Sometimes it seems as if “bring your own device” (BYOD) is all anyone at the intersection of business and technology can talk about these days. Understanding how CIOs are responding to the infiltration of personal devices into the enterprise depends on whom you ask. Some will tell you they are welcoming BYOD with open arms. Others claim CIOs are still resisting the invasion. The reality lies somewhere in the middle.
While there are evangelists and holdouts on opposite ends of the spectrum, most CIOs have begun to embrace the benefits of BYOD and to brace for the changes. After all, who doesn’t want to empower employees to manage their own technology so they don’t have to rely on the IT department? Unfortunately, the elation that this new freedom brings easily morphs into alarm when you dig deeper into the security issues that can arise in a BYOD environment.
For IT, the notion of employees leaving their data-laden devices in a coffee shop or on a plane is a nightmare. Another major concern is that staffers will bring more than their personal devices to work. Malware and other attack vectors can hitch a ride and wreak havoc on corporate networks, including exposing sensitive information.
Most companies are still grappling with exactly how to reap the rewards of BYOD while reducing the risks. Only 43 percent of companies have rolled out a BYOD security strategy, according to PwC’s 2012 Global State of Information Security survey. Following are three steps that businesses can take to transition to a BYOD workplace:
The first thing that IT leaders should do is address the software issue. The enterprise is at least two or three years behind consumer devices. Things are moving so fast that hardware is unimportant. Before doing anything, decide which platform — software, software development kit or integrated development environment — makes sense for the organization. The emerging development platform is HTML5, but select a platform that’s the right tool for your business needs.
If software is first, then security, authentication and user entitlements come second. It’s about controlling the device with mobile-device management (MDM) software, encryption and strong authentication; and appropriately limiting network access for those devices to select services that are rolled out over time. Deploying strong authentication and the security features of MDM can be challenging. A firewall can help, but solutions such as app portals, virtual private networks, MDM and certificate-based authentication are all needed for BYOD. The other challenge is device diversity. The various configurations for iOS and Android are needed. You might not be ready to bring in any device, but limiting platform diversity is the trend.
If you’re installing MDM software onto employees’ personal devices so you can remotely wipe the data in the event the device is lost or hacked, clearly communicate to employees exactly what can happen if they don’t back up their files. Imagine the heartbreak when an employee loses pictures of his or her children, for example.
Work in coordination with human resources and legal counterparts to keep your policies palatable to employees and enforceable for risk managers. Require employees to take the necessary precautions to protect themselves and the business, but don’t go too far in dictating what employees can and cannot do with their own equipment.
BYOD is blurring the business and personal lives of employees like never before. It’s essential that CIOs manage both the technical and the people policies surrounding BYOD with great care as they approach these uncharted waters. Wade through all the issues completely and phase in this new approach slowly and methodically while continuing to provision desktops, notebooks and other mobile devices. Then you’ll find the right balance that works for your employees, IT and the business.