With the rising popularity of “bring your own devices” (BYOD), the corporate world is in the middle of a rollercoaster ride. Many companies are headed up- embracing the idea of employees using their own devices to access company data and perform company business, while others are headed down- keeping it strictly off-limits.
Are companies accepting BYOD?
A recent survey by SANS on mobility, BYOD security policies and practices, found that 1/4 of all companies surveyed do not allow personal smartphones or tablets to access the company network. However, the majority of the remaining 3/4 that do allow it do not have efficient security policies and controls in place to control the personal devices. These companies that do employ some kind of security use a couple of methods. Most use encrypted data protection and secure access to company resources, while the remaining companies used data loss prevention through methods such as anti-malware. Over 2/3 of the companies surveyed said they expected to use cloud based provisioning within the next year.
One interesting factor is that companies that do have policies appear to be taking the functions they are familiar with- authentication measures, firewalls, VPNs and access controls and implementing these functions on the mobile devices. However, many employers are hesitant to install such measures on an employee’s device and instead are relying on employee agreements and education to prevent any mishaps.
Nearly 1/3 of all companies rely on employees to protect the device they are using to access company information and it’s up to the user to delete the data when it is no longer needed.
What about data security concerns?
Many company Chief Information Officers (CIOs) have expressed concerns over company data and infrastructure security because of the BYOD movement that seems to be catching on everywhere. The explosion of BYOD seems to be more about convenience- employees can take care of business in the workplace, at home or on the road. Connectivity is the key. We all want to stay connected at all times. Communications and connectivity ensure that employees stay “in the know” at all times.
Companies must realize that this movement will not go away. Once employees have gotten a taste of the realization of connectivity, convenience and communications aspects of BYOD, they are not going to go back to the way it was before. Companies must take steps to ensure that they are protected throughout the process of implementation of the BYOD.
One profitable aspect of the BYOD movement is that employees will provide their own equipment, their own devices. This can help the company cut down on costs of purchasing equipment for their employees.
Most people know their devices pretty well- the functions, the apps and how to operate them. With the many new technologies and innovations, smartphones and tablets can perform actions as well, if not better than some computer applications. The advances in cloud services allow the employees to perform company business practically anywhere they may be.
One important note is that because employees know their own devices so well, along with the apps and services they are used to, they tend to stick with the cloud services that they are already accustomed to. For instance, the company may use Sharepoint for the majority of its cloud services but many employees may not use Sharepoint. They are more interested in using Evernote than a cloud service they have never used before. When surveyed, many companies (most small companies) had accepted the fact that employees may choose their favorite cloud service over the company preferred service and these companies are looking for ways to merge the various services in order to provide a more efficient experience for the company operation and employee performance.
While companies must accept the aspects of the BYOD movement, this does not mean they must relinquish data security. There must be new security protocols implemented however, and the protocols must make data access, data storage and file transfers compatible with the BYOD movement.
SalesForce and Google Docs/Drive are several preeminent services that form the structure that help produce the BYOD movement. There are many other impressive cloud services as well and companies should not force their employees to only use the company preferred services. Creativity is the key to growth and success and does not need to be inhibited. This can end up costing companies in the long run.
While it’s certainly understandable the security concerns of companies and CIOs, this movement is not going anywhere and the security must change to remain compatible with the BYOD movement that is pushed by the reproduction of public and private clouds, the consumerization of information technology (IT) and the need to harvest large amounts of data. Success will come to those who implement the measures to ensure that BYOD is able to continue, while implementing security measures that protect company data.