Organizations of all sizes and industries are addressing the phenomena of Bring Your Own Device (BYOD), including here at Sherpa Software. With the proliferation of mobile computing, popularity of telecommuting, implementation of Software as a Service (SaaS)_ and cloud-based applications, allowing employees to use their own laptops, tablets and smart phones for work-related tasks is becoming more common. Advantages such as improved mobility – working from anywhere; productivity – getting more work done in a shorter amount of time; and accessibility – better contact with customers and colleagues are seen as a boon for a modern, flexible workplace. However, unsecured BYOD practices can bring security and liability issues that seriously hamper that flexibility.
A recent survey showed that over 68% of employees use their personal devices for work, despite the fact that only 29% said they had a BYOD policy.
A recent survey showed that over 68% of employees use their personal devices for work, despite the fact that only 29% said they had a BYOD policy. Companies, government agencies and other organizations have deployed a range of policies to deal with BYOD from forbidding all outside devices completely to actively mandating their use. The most popular devices are smart phones – typically a person would rather carry one familiar cell phone rather than two. Common tasks executed from these personal devices include creating and responding to email, business calls and text messaging.
The benefits for BYOD are clear for both the end user and their workplace. One government guideline advises that when BYOD solutions are properly implemented, they can reduce costs, increase program productivity and effectiveness, adapt to a changing workforce, and improve user experiences. Employees can access data from any point, using devices that they prefer. No longer do people need to carry multiple devices (phones, laptops) separating the spheres of their life. BYOD allows for a better integration of personal and work life, a plus for many employees whose jobs do not follow the traditional 9-to-5 model. Ideally, this flexibility will optimize productivity.
From a company’s point of view, it is released from the burden of maintaining devices. The cost savings can be considerable while the maintenance charges are shifted to the end user. An organization may only have to worry about reimbursing data plans, not purchasing and maintaining new hardware. In fact, a surprising percentage of users are willing to pay for their own data if they can use their own devices.
Concerns of BYOD
While the benefits of BYOD are easily spelled out, it should not be forgotten that there are serious concerns. These generally fall into four categories: security, policy, technical and legal. In the traditional model the Information Technology (IT) department is responsible for managing, securing, standardizing and controlling critical company data and systems. Policy is enforced through IT software and content management systems. Risk is minimized. Technology is under centralized control. Data can be recovered and the systems can be relied upon within a consistent design.
However, with active BYOD use, that control moves from a centralized source to those that are highly decentralized and un-standardized. Additional issues revolve around the retention, discovery and compliance implications of corporate data on personal machines. This is a critical concern for both the company (how can they secure, search, apply legal holds, or delete corporate data from personal devices) and the end user exposed to liability and issues with loss of privacy.
Take Advantage of BYOD Benefits
To take advantage of the benefits of BYOD while addressing the concerns of the parent organization and the end user, it is best to find a balance between personal privacy and organizational considerations. To this end, IT departments with successful deployments investigate and implement mobile device management (MDM) solutions as part of the overall deployment of BYOD strategy while keeping their corporate standards of security. Data and network access are secured in anticipation of BYOD. Solutions for BYOD range from virtualization (no data on the local clients) to complete access and comingling of data.
Whichever path is chosen, an effective BYOD strategy takes into account the unique data requirements of the organization. Some companies limit BYOD to smart phones for email and calls only, while others will allow personal laptops to fully access their networks. To help avoid complications, experts recommend that a comprehensive BYOD policy should be adopted clearly outlining the rules and expectations, rights and responsibilities of each party. Among other things, the best policies will spell out and effectively communicate the following (preferably with a signed wavier):
- Which devices are allowed and for what purposes?
- The type of support the company offers for BYOD.
- The type of mandatory MDM software that will be installed on that device for communication, encryption, content management, data erasure or monitoring purposes.
- What minimum security steps are required (e.g. password requirement)?
- The implications of MDM software on personal data.
- Rules for device or data surrender in cases of legal proceedings, compliance or incident response.
- The steps to follow in cases of theft, virus, loss of device or compromised data.
- The procedure to remove corporate data stored on personal devices when a person leaves the organization.
The use of personal devices for work purposes will not be going away anytime soon. Create well thought out policies defining acceptable use and communicate them effectively to employees. Use efficient MDM software, audit your processes and address legal discovery, liability and compliance issues. With this strategy in place, an organization can reap the benefits of BYOD instead of suffering through a poorly implemented or ignored ‘Bring Your Own Disaster’ policy.