As we covered in the first installment of our BYOD blog posts, there is a growing movement among enterprises to embrace BYOD policies on behalf of their employees. There are a number of factors contributing to this shift, including employee personal preference, increased productivity due to OS comfort, the ever-tethered nature of your relationship to your phone, and lower hardware price points vs. computers.
In part II of this blog mini-series, we covered why BYOD can be good for your business as well as your employees; your staff is more efficient and happier, and it can improve your bottom line. On the other hand, it’s difficult for IT departments to: implement cross platform solutions, handle the increased number of variables posed by the numerous hardware systems, and most importantly, contend with security issues. This leaves us to answer the question, how do you contend with the security threats and general drawbacks inherent with BYOD policies?
What should concern you?
You want your employees to be efficient and optimized when they’re out of the office — this is part of the promise of smartphones and tablets. That being said, what happens if they lose one of their devices? Or if they’re carrying sensitive data and use it within third party apps that aren’t secure? With the new Apple AirDrop feature on iOS, how do you monitor where people are sending files when they don’t travel through your enterprise email server (e.g. Exchange)? How do you ensure that employees with lower clearance levels can’t access more sensitive files on their tablets as opposed to their computer? What if a colleague AirDrops it to them not knowing they’re not supposed to have access to it? How do you track who has what data in your workforce in general?
“The problem, in simple terms, is that BYOD policies leave IT departments in a gray area — the phone is owned by someone else, but you want to protect your data on it,” concludes Peter Weiss, CEO of NuIT Consulting and BYOD expert. “Companies will simply say, ‘oh, let them use their email on it, no big deal,’ but there are so many other concerns you have to contend with as an IT department.
What you need to be thinking about…
“The only way to implement a coherent, secure BYOD policy requires one thing above all others — planning,” continued Weiss. “You have to ask yourself so many questions: how many employees are you responsible for? how many total devices? only phones or tablets, too? how much access or security does each device require? how much can each device access? what do you do if someone’s hardware goes down? Even if you’re subsidizing the plans or the devices, if the hardware dies, who is responsible for buying the new one? You want your employees to be reachable at all times, but they don’t want to spend the money for a new smart phone — what do you do in that situation?
“The bottom line is that there is no ‘one-size-fits-all’ approach to BYOD; you have to consider too many variables, meaning the planning stage is just as important as the implementation stage. You need to define security profile groups; you should put into place a BYOD terms & conditions plus provide and require training for every employee detailing how they can and can’t use your data; and, you need to have a defined device replacement policy. These are the types of things you need to think through and be prepared for when you’re looking to implement BYOD.”
Need a little help?
The good news is that there are firms that build and support comprehensive platforms to handle all BYOD enterprise obstacles (usually called MDM or EMM providers). There are consulting groups like NuIT that can help you traverse these waters and choose the correct solution provider(s) for you. Furthermore, talented app developers can build custom tools for your organization to achieve the same goal with greater customization.
You’re not alone with your questions and concerns, and there are able solutions providers willing to work with you to overcome them.