Following This Week’s Hot Topics, Bring-Your-Own-Device (BYOD) culture was one the week’s main talking points following a piece of research from Freeform Dynamics. Craig Mathias, Technology Guide, believed that BYOD is "one of the hottest - and most important - trends of the year". However, how much of a trend can it be?
Let’s get realistic. The BYOD trend IS a big deal, whether those in IT like it or not.
The persistent influx of personal smartphones and tablets in a company has IT admins questioning pretty much everything. They can’t help it, they worry about it. However, to embrace this ever-growing culture, more needs to be done to help figure out what to do about BYOD management, security and application delivery. Businesses can raise productivity through BYOD, but it does need to be managed.
Phil Gillard, general manager at SolutionsPT.com, said it is important that remote workers are able to access company data wherever they are to be able to communicate with their bosses, colleagues and clients throughout the day, irrespective of location.
"Maybe not with the day-to-day, minute-to-minute view of what's going on from an operation point of view, but the overall equipment efficiency, energy usage and production downtime data," he suggested.
But It takes a powerful combination of technology, policy and organisation-wide strategy to maximise the benefits of a BYOD programme and minimise the risk. Here are some invaluable tips to get you started, so stop ‘DUCK’ing BYOD culture, embrace it and prepare:
D. Data access control
No one can blame IT (even though everybody does) for being concerned about security. BYOD is no different. There can be many risks to contend with, and it can be hard for admins to know where to start. By implementing BYOD security polices, acceptable use policies, data access control, mobile device management (MDM) and even the cloud can save some admins pulling out their hair – presuming they have any. U. UnderstandingFunnily enough, this is the main problem when it comes to BYOD. No one really knows what it is. Organisations cannot simply dive into BYOD without having the proper groundwork in place. Improve your understanding of why BYOD is even in existence, how fun and interesting it can be and, more importantly, what risks are involved and how to address customer device management.
C. Create and EnforceOnce BYOD has started, it will take over. So prepare. Begin by creating and providing a Bring-Your-Own-Device policy and a mobile device security policy. Simple. Well, not quite. Users will need to know up front what they can and can’t do with their devices. This will save a lot of headaches in the long run. Provide consequences when policy is breached and by using an acceptable use policy, IT and management can lay out the roles and hold users accountable for their actions.K. Knowing the woesHaving fun writing polices and dealing with security issues is just the START of IT’s BYOD troubles. These same admins will have to find ways of dealing with other difficulties too. More common ones include: bandwidth, mobile printing, app management and compliance all have been known to rear their heads. Knowing is half the battle.
The more prepared IT is to deal with these annoying issues, the more smoothly the integration of the BYOD programme can run. Get familiar with these issues, and implementing a BYOD culture will become a lot easier. Even Microsoft has bowed to the age of consumerisation by announcing features in its Windows 8 to fit the trend of hopping and home working.
BYOD are easy-to-use, promotes networking, provide management visibility and control, and provides excellent security protection. It will become dominant in most business sectors very soon. Are IT professionals ready? Here are some leading experts’ views on BYOD culture:
“The most important thing to remember when implementing a successful BYOD program is measurement. You must have some way of calculating the ROI before you start it off, which means creating a dual accounting leger - one for traditional IT investments and one for technologies owned by staff. In this way helpdesk calls from staff using their own kit will be logged separately, for example. From this you can better understand the costs involved and hopefully work out strategies to contain them.
To make sure the program works, it's vital that the IT department involves all relevant parts of the business. You cannot work in a vacuum, nor can IT handle everything. You'll need HR, legal, marketing and sales alongside senior management to make things work and ensure Company culture doesn't come back to bite you.”
Phil Muncaster, Freelance Journalist
"Security has to be paramount when rolling out a BYOD program so as a minimum I would advise companies to ensure all devices have a passcode applied and to ensure that the device can be remotely wiped from a central location in case of theft or loss."
Andrew Mason, Owner of Random Storm
“The first thing is to recognise that saying yes to BYOD is the right thing, it makes the business more flexible, more agile, keeps employees happy and if you're a cynic, gets longer hours out of them to boot. However companies shouldn’t say "yes" to everything for everyone. They should recognise that different Operating Systems and ecosystems offer differing levels of security and manageability. For those with access to the most sensitive information, maybe it becomes "Bring Your Own Blackberry", whereas at the other end of the scale Android is added into the mix.”
Rik Ferguson, Director Security Research, Trend Micro
"Compromise, just a little. Don’t implement BYOD, but CYOD (Choose Your Own Device). Restrict acceptance of devices to those that have a well-founded, well-documented security capability that can be integrated into an organizational strategy. That reduces security risks and potential support issues."
David Harley, Anti-malware researcher/author, ESET Senior Research Fellow
Now let’s have your thoughts. Comment below or get in touch with us on twitter - @MicrosoftBizUK
One of the issues with BYOD strategies is that the rate of smartphone launches usually outpaces the development of security measures. As a result, there is a risk of company and customer information being stored on smartphones that are not secured to on-premise standards. Another issue with accessing corporate information on mobile devices is that CISOs lose visibility of what data is actually being accessed and stored on the smartphone. This is similar to the old risks posed by USB sticks, except that it’s worse, because smartphones and tablets provide the ability to send emails and texts and upload information and images to social networks.
In reality, IT teams are fighting a losing battle in trying to secure devices. The MDM solutions that are currently available really only provide secured partitions. The other issue is that individuals are generally unwilling, quite rightly, to have their employer install monitoring software on their devices. The place to manage, secure and audit information accessed by smartphones or tablets is at the access point: the browser.
By managing access to browser-based apps and auditing activity, IT teams can safely support new devices as they are introduced to the enterprise, without losing visibility of data handling or compromising compliance.