Preparing your organisation for BYOD
- 05 September, 2012 15:28
While the bring-your-own-device (BYOD) trend has gained momentum among enterprises, it has also plagued CIOs with a range of technical as well as cultural issues making the execution of BYOD concepts somewhat complicated.
As users become more technology savvy, they start telling IT what devices they want to use, and not only expect IT to provide these, but to support them as well. The advent of social media into the enterprise and employees expecting applications of a particular standard at work has resulted in the emergence of a new trend called the consumerisation of IT.
According to IDC’s Worldwide Mobile Worker Population Forecast 2011-2015, 838.7 million employees in Asia/Pacific excluding Japan will be mobile workers by 2015 and majority of these mobile workers will be office-based.
BYOD is both a technical and organisational challenge for any enterprise IT department. In order for BYOD to work effectively and successfully, there are three key areas that CIOs need to address:
1. Technology: Security and compliance
There can be some costs benefits when users purchase their own device, as the company does not have to fork out for the hardware. However, with as much as 70 per cent of the company’s intellectual property (IP) living on email alone, that means a huge percentage of data assets are “out there” on somebody’s smartphone or tablet. Does IT know who has access to what? Can they control that access?
To make matters worse, the volume of data you need to protect is proliferating as fast as the devices themselves.
In order to address data security concerns, you’ll need to examine your employees’ devices in greater detail and implement a Mobile Device Management (MDM) solution to effectively manage this concern. Look for a MDM solution that has features such as being able to enforce device passwords (minimum length, complexity, expiration and history) and device locking, wipe and selective wipe (remove only corporate data), control Wi-Fi and VPN settings. Ensure that the device or its operating system can support data encryption.
You should also ensure that these devices meet a certain standard of compliance before allowing them access to your corporate network. It’s important to ensure that the device hasn’t been jailbroken, rooted and meets the necessary security policy.
An integrated approach to these solutions would give enterprise IT full control over the business part of the device should the device get lost or an employee leaves the company. At the same time, these solutions protect the employee’s privacy by blocking any access of IT administrators to non-work related areas on the device.
2. IT support: Whose device is it anyway?
A more difficult question to be answered by any enterprise is the aspect of IT support. When IT provisions the hardware, there is no question about the company owning what goes on that device. But when employees start bringing in their own hardware, the ownership of everything else becomes more tenuous, bringing with it legal, compliance, and security issues.
When a user working on their own device leaves the company, does that person have any legal right to take corporate data that is on that device?
CIOs have to take into account that the BYOD trend means that they now have to deliver support for a variety of device types by different manufacturers with different operating systems. Bear in mind that IT departments are not being given extra money to support the mobile device choices that they’re expected to manage, much less the structural and legal support they would need to make BYOD safe and productive for the enterprise.
CIO’s Tom Kaneshige wrote, “A CIO simply cannot expect executives to run to the Apple Genius Bar whenever their iPad or iPhone is malfunctioning, especially when there’s a mission-critical task on the BYO device that needs to get done.”
3. Enterprise culture: So go ahead, give users what they want
Trying to give users the freedom of choice, while covering your corporate assets to protect sensitive data, competitive IP and client contacts, can be a tricky balance.
Beyond just securing devices, you also need to prove that you’ve secured the data floating around on them. Auditing and compliance regulations apply just as much to smartphones and tablets as they do to office-anchored desktops. Whether a breach occurs, or you’re simply audited by a trade or governmental regulatory body, you need to be able to prove compliance in an immediate, automated way.
BYOD calls for a close examination of the organisation’s culture as well as clear guidance for staff. An integration of technology, IT support and enterprise culture including having a good security policy in place can ensure a smoother running of BYOD within the organisation.
Finding the right balance between integrating the technical and security aspects of BYOD, while effectively managing the social aspects of this trend, can be tricky. But once the processes are set in place, managing them on a day-to-day basis will ensure a secure, cohesive and balanced BYOD policy for the enterprise.
Chris Gacesa is a technology specialist at Novell.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- HTC unveils new Butterfly s phone that packs more battery life
- Google Glass apps for enterprises coming by early 2014
- iPad 5 rumour rollup for the week ending June 18
- Say 'cheese', Earthlings! Spacecraft to snap home planet pic from deep space
- Social media adds spice to financial services, say banks
Samsung Galaxy S4 vs. HTC One: 5 Reasons to Choose the GS4
High school students still see ICT as ‘sitting at a computer all day’: survey
Does encryption really shield you from government's prying eyes?
Solving the skills conundrum – part 1
"How many of the Fortune 500 companies have access to PRISM? https://en.wikipedia.org/wiki/Industrial_espionage ..."Australia suspected to have PRISM data: Ludlam
Power of Three: Building Mobile Initiatives Guided by Business Goals, Technology and Governance
The use of powerful mobile devices has become so widespread industry leaders in almost every sector have embraced mobility solutions as central elements of their IT and business operations. As mobile budgets grow, so does the influence of business units on mobility strategy. Read on.
Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks
Enterprises and government agencies are under virtually constant attack today. It is clear that the cybercriminals, nation-states, and hacker activists waging these attacks are growing increasingly sophisticated and more effective in their efforts to steal and sabotage. Why are today’s security defenses failing? In this battle, your security teams are using outdated arsenal - download now to learn more.
Enterprise Mobility Management: Embracing BYOD Through Secure App and Data Delivery
The transformation of computing through mobility, consumerisation, bring-your-own device (BYOD) and flex-work offers powerful benefits for today’s organisations - but it poses significant challenges for IT. The first response of many IT organisations to the influx of consumer-grade and employee-owned mobile devices has been to lock down and control every mobile device in the enterprise through mobile device management (MDM) solutions. Find out why Citrix enterprise mobility management is the best approach.