For many organizations, Bring Your Own Device (BYOD) is the “new normal”. Yes, some still try to resist it on security grounds, but history shows that when you put blocks in the way of people getting what they want, they figure out ways around those blocks — and the end result is worse security, not better.
The fact is, if your people are going to BYOD — and they are — you are far better off knowing that it is happening and helping them achieve it securely. With that in mind, here are some key steps to help make BYOD work for you.
1. Have a BYOD policy — and make sure people understand it. Too many organizations either have no policy or don’t communicate and enforce the one they have. In a recent study by the Ponemon Institute for backup specialist Acronis, almost 60% of those surveyed had no personal device policy in place, while in a separate report by virtual desktop company Navisite the figure was 55%. Acronis added that almost 80% of organizations hadn’t educated employees on BYOD privacy risks, either.
That’s a problem: if staff don’t know what the risks are or how to avoid them, then you have serious security and regulatory compliance issues. It’s even worse if, like quite a few organizations, you are making exceptions for executives, who are even more likely to handle sensitive data.
2. Upgrade your network. Colleges and schools show the way here — and the students of today, who carry multiple devices and expect reliable, fast, and pervasive wireless coverage, are the employees of tomorrow. Bank on two or three wireless devices per person, and while you are adding 11n or 11ac Wi-Fi to support that, don’t forget to upgrade and optimize your backbone LAN and WAN infrastructure too.
3. Remote device-wipe when people leave. Most organizations today do not perform remote device wipes when an employee left the company. Given how much corporate data they could have, this considerably increases the risk of data leakage. Of course you don’t want to wipe their personal data too, but the technology exists to build dedicated enterprise apps or sandboxes which can be wiped independently. Some phones even have it built in — examples are Blackberry Balance and Samsung Knox.
4. Mandate passwords and locks. Far too few companies mandate a device password or key lock on personal devices. Mobile Device Management (MDM) software can be used to enforce this, and if people don’t like PINs there are alternatives, such as picture passwords.
5. Get some Apple expertise. That’s not just iPhones and iPads — there’s a strong chance that even if you aren’t seeing BYOD Macs now, you will do in the next year. According to Acronis, 61% of organizations say compatibility and interoperability remain big obstacles to getting Macs compliant with IT, so that’s something you will need to fix.
6. Manage the cloud too. Corporate files are commonly shared through cloud storage services such as Dropbox, iCloud, and Skydrive, yet if the Acronis study is anything to go by — and I strongly suspect it is — then 69% of organisations don’t have a policy in place around public clouds and 80% haven’t trained employees in the proper use of these platforms.
So when you write your BYOD policy, don’t forget to include Bring Your Own Cloud — and make sure you offer staff an equally attractive and capable enterprise-grade equivalent so they have no excuse for breaking the rules.
7. Look for platform-independent routes e.g. virtualized desktops. One way to boost security, albeit at the expense of bandwidth costs, is to ensure that your data never leaves your data center by letting users work on it remotely, using a desktop virtualization approach. One such is the desktop-as-a-service platform promoted in the Navisite study I mentioned above, but others include VDI (virtual desktop infrastructure) and application streaming.
To sum up, once you include the costs of making it secure and workable, BYOD probably won’t be the money-saver that some have hyped it to be. But you can stop it happening, especially now that something like one person in three expects to work from multiple locations, and that in turn means you have better make the most – and the safest – of the opportunities it brings.