Many employees want to use their personal devices in the workplace. Personally owned devices are usually faster than the desktops supplied by employers. Employees know how to use the operating system, they have the software they need already installed, and it allows them to be more flexible about when and where they work.
These are all great benefits for employers. The power of new technology can be harnessed without expense, and productivity can increase.
Some may believe technology vendors are the driving force behind BYOD. It is true that vendors have embraced the BYOD movement and are pushing for their new devices to be used in the workplace. However, it is employees that are really driving the movement. They want to use their own devices in the workplace as it makes their lives easier.
Unfortunately for IT security professionals, keeping control of the devices is thought to be virtually impossible. The security risks introduced by personal tablets, Smartphones and laptops are numerous. BYOD is seen as a data security nightmare and a security breach just waiting to happen.
But what are the risks introduced by the devices? Are they as problematic as security professionals believe?
What are the problems with Bring Your Own Device (BYOD) programs?
- Many IT professionals dislike BYOD, but it is not only for data security reasons. Managing BYOD requires a considerable amount of planning and time. IT staff are usually pressed for time as it is, and that is without having to manage personally owned networked devices. Budget increases to manage BYOD are rarely sufficient and extra staff are often not employed to cope with the additional workload.
- Devices owned by employees must be allowed access to corporate networks. They are also used to store sensitive corporate data, yet those devices are taken outside the control of the company, used at home, taken to bars and are often lost or stolen.
- The devices can cause problems with compliance, especially in highly regulated industries.
- IT professionals must ensure data can be remotely erased, and protections are put in place to prevent the devices from being infected with malware.
- Another problem is how to make sure data can be removed from the device when an employee leaves the company. Controls must therefore be put in place to ensure data can be deleted remotely, and access to corporate networks and data must be terminated.
- If data is stored on the device, it must be configured to store personal data and work data separately. The IT department cannot remotely delete all data on the device. Some will belong to the user!
There are solutions to make BYOD work effectively. Work data can be stored in the cloud, instead of the device. This makes data management much easier. Policies can be developed to ensure security vulnerabilities are not allowed to develop. Management may be complicated, but software does exist to make the process much more straightforward and less labor intensive. Many software security solutions have been developed specifically for BYOD.
BYOD may require a considerable amount of planning, and will require budgets to be allocated to ensure the devices can be effectively managed; but, if the result is a happier and more productive workforce, the benefits than can be gained by employers are too numerous to ignore.