Gartner predicts by 2017, half of employers will require employees to supply their own device for work.
Walk into nearly any organization and more likely than not, employees will be carrying their own devices like mobile, iPad and laptops. The Bring Your Own Device (BYOD) phenomenon is affecting the way that organizations need to deliver and secure access to IT infrastructure. According to a recent industry survey, more than 44% of organizations have already allowed BYOD, while another 18% have plans to adopt BYOD by the end of this year.
Though Enterprises can unleash the potential of BYOD evolution and reduce IT operational expenses considerably, this initiative will definitely open the flood gates for all sorts of security violations and attacks. On paper, devices are mobile and are not always accessed from behind the traditional confines of an enterprise’s network perimeter. Thus enterprise-based controls that reside inside a corporate firewall are not present to provide protection when mobile devices are accessed outside the firewall.
However, IT staff and employees have different views on risk, according to Blue Coat’s results. Nearly 80 percent of IT managers rated the risk of malware infecting the enterprise network from mobile devices as moderate to very high. In stark contrast, 88 percent of employees reported that their mobile devices were somewhat or very secure.
The Webroot survey also emphasizes that managing BYOD security isn’t easy, with 83 percent of respondents saying it’s a tough task. That being said, 64 percent of respondents said the cost savings of allowing BYOD outweigh the potential security challenges.
To mitigate potential risks of BYOD, it’s important to have some form of BYOD security controls or policies. Yet according to the Webroot study, only 48 percent of enterprises currently have a mobile security plan. This means the market is ripe for solutions, which vendors are now rushing to provide.
Challenges in Implementing BYOD
To deploy a BYOD program, a security model that provides differentiated levels of access by device, user, application, and location is required. The security model should reflect an understanding of where the confidential or sensitive data exists and how to control and manage access to this data. It is pretty challenging in implementing a framework as no model is going to fit all. There are few questions which arise here:
- What’s the level of risk and how to quantify it?
- Are the risk-controlling efforts going to interfere with user experience and productivity?
- How many tools are needed and which ones will best suit the environment?
- What different access policies are required for respective stakeholders?
- How to contain extra costs for support, patch releases, identity management and audit?
- How to put a check on data leaks due to security breach and device losses?
All in all, IT team has to wrestle with three key operational challenges while implementing BYOD viz. governance & compliance, mobile device management and security. BYOD seems an inescapable reality for enterprises but it is still in its early stages. Employees are pushing hard and IT is earnestly looking for answers.
9 Best Practices for creating a BYOD policy
- Where to begin?
Determine the mobile usage of the employees and find out the risks and costs. Consider every stakeholder while setting up policies.
- Determine company’s needs
Determining the scope and scale of the BYOD program will help to decide what type of program is right for the company.
- Determine employee’s needs
Determining the behaviour of employees will help narrow down options for acceptable devices and will ultimately guide the mobile application security requirements.
- Decide what apps to allow
With thousands of apps out there, it may be easier to focus on allowed app behaviours and what type of data can be accessed by each app. It is impossible to satisfy every employee. So depending upon the risk profile of the organization analyze and determines what is acceptable.
- Decide on the company’s policy
Define a clear service and acceptable usage policy for mobile devices that every department can sign off. Stakeholders from each department should be on board with the proposed policy.
In order to relay a consistent understanding among all employees, they must be aware of the rules and guidelines.
- Consider an MDM tool to enforce the policy
Relieving the workers from manual configuration of devices, an MDM tool should be on the top of your list. Ensure that the MDM tool is well synchronized with the BYOD policy.
- Roll out the BYOD program
Roll out in phases preferably starting with a smaller pilot stage. Communicate the reasons for moving to BYOD and ensure the policy is well understood. Also have a removal strategy in place when employee leaves the organization.
- Update as necessary
Mobile IT is evolving at a very fast pace. Keep up-to-date on enhancements and upgrades.
By following these best practices, companies can establish a clear, consistent and successful policy. The benefits of a BYOD policy are multi-fold: lower IT/support costs, highly productive mobile workforce, employees that are happy to work with the latest technologies and apps, and greater peer collaboration provided by the mobile teams’ increased connectivity.