The introduction of personal devices to the workplace brings potential security complications. Many users do not follow good security practices, failing to implement even simple precautions, such as password protection. Companies that fail to take a firmer stand on personal devices are inviting hackers to infiltrate their system, but too many BYOD policies have focused more on satisfying employee convenience than on protecting business processes.
The next iteration of policies, BYOD 2.0, emphasizes company software, cloud features and restricts personal use during work hours. These policies also give more control to IT departments in the areas of software selection and links to existing processes.
Ramses Gallego, international vice president of Information Systems Audit and Control Association (ISACA) and security strategist and evangelist at Dell software, says the BYOD acronym implies an invitation to bring your own device to work. In today’s world, employees likely will bring their own devices regardless of whether or not they are welcomed.
When used during working hours, social media updates to family and friends can distract employees and drain productivity, as employees wait for replies or respond to personal messages. Their activities affect network bandwidth, and the use of YouTube and other video streaming sites also creates problems for some companies.
Managing productivity concerns
BYOD provides easier access to company resources and data through such devices as tablets and smartphones, but whether or not they are being used productively is another matter entirely.
“Email, contacts and calendar are the most productive features that can be synchronized to personal devices, but compatibility between platforms and operating systems versions remains the most difficult challenge for IT administrators,” says Vaclav Vincalek, president of Pacific Coast Information Systems Ltd., a Vancouver, B.C.-based provider of strategic IT consulting services. He says managers need to monitor productivity levels after BYOD is introduced to ensure that project goals are maintained and that employees are not distracted by personal notifications on their devices.
Dom Chard, business development manager at Gamma Business Communications, a U.K.-based supplier of voice, data and mobile products and services, says businesses benefit from having a single operating platform.
“It makes the job of IT and security managers a lot easier. The user experience [is] smoother across whatever piece of hardware they happen to have with them at the time. Windows 8 is starting to make that a realistic expectation.”
Unfortunately, a single platform is unlikely in the tablet or smartphone markets, given the popularity of iPhone, iPad and Android devices. That leaves many of the work/life balance problems that have accompanied BYOD, which Chard says, is “going to be a whole lot tougher than standardizing on a single [operating system].”
Allowing personal devices in the workplace also means allowing the apps on each device. Controlling use of these apps is an important security concern, as the user has control of the device. BYOD also means BYOA, or bring your own app, as well as different platform versions such as iOS, Android and Windows. Each of these bring their own risk.
“Games can incorporate a worm, virus or Trojan and, if downloaded, can compromise a company network once connected,” says Gallego.
The addition of BYOD can often place a strain on company resources, as each device is constantly communicating over Wi-Fi. Vincalek says businesses can learn from BlackBerry, which he calls “an expert in conserving bandwidth for business users,” noting that even during 9/11 users were able to maintain contact despite network pressures.
Other vendors, he says, use uncompressed data to communicate for all updates and app features that can seriously impact a network. While it eliminates the need for compression features, it does increase the bandwidth required to perform these tasks.
“How they interface with business networks is defined by company policies from multiple departments, ranging from IT themselves to HR and legal,” says Gallego, who recommends a “my castle, my rules” approach to device integration on company networks. He suggests app provisioning by user role, where each user is grant access to software according to employee role, as well as patch management strategies for each operating system to ensure security vulnerabilities are patched once identified.
Companies must adopt mobility strategies to remain competitive and cater to user demands, but identification of risks is crucial for BYOD implementation. “You have to adapt and adopt mobility in your IT strategy and risk assessment plans,” says Gallego. “If not, BYOD will mean ‘bring your own disaster.’ If, for example, a device is remotely wiped and precious family photos belonging to the employee are lost, the HR and legal implications are obvious.”
The next iteration of BYOD will provide companies with more control by specifying allowed platforms and operating system versions, according to Vincalek. And Chard says it will correct many of the problems created by BYOD.
“Thus far, BYOD has been a profusion of different devices, different operating platforms, different mobile networks, Wi-Fi standards and levels of user [access],” he says. “The end result is a nightmare for IT departments to manage and for security managers to lose sleep over. It’s way past time for [companies] to take back some control. BYOD 2.0 is what will see that happen.”Tags: IT Security,Productivity,Technology