issues. Often, security of the device itself is considered sufficient, but Mathivanan V, Director, Product Management, ManageEngine, assures us that this is not the case. “Securing the device alone does not prevent data theft. Data may be lost when employees download sensitive enterprise information from a company system to a mobile device or while copying information from a corporate app to a consumer app,” he says.
Mathivanan describes what a company needs in order to truly secure data within a BYOD framework. He says, “IT teams need a security strategy that creates a strong segregation between the employee’s personal information and the corporate data. A safe partition between personal and company apps and data provides robust information integrity, prevents data leakage, and blocks unauthorised devices from your network.” He goes on to explain that the benefit is that employees can easily switch between personal and professional use without compromising data.
Partitioning of personal and company data may prove to be a growing trend and hurdle for both companies and employees as mobile devices continue to grow more and more integrated with each facet of personal and professional life. This means that IT and employees will need to work together to develop better policies to ensure the safety and security of all data on their devices.
When seeking to develop an enterprise mobility plan, CIOs need to ask the right questions. As Dan Smith, Head of Integrated Marketing, MEA Region, Xerox, explains, “Younger and younger users who have already established familiarity with technology are joining the workplace these days. Not only are they familiar with the latest technology but their preferences are also set and most of them choose to use the BYOD facility. This can lead to a more productive and rewarding workforce if you allow that trend to be adaptive rather than trying to enforce some policy.”
The right questions for a CIO to ask when implementing an enterprise mobility plan centre around how to take an already tech-savvy workforce and utilise their pre-set preferences, knowledge and productivity on their own devices for the good of the company. Considering employee preference, device capability and future goals of the company can help a CIO determine the right policy to implement.
As mobile device use continues to grow and become an integral part of everyday life, both professional and personal, companies have a decision to make about BYOD policies. This choice can determine the effectiveness and productivity of employees as well as the safety and security of company data.