It doesn’t matter whether you are an IT administrator or end user, Bring Your Own Device (BYOD) potentially presents its own set of challenges.
New technology brings more ways to access data and new types of devices that have all created a shift toward BYOD in what Apple CEO Tim Cook once described as the “post-PC era”.
BYOD is more than just personal computers though, it is smartphones, BlackBerrys, iPads, Galaxy Tabs and more. The concept of BYOD has now even broadened to include software and services as cloud services provide far greater accessibility.
The shift toward BYOD in the workplace is becoming the expected standard from employees in the modern day workplace.
Prohibiting personal devices does little to solve any security concerns as employees will just end up using their own devices anyway, unmonitored and undeterred by any security policy.
The success of any BYOD program is ultimately measured by your employees’ willingness to use their personal devices within the rules you set for them. Your organisations security procedures and policies should determine whether and how you adopt BYOD.
However once you overcome the challenges of BYOD a new monster rears its head in the form of BYOS: Bring Your Own Software.
The same technologies that have driven BYOD also allow users to access non-company software, effectively know as Bring Your Own Software (BYOS).
Cloud storage providers such as Dropbox provide users with a way to collaborate on and transfer large documents however these documents could contain data that falls within the scope of your company policies or regulatory guidelines which could place your data at risk. It is important to evaluate how cloud storage providers transport and store your company’s files.
Your company’s security, BYOD and BYOS can co-exist and it all starts with planning.
Here are 7 Steps you should consider when developing a BYOD security plan:
- Identify the risks that BYOD introduces to your business
- Implement a focus group around BYOD and understand the risks and their implications
- Decide how you will enforce the policies for user-owned devices that are connecting to your network
- Build a strategy plan to address all key issues and scenarios
- Evaluate solutions to effectively manage network devices and manage security issues
- Implement solutions starting with a pilot group across multiple business units
- Periodically reassess your solutions and assumptions
Implemented properly, a BYOD program can reduce costs while increasing productivity and revenue. As BYOD goes mainstream in IT departments, security should always be a top priority for users and IT administrators alike.
50 Comments
John
This is so true you can't stop an employee from using their own personal device like this because they are going to sneak around to do it if you forbid it in the work place. Depending on what they do on the device is it really that bad for them to use their device in the first place? I don't understand the whole security part of all this but I will continue to research it.
Vickie
This is interesting I worked at a place that used dropbox all the time because the boss worked from home and in order to get the material printed t the office he would put it in the drop box for me to access. I had no idea that it could be a problem and it could place the data at risk, I will have to make sure to tell him about this.
Brad Davidson
Hi Vicki, thanks for your comment.
I just wanted to take a moment and clear up that we don't believe that there are any obvious security risks with Dropbox from a technical perspective however in order to truly assess any risk you need to compare the security and encryption standards on offer from the service you use against your needs as a company to determine if you believe that any genuine risk to your data exists by having it stored or transported across these portals.
Angela
I was very intrigued by this because I had not heard of it before and I started working at a church no less that used it all the time to get the pastors sermon note to us from his home so that we could have them printed and ready for the service on Sunday mornings. This has explained for me exactly what it is and how it worked thank you for that.
Robert
I do not agree with what some are calling the post PC era'. I do not have any intention of buying a tablet or using a smart phone of any size because they do not have the processing power of a PC. I am a developer and a video editor and as long as those of us exist, there will always be a need for laptop computers. However, I do agree with the BYOS concept.
Roberta
Robert I agree with your statement, I am not interested nor will I ever be interested in using my smart phone or tablet to do the work that I need to do on a daily basis, I will always have a need for a laptop or a home based PC no matter what they come up with for the new mobile devices. Have you ever heard of leaving your work at work?
Marlin
I understand the advantages of BYOD. There are compatibility issues between the software a company runs and the applications an employee may be trained at operating efficiently. So it makes sense to live go by this philosophy when necessary. But if this prohibits employees from using their own software for personal use, I just don't see the purpose of that. Maybe this is nothing more than a misconception of the concept of BYOD.
Wilma
The number of smartphones in use across the globe will reach 2 billion by the end of 2015, according to many estimates. If you haven't been encouraged to establish a program to allow employee-owned devices to access, at the very least, corporate email, calendar and contact systems, it's a virtual certainty you will be now. BYOS will soon be practically unavoidable in the work place.
Edward
This growing trend in BYOD and the inherent security risks could prove to be a real, legitimate concern. In fact, I would not be in the least surprised to hear some time in the future about a news story involving corporate espionage or a large company getting hacked and their clients' sensitive financial information getting compromised. It happened to Zappos and other companies from within.
Shane
Call me paranoid, but it seems to me that employees' privacy concerns and companies' security concerns could collide as BYOD security tightens in workplaces around the country. A new category of tech systems, referred to as mobile-device management, or MDM, is taking root, enabling implement and enforce policies that restrict access to company business apps and databases. This is a clash of the ITans'.
Anthony
I can see how this could be bad or good either way depending on the people you have working for you and the willingness to comply with the rules like you said. I would also think that this would be taxing on the company at first as well because you would have to boost your WIFI speed considerably to accommodate all of the devices being used. And those poor IT guys.
Lauren
The security that the IT department is going to have to enforce would be terrible and a headache for their people however I can see the advantages to allowing this to take place and the disadvantages. If you have the employees using their own devices they might get more work done because they are used to the device being used to do the work.
Robert
This BYOD movement sounds like it could be a very slow transition. It will first evolve in the work place but eventually it will go mainstream and I suspect this will happen with the consumers usage of mobile devices. And as businesses start to use apps which geo target consumers, the mobile devices that consumers use to shop with will only continue to grow in numbers.
Tammi
I can see why the whole BYOD concept presents security risks. A business should be concerned about such vulnerabilities. There is no telling what apps have security vulnerabilities and that could compromise a business network. I tend to run bittorrent client software and I am not even sure if I am at risk because of this file sharing software. A bittorent program is not like Lime Wire which I know has security risks.
Anita
Just last week, my iPad was stolen from my car. At the time, I had it powered on with my business email account open. Within an hour, I was able to get my service provider to remotely wipe it clean of all data. While I lost the information and photos I had on the tablet when I wiped it clean, doing so was my choice to make. But in some workplaces, the decision wouldn't have been mine. An employer could have made it for me.
Gussie
I am still not a believer in the so called post PC era. I am not denying that it is happening, I just prefer to use a laptop computer because computing power is of the utmost importance for me rather than mobility and small size. I prefer a large screen size because I need it to design and edit video. So I'll be one of the last to make such a lifestyle change.
Kevin
I keep seeing how these Bring Your Own Device programs are thriving in companies everywhere, thanks to the popularity of iPhone, iPad, and the powerful iOS platform. I've seen how with a controlled level of security, employees have secure anytime access to corporate services, including work email, calendars, and contacts. They can also get up and running quickly by accessing a dedicated web page with step-by-step instructions for connecting iOS devices to the corporate network.
Columbus
I read that free mobile software apps are much more likely to pose data security and privacy risks to consumers and businesses than paid software. This was what a new study of 1.7 million Android apps from Juniper Networks indicated. Mobile apps are relatively new, at least to some people. I wonder if this fear is having an effect on app developers' revenue due to buyer resistance.
Dean
I know here in the US this is becoming an issue, because there are so many smart phones and tablets out there it is hard to manage every employee and keep them from using their device but as many have said you can control what they are able to do on them while on the premises of the company. This was a very good post, is this a big issue where you are?
Mary
Despite much discussions around potential risks brought about by bring-your-own-device adoption, most organizations today continue to ignore simple security measures and employee education to protect their business environment. In studies done, employees said their organization prohibited personal devices from accessing the corporate network. So it goes to show you how much of a concern security is when it comes to the BYOD trend.
Dale
Bring Your Own Device is a huge trend in corporations, hospitals, and universities cause it allows employees and other users to access the corporate network with their personal devices. Employees greatly appreciate the convenience, while businesses recognize that BYOD allows their staff to be more productive and provides substantial cost savings on equipment. But I think that one day not too far into the future, we will see this concept's full fruition.
Tammy
Security risks (lost devices, access to sensitive data) are definitely a part of BYOD. However, these risks can be reduced by keeping data and applications separate from personal devices. That means that there's no sensitive data exposed if an employee's device is lost or stolen. an HTML5 RDP client that enables users to connect from most types of devices to any RDP hosts and run full Windows desktops or applications in a browser tab.
William
Security must be a big issue because BYOD involves practically every kind of device that can connect to a network, and trying to merge all the myriad of devices to work on networks and cloud services. Unless there are standards and regulations put into place, as opposed to an open source of systems, I don't security ever being safe. So for each person who prefers BYOD, it is use at your own risk.
Frankie
A lot of people are talking about BYOD, or the "bring your own device trend. We know users want BYOD, and we know that companies and some users are nervous about it. The reality is that BYOD is here whether you acknowledge it or not. Your lack of support doesn't keep iPads and home computers out of your office. So it's time to embrace it.
Miguel
If you think the whole Bring Your Own Device (BYOD) movement is just a fad or something your IT organization will never buy into, it's time to reconsider. BYOD is here to stay and it's only going to become more pervasive in the coming years. Security risks are always going to be a part of any wireless type network. So I don't expect the potential risks to debunk this movement at all.
Dexter
Corporate attitudes toward bring-your-own-device policies appear to fall into one of three categories, according to a survey of IT users that I read about: There's no official BYOD policy, devices are banned, or no one talks about it. This survey showed that while the BYOD movement is in full swing, immature policies are putting sensitive organization and employee data at risk. Findings also highlight the fact that BYOD's value for many organizations is, at this time, mediocre at best.
Lyle
Corporate attitudes toward bring-your-own-device policies appear to fall into one of three categories, according to a survey of IT users that I read about: There's no official BYOD policy, devices are banned, or no one talks about it. This survey showed that while the BYOD movement is in full swing, immature policies are putting sensitive organization and employee data at risk. Findings also highlight the fact that BYOD's value for many organizations is, at this time, mediocre at best.
Michael
To me as a business man I think that the risks out weight the rewards by far so this is a very interesting article. You have done a good job of laying out both sides and convincing me that we should always look at both sides of the coin before throwing it out. Keep up the good work because I for one didn't think about the rewards at all.
Bob
I am afraid that there are more risks than anything else but I want to try it before I say it isn't going to work. Is there a temporary solution that you can put into place that will allow you to try this BOYD thing but not put it into place permanently? Thank you for the work you have done this is a great post and I will keep watching.
Barbara
When I think about it, the BYOD movement was inevitable, especially since mobile devices now come in all shapes and sizes, from smartphones, notebooks and tablets, to the new-breed hybrid convertibles and detatchables that made headlines at the Consumer Electronics Show 2013. While mobility boosts enterprise employee efficiency by delivering "anywhere access to business data and systems, it obliterates what's left of the increasingly ineffective corporate network perimeter.
William
It's interesting that Federal Chief Information Officer, Steven VanRoekel, issued a document intended to serve as a toolkit for agencies contemplating implementation of BYOD programs. The toolkit provides key areas for consideration and examples of existing policies and best practices. In addition to providing an overview of considerations for implementing BYOD, the BYOD Working Group members developed a small collection of case studies to highlight the successful efforts of BYOD pilots at several government agencies.
Judson
It's no secret that the momentum of the BYOD (bring your own device) trend has surged like a tidal wave across organizations of all sizes and industries recently. With the diversity of security attacks globally, it is getting more difficult and complex for small and medium-sized businesses to assemble the right in-house resources to protect themselves against the cyber threats they face. This could be a data breach through the network, data leakage by employees, or lost laptops or mobile devices.
Suzanne
I think that the rewards to the risks are far greater and they deserve the opportunity to happen. You have done some great work on this post and I think if every business owner that is allowing the BYOD would read this then they would see that they will benefit from this as well. Keep up the good work this is a great post and I look forward to more.
Jonathan
IT is now challenged with implementing personal device security procedures that keep networks safe from infection and protects data from being lost or stolen. This is clearly the biggest and most important challenge that all businesses face when considering this as part of their company's policy and day to day operations. If I were a business owner or CTO, I would be very concerned about something catastrophic happening as a result of some mistake or malicious attack on my network.
Randy
I have ran into the risks of this BYOD thing going around because I had an employee that had some proprietary secret information on his phone about our pricing and things like that and he gave it to the competition right before he went to work for them, so to say you need to have some really good security measures in place is an understatement.
Mariann
Although employees like bringing their smartphones to work with them, and employers are letting them do so, new research released at the RSA Conference shows that bring your own device raises security risks. Also at the very same conference, though, security vendors announced new technologies that might help to make BYOD a safer practice. This is how the evolution of BYOD is going to go. Vulnerabilities are exposed and developers rush to sell a fix solution and then the whole cycle gets repeated until one day, it achieves perfection.
Julio
Has anyone experienced either the risks or rewards of this yet? I have heard a lot about it but this is something that you hear about the "Chances and nothing ever comes of it so they are using it more as a scare tactic than anything. If there has been anyone that has experienced this then please leave a comment so we are aware.
Richard
The key to this is to offer a secure BYOD program that maximizes the productivity and satisfaction of your mobile employees while cutting costs. One company I read about claims that their secure container places a secure partition between personal and business data to protect email and other programs. As a result, you can deploy BYOD with total confidence that your confidential data and apps will remain secure.
Myrtis
I love the idea of implementing solutions by starting pilot groups across multiple business units that will solve a huge problem I see coming down the line with this. You have a lot of good ideas and I look forward to putting them to the test because we will be working on this soon in the company I work with and I will pitch your ideas to them.
John
I think BYOD pilots is the way to go in any company even if it has already been tested elsewhere, a company might be different from the one that this was tested on so you would want to run test specific to what you do and how you operate. This is a very helpful idea and one that I think many people in business will use. Thank you for the post.
Naomi
I have read that inadequate bring - your - own - device policies are leaving small to medium-sized businesses open to attack by cyber criminals. At least that is what one firm reported. Despite progress in educating employees and IT managers about basic network security, they are still woefully under-informed about the threats they face when using consumer devices, such as smartphones and tablets, for work purposes.
Dale
A lot about BYOD has changed in the past two years, as people use diverse, potentially insecure devices to access enterprise applications. There's no avoiding the Bring Your Own Device trend - particularly if your workforce includes mobile employees, contractors, consultants and partners. But how do you give distributed workers secure access using devices of their choice? It seems like a balancing act - a double edged sword.
Miguel
The BYOD concept is not really news. It emerged a few years ago, when the app-centric smartphone triggered a revolution in the mobile technology. People saw the advantage of using one device for several purposes - staying connected with other people on social networks, storing important documents, accessing sensitive information, e-mailing, banking and more - and the convenience of using it for personal and work-related purposes.
Tammy
I am not sure if I agree with what that one executive called the post PC' era. That would imply that personal computers are to be made obsolete by mobile devices. Even though I have a smart phone, I still prefer to use my lap top computer for just about everything. I will say that I support the mobile movement and that is because I embrace change and new technology. It's the only way progress is made.
Debra
When it comes to BYOD policies, it's what employees do with their personal time that should worry you. From possibly downloading virus-ridden games to backing up everythingincluding your latest confidential financial reportto a public cloud, the choices employees make with their devices when they aren't working can have serious security implications for employers. I could imagine a scenario where a new hire doesn't know any better and compromises your network.
Dale
I heard that BYOD Security Issues will be a major point of emphasis to be examined at gartner security & risk management summit 2013 in August in Sydney, Australia and then again in September in London. This shows you that this is the hot topic that is being explored and scrutinized in the major IT circles. I will be looking to see if I can catch video excerpts online from this summit.
Dale
Security challenges have definitely grown in scale and scope with the variety of devices like iPads, smartphones, and laptops that people want to use to connect to their network. Hackers can gain access to smartphones through low-security applications like social media and personal e-mail. Once hackers attack, they can breach the company network through linked applications, such as a company e-mail account. A skilled hacker can then access, extract, or even erase the company's sensitive data.
Ronnie
Saying yes to BYOD as smartphones and tablets proliferate on your network means you need to be able to say "Yes to the benefits of such devices without compromising your security. There is tech out there such as Fortinet that lets you securely take advantage of this new generation devices without exposing your data, users, or network to additional threats or disrupting your existing security infrastructure.
Terry
It's so different that IT departments are grasping for any standard or proven approaches that make bring your own device access of enterprise resources both secure and reliable. What we're seeing now that's a little bit different is increasingly those BYOD mobile workers like the ease of use and the speed at which they can get to their email and their calendar apps with their own mobile devices.
Teresa
I think there are a lot more risks than there are rewards to this whole thing and I am sure that others feel the same way. You have put together a great article here and the more I learn about this the more I like the idea myself. I will have to see if this is something that the company will go for because I know the security risks involved and it isn't that bad.