A look in to the benefits of BYOD with a flexible and security strategy from IP EXPO content director Mike England
BYOD is proving to be more than a passing fad with Gartner predicting that by 2017 half of companies will require employees to use their own devices at work. It is also predicted that these devices will not be restricted to smartphones and tablets, but may also include PCs and laptops.
There are numerous benefits, for both organisations and employees, in adopting BYOD, including: a reduction in IT costs, real-time collaboration, better information exchange, increased employee satisfaction and, of course, greater mobility.
According to Tim Hardwick, Cisco Systems, improving employee productivity is a major driver for implementing BYOD. “This is especially true in the public sector where you’ve got operational efficiency programmes, initiatives around flexible working and agile working.”
Security
However, there are also challenges that could outweigh any significant benefits – the most important being the question of security. The mobile device is, according to most experts, the weakest point in a network. At IP EXPO 2012, Giles Trachsel, Jupiter Networks (UK) Ltd identified this as a key concern: “The user end device is the weakest point in our security today. And guess what? The attackers, they know that. They know there’s an opportunity for them to attack your organisation through your mobile devices.”
One solution to this is the popular topic of containerisation which sees apps located in an encrypted “container”. Access to specific organisational data within these apps is then managed. This approach effectively manages the data as opposed to the device.
Installing and maintaining antivirus software onto devices should also be made a priority alongside integration of an enterprise mobility management solution, if one does not exist already.
Room to move
A comprehensive and flexible BYOD strategy can go a long way towards allaying the fears of security personnel. The policy needs to be comprehensive to deal with the sheer number of issues, and flexible enough to ensure that it can be effectively updated as behaviours change and technology evolves.
Overall the policy should be aligned with the type of business, its structure and its objectives. More specifically, the policy should include an acceptable usage policy that covers issues like privacy; which devices are allowed and/or supported, as well as which apps are allowed; who has ownership of the device; who is responsible for the cost of the device and/or its usage. In addition, it should cover less clear-cut issues, such as device wiping. If a device needs to be remotely wiped, who has the responsibility for backing up personal data, such as photographs and messages?
Supporting all devices
Another concern is: how practical and cost-effective is it to develop and adopt an IT framework that supports all operating systems. The most like answer is simply that it isn’t. However, by including a section in the policy that deals with which devices are preferable, in terms of support or functionality, a business can overcome this.
Going forward
Ultimately, any BYOD policy implies a level of trust between the organisation and the employee. And while security is the key issue for employers, it is the user experience that matters most for staff. An effective BYOD strategy is one that successfully balances these two sides, while incorporating flexibility.
Mike England, Content Director, IP EXPO