BYOD: Bring Your Own Disaster?
Marc Begg, Commercial Director at Peak-Ryzex
There’s a lot of debate about Bring Your Own Device (BYOD) policies, where an employee is formally given access to a company’s network and data through the personal devices that they use at home. Proponents say that the efficiency gains are potentially significant, bringing down a company’s hardware spend and letting colleagues use the devices that they choose, rather than forcing them into an unfamiliar technology environment and pockets full of smartphones.
On the other hand, there are many people warning that BYOD actually stands for Bring Your Own Disaster, particularly from a security and compliance perspective.
Sleepwalking into it…
Whether IT teams like it or not, employees are increasingly using their personal smartphones and tablets to access enterprise data, both in the workplace and remotely. It’s an issue that IT managers need to address rather than waiting for problems to arise, particularly where companies have large, distributed or mobile teams.
While there are many whitepapers selling the major efficiency gains available by adopting a BYOD strategy within your organisation, they don’t tend to be backed-up by a great deal of evidence. A recent Enterprise Mobility Exchange survey suggested that only 26% of businesses invested budget in a BYOD strategy for the 2014/15 financial year and only 14% stated they had allocated budget for it in 2015/16. This suggests that some companies could find themselves with a BYOD policy by convention rather than strategy, which is going to take away a great deal of their control.
Security and compliance are the big issues
It’s not a question of IT departments protecting their budgets and fiefdoms, there are genuine concerns from a security and regulatory perspective. Bringing in devices that interact with enterprise applications and data that have not been properly tested by the internal IT team can lead to a lack of data control, inadvertent or deliberate introduction of malware and regulatory issues.
The impact of missing or stolen devices, which account for nearly half of security breaches, is also often overlooked. You are less likely to take a work laptop to a nightclub, but would usually take your personal mobile phone. These days that phone could access a significant proportion of proprietary data and a large chunk of the corporate network.
The key is to get a good balance between training and educating employees to make them aware of potential security risks to the business without compromising their privacy. Technology should be about enhancing our lives and the way that we work, and IT teams are not in the business of stopping innovation.
Between anarchy and totalitarianism
A company’s IT estate can be more effective if investment is made in technology that enables management of multiple platforms using the same application. This helps your IT director ensure that any platform is catered for and reduces the headache associated with the management of multiple platforms. Implementing tools such as this enables businesses to maintain the flexibility of having a mixed estate while ensuring effective management.
Financial, technological, security, and compliance are just some of the reasons businesses implement a particular BYOD strategy. As an alternative, businesses may alter their strategy to include CYOD (Choose Your Own Device) also known as COPE (Corporate Owned Personally Enabled) and BYOA (Bring Your Own App). These options can offer a favourable compromise, with employees enjoying greater individuality and freedom while the enterprise IT team is able to maintain better and safer control of their estate.
Whichever approach is selected, the bottom-line is that if mobility is mission critical to your business, you need to know the numbers and pitfalls of deploying BYOD, be aware of the alternatives and make sure you don’t sleepwalk into a disaster.