“Bring Your Own Device” Policies
In our increasingly connected world, the line between business technology and personal technology is becoming more blurred. Most employees now use at least one of their connectivity devices – usually a phone – for business and personal activities.
While at most businesses this is allowed, and at a few, it might even be encouraged, it results in additional security issues for an IT department, which already struggles to keep up with technology advancements and a rotating roster of employees. This bring-your-own-device (BYOD) culture also has a darker side. When it’s not fully acknowledged and regulated, it can threaten a company’s network security and leave its sensitive data at risk.
BYOD is driven by employees who already own and use personal laptops, tablets, and smartphones. The desire to pare down these devices and use a single device for as much activity is only natural. Who wants to carry two laptops or even two phones?
When personal devices get used for business purposes, they are newer and more advanced than the equipment deployed at most businesses. Therefore, IT departments might be inclined to refuse the BYOD idea. For them, it’s simpler to provide approved hardware and software applications that allow them to retain complete control over them.
Increasingly, though, it’s getting harder and harder to stem the tide of personal technology creeping into the business territory.
BYOD – the good
A BYOD strategy has multiple advantages. The flexibility and comfort it offers employees make them happier and (hopefully) more productive. The cost savings to the business, in terms of fewer device maintenance issues and reduced hardware expenditures, can be sizable.
BYOD – the bad
It comes down to one word – security. Businesses need to consider the implications of allowing sensitive corporate data to be accessed on personal devices that in most cases they could have little or no control over. Decisions must be made concerning what data can employees have access to and what security measures must be implemented if an employee’s device is lost or compromised.
Even though there are hardware cost savings with BYOD, there might be other cost implications to consider. Companies that allow BYOD also need to consider that their internal networks need to integrate and support the increasingly diverse range of employee devices. Android, iOS, Nokia, Windows, Mac, PC, etc., etc. It can be a lot to consider, and they all have to interface with a business network.
The ultimate risk a business may run is to not have any sort of BYOD policy in place. By ignoring the issue, they may unwittingly expose themselves to both inadvertent and purposeful threats.
Planning a BYOD policy
A BYOD policy governs the management of unsupported devices. Protecting network security is the most critical aspect of a BYOD policy. At the very, very least, a BYOD policy should include password-protecting employee devices and regular updates of those passwords. Effective BYOD policies might involve:
- The encryption of sensitive data.
- Disallowing local storage of corporate documents.
- Limiting access to data storage areas.
A BYOD policy should also be scalable and manageable, allowing it to grow with an organization as its mobility strategy does.
Beyond hardware and access issues, applications must be part of any BYOD policy, and establishing secure app-to-app workflows is essential.
An effective BYOD solution will enable you to secure the data along with the device. The critical issue is to guard against data loss or compromise.
BYOD solutions can range from the most exhaustive – which take into account every device/software/access configuration and are continually monitored and updated – to the most lightweight that only layout prescribed policies and rely on the proactive adherence of individual employees.