As the “bring your own device” (BYOD) trend continues to grow, the smarter, mobile, integrated workforce of the future is being shaped right now. In the process, it’s reshaping the companies it works for and the digital landscape people inhabit.
The common arguments in favour of BYOD focus on productivity and accounting. But putting business data and intelligence in the hands of employee-owned (and often mobile) devices is not without risk.
“Imagine the scene: a plethora of devices, all of them private, each with its own configuration, accessing a corporate network with potentially sensitive data. Without controls, you get a massive security nightmare,” says Simon Campbell-Young, CEO of Phoenix Distribution.
One solution to the problem is for IT departments to do what they know best: use management tools to block dangerous apps, control users’ network access levels, and remotely erase information from lost or stolen devices.
In other words, manage access on employee-owned devices in the same way they manage corporate IT assets. However, this only skirts the issue; it’s a far from satisfactory solution. For a start, excessive control can undermine the usefulness of employee-owned devices, decreasing satisfaction and productivity.
Campbell-Young points out that security holes and data leaks can also occur in traditional ways: employees can talk loudly in public, they can photograph sensitive data, or just lose it in an airline seat pocket.
The answer to security lies in another direction altogether. It’s one that truly showcases the disruptive power of BYOD in the workplace. It is trust.
“BYOD policies need to be transparent. Having parts hidden from employees can cause the policies to backfire. Such openness requires a rethinking of corporate communications with its traditional need-to-know basis. The trust that this change can foster will in turn fuel the productivity increases that enterprises are hoping to get from BYOD,” he says.
A study by Juniper Research estimates that there are 150-million employee-owned devices, and that this figure will more than double by 2014. That volume of personal devices in corporate settings implies a convergence that’s never happened before. In the past, the desktop setup and data storage facilities at work were totally different to those that employees used in their personal lives.
This made it possible to have totally separate digital lives at work and in their leisure time.
“For organisations, there are three main sets of ICT issues associated with mobile computing: security, costs, and support requirements. Security is always at the top of the list of ICT issues. Security of the physical devices is an important element. If a device is lost, stolen, or finds its way into the wrong hands, we must consider that any proprietary data on the device is compromised.
“Security of data during its transmission between the mobile device and the organisation’s data centre is another important element. In addition, the security of remote access to the organisation’s information must be ensured,” says Campbell-Young.
“Any BYOD strategy has to include the use of device management and security controls to enforce the policy. This means installing device management clients on smartphones and tablets. It also means installing VPN clients.
“Employee devices can be configured by the organisation over-the-air, and they can be erased remotely if they are lost or stolen. All devices will be monitored for compliance in realtime, to detect out-of-date device operating systems and unapproved apps, and to provide jail-broken and rooted detection.”