In the '60s and '70s it was Bring Your Own Bottle; today the fashion is Bring Your Own Device (BYOD). In fact, many CIOs are receptive to the potential benefits the BYOD phenomenon offers their organizations, but awareness of the security issues is critical in the early stages of implementation.
The push to develop and own the latest device technology is coming from staff at all levels, who are requesting – even expecting – combined rich user-experience from their personal smartphones or other mobile devices with access to company systems.
The reality is that many people now rely on email on-the-go, being able to check calendars between meetings and even social media contact and monitoring. BYOD, however, should be viewed as much more than this.
First, exploiting the personal investment already made in phones, tablets and – where applicable – laptops can mean significant cost reductions for large organizations. Also, staff is usually willing to progress some work or check business e-mails using their own device if they have a spare five minutes. The latest smartphones and tablets are slicker and offer greater functionality than ever before, meaning staff are more likely to pick up the device and perform more functions.
IT support teams also see benefits. One FTSE 100 organization reported a 20% drop in help desk support calls after it had rolled out BYOD, attributing most of this reduction to users being much more familiar with their devices, thus cutting the number of 'how to' calls.
BYOD undoubtedly facilitates the transition into the next generation of corporate collaboration tools. While these are yet to mature, once collaborative working via the cloud becomes commonplace, BYOD has the potential to drive the business returns even further.
Although BYOD still in its infancy, a key aspect of implementation is cross-referencing benefits and challenges with operational dynamics – data storage, appetite for risk and security – and configuring a workable offering. Much of this is common sense and, whether labeled cloud, BYOD, or any other ‘buzz’ solution, is simply good IT practice.
Network access control (NAC) is also nothing new, and technology exists to allow greater control of mobile device access. These solutions range from software-based options, through to embedded hardware solutions such as Wi-Fi controllers that 'fingerprint' devices.
Data security is, perhaps, the greatest challenge, particularly with the rise of enterprise-based cloud services. As well as the common-sense security measures, the biggest corporate security issue is data sharing. Google Docs, for example, allows uploading of most types of regular data files, while Skype also allows instant file and screen sharing. Clear policies are critical for these types of activities, particularly when employees may be regularly sharing personal data out of hours using the same devices.
Placing a thin client on a smartphone with suitable authentication is no different than having it on a laptop. However, many users want some form of always-on data/application provision, and this is usually where security becomes an issue. Currently, there are a number of ways to ensure you can have your device-rich cake and eat it too, from 'remote wiping' a device, through to time-limited access.
It’s vital for companies to recognize the need for the lightest possible touch in solving the data security issues associated with BYOD, bearing in mind that device owners are already used to making their own decisions about downloading personal apps and services – whether informed or otherwise – without someone looking over their shoulder.
Above all else, go into BYOD with an open mind and a supportive attitude. The end result may be positive for both organization and user, but you are still dealing with individual communication. The clue is in the word ‘own’ when it comes to BYOD.
Martin Lunt is principal advisor, CIO Advisory, KPMG. Lunt has extensive experience in delivering systems infrastructure projects and programs. His areas of expertise include IT strategy, technical design, build, planning, deployment and technical management.