By Adrian Thirkill, COO and MD-UK, Easynet Global Services
In the 80s, the acronym ‘BYO’ on an invitation, or displayed in the window of a restaurant, strictly referred to ‘Bring your own bottle’. That trend, along with lukewarm Lambrusco presented proudly at parties, has thankfully fallen by the wayside.
Now, as we all know, ‘BYO’ is more common in the world of IT. BYOD, BYOE or BYOWoW (Bring Your Own Way of Working) as we like to call it, is prolific. 9.8 million people in the UK used a tablet to access the web last year, which represents a growth of 140% since 2011, and the number of users is forecast to rise to 23.2 million over the next three years.
Other than installing airport scanners in your office reception area, you’re not going to stop staff bring their devices into the workplace.
And why should you? If staff work from their own tablets it reduces the need for IT support for desktops; staff work faster, are more efficient and more motivated as they can work however they choose; productivity increases as staff know their own mobile devices and applications inside out; and it facilitates a trusting, flexible working environment which has been proven to attract and retain skilled people.
BYOD isn’t just a trend, it’s an entire culture shift – and it’s set to stay. Analyst house Forrester’s latest report on mobile adoption in the enterprise revealed that 66% of employees use at least two devices every day, including desktops, laptops, smartphones and tablets.
Whilst acceptance of BYOD will depend entirely on the nature of the business, 55% of organisations in the survey said that supporting a larger number of smartphones was a high or critical priority over the next 12 months, and 52% said the same of supporting tablets.
CTOs and CSOs clearly know they have to embrace mobile devices, if not in the next 12 months then certainly shortly afterwards, but the thought of widespread BYOD brings CTOs out in a cold sweat. The word that strikes fear into every IT professional’s heart? Security.
How do you manage and secure devices your business doesn’t own? How do you minimise the risk of unauthorised access to your data from staff mislaying devices? And how can you ringfence your corporate network and keep it secure if hundreds of satellite devices are accessing it?
We know that people are the weakest link when it comes to network security, whether this is from a phishing attack, unlawful access to information or leaving a device in a bar after work. Add to this the concern about staff bringing in their own unsecured device and BYOD is a lethal cocktail for corporate security.
The first step towards minimising the security risk posed by staff using mobile enterprise devices is to create a clear and detailed policy, and yet few organisations have such a document. Research from the Computing Technology Industry Association’s 2nd annual Trends in Enterprise Mobility survey shows that only 24% of businesses have a BYOD plan in place, which is just 2% more than the previous year’s survey.
Are CTOs in denial? Or do they have sketchy, unfinished frameworks which they haven’t quite got round to completing?
A clear and detailed policy addresses the numerous considerations surrounding staff working on their own mobile devices. Within the policy, businesses should be specific about the devices and operating systems they will and will not support. They don’t want to waste resource supporting outdated operating systems, or trying to install operating systems which aren’t compatible with certain devices.
Businesses need to look at the financials, too. Are they happy to let employees choose, and pay for, their own devices and software? What about offering them a subsidy or company loan to purchase them from a certain manufacturer? In the previously-mentioned Forrester report, 70% of those workers bringing their own devices used their own tablet, and only 15% used a company-issued tablet.
Next, organisations must think about applications which employees need installed on their devices. Letting staff select their preferred apps can empower them and improve productivity, but these should be part of a standardised set of secure enterprise applications which fit the requirements of the business and the individual.
Consider social applications – not just Facebook and Twitter but Tumblr and Pinterest – and their implication, and be realistic about their usage. Palo Alto’s Application Usage and Risk report warns that with almost 1 billion users, social networking applications represent a rich, and tempting, environment for cybercriminals.
A user might click on a link and instigate a background malware download, for example. Businesses might want to ban social networking from the workplace – and research shows that 67% of European CIOs ban Facebook at the very least – but banning them from an individual’s mobile device is intrusive, unfair and in reality nigh on impossible.
The mobile device policy should incorporate detail on how data will be accessed, and where it will be stored. Secure, cloud-based platforms are ideal as they can be accessed from anywhere and restrictions can be built-in. Experts such as Zscaler have specific solutions which secure users who work on mobile devices, and those accessing cloud applications.
Encryption, authentication and authorisation are the holy trinity of data protection. Ensuring that staff make their passwords impossible to guess – and actually have them on their devices in the first instance – is essential. A study by Norton from Symantec found that 46% of respondents admit to not using a password to protect their personal data, which is worrying when you consider that the same survey found that one in four adults have had a mobile device lost or stolen. Tools like LastPass which can hide multiple different passwords behind a single ‘master’ password can help.
Another issue to be addressed with the BYOD framework focuses on what happens when staff leave. Organisations need to think about how and when they wipe sensitive data from employees’ own devices. Clear guidelines must be in place which outline ‘buyout’ options if applicable.
The policy should clarify liability and include disclaimers, perhaps stating that the employee is personally liable for the protection of sensitive data, and the security of the device itself, and that disciplinary action will be taken if the policy is not adhered to.
BYOD isn’t just changing the way CTOs and CSOs work. The entire economy is rotating on its axis as workers can now migrate away from metropolitan centres and live, and work, where they are happiest.
It’s also injecting creativity into the enterprise market, as apps develops flock to create mobile applications which work as well for enterprises as they do for consumers, making it even more attractive and engaging for employees to work using their mobile devices.
Buying a Kindle is, to me, a bit like accepting BYOD: you can swim against the tide and enjoy being the stalwart at book club who claims to love having shelves full of books. Eventually you realise you really want to read War and Peace and don’t want to carry the tome on the train, so you give in, buy a Kindle – and never look back.
BYOD isn’t going to go away, and nor are the issues that surround it. Those companies which integrate it into their organisation in a planned, defined, measured and secure way will reap the rewards.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.