Bring Your Own Device or ‘BYOD’ has become a trend which companies can no longer afford to ignore. With the explosion in the popularity of devices and applications, the divide between what is a ‘corporate’ device and what is a ‘personal’ device continues to blur. While this can have many positive benefits, including better productivity and work / life balance, it also comes with increased complexity and security risks for the business. This puts pressure on the CIO to manage and secure all devices that are being used, as well as their applications and data.
In many instances companies are playing catch up around BYOD. If governance and information management policies are not up to date, BYOD can bring additional complexity which makes organisations more reluctant to implement the necessary checks and balances.
It is however no longer a question of weighing up the work required to implement a proper BYOD policy, against the increased productivity that BYOD can provide. The ubiquitous nature of devices means that companies without BYOD capabilities will see employees increasingly working outside the system, finding shortcuts and utilizing unauthorised methods to access and share information.
While the company may prioritize security, employees will generally prioritize convenience. Information Security Officers (ISOs) are learning that regardless of what policies might be in place, it is difficult to change the way employees access applications and data. It is also important not to disrupt their user experience and negatively impact the ease-of-use. Mobility and cloud are pushing the BYOD movement and with this in mind, ISOs need to build BYOD plans that allow for security while not impeding the functionality for the employee.
There are 5 areas that a company needs to consider when they implement an effective BYOD policy. These are:
• Mobile Device Management (MDM)
• Device Selection
Security – Security should be the highest priority for the company. Some of the security aspects that the company should consider include: ensuring compliance with standards, implementing identity-based management, outlining network and application specific policies, and ensuring data protection.
Mobile Device Management – Mobile Device Management (MDM) software should be at the heart of any BYOD program. It allows IT to enforce security policies, offer support to end users and optimise use and expenditure efficiency. It also prevents data theft through unapproved applications, adds encryption and allows administrators to remotely wipe the device if it is lost or stolen.
Device selection – When it comes to device selection it can be helpful for the company to specify preferred devices as well as platforms. The fewer platforms an IT staff or third party consultant needs to support, the higher the quality of support will be.
Training – it is important to train employees on the BYOD policy within a company. This will ensure that they abide by the various security regulations around their device and are able to utilise their device optimally.
Support – Under a BYOD policy, companies will need to offer IT support across a number of devices so that all employees will be able to address problems and fix any technical issues with their devices.