BYOD (Bring Your Own Device) refers to employees using their own devices including phones, tablets, and laptops to connect to the office network and perform their official duties. BYOD is the preferred policy of many employers these days, for several good reasons.
The upsides of BYOD
1. Employee Satisfaction
Studies have shown that many employees view a BYOD policy as a perk. They view any curbs on them as an intrusion and prefer to use their own devices at work.
2. Improved Productivity
Working on familiar devices, using familiar software is conducive to greater productivity on the part of the employees, as they don’t have to undergo the learning curve of adapting to the employer-supplied devices.
3. Cost Savings
Employers save on the cost of procuring, installing, and maintaining end-points.
BYOD is an essential policy for employers today, however, it comes with its risks and caveats. Let us look at some of them below:
BYOD Risks and Caveats
1. Risk of Data Leakage- BYOD can lead to data leakage, either with or without malicious intent on part of the employees. Most of the time, employees transfer company data out to their personal email or device in order to be able to access it later, offline. Sometimes, they like to store it on public cloud services like Dropbox or Google Drive. In both cases, the IT department loses control of the data once it has left the system. This kind of data leakage can compromise the business, and if the data pertains to the company’s customers, it can lead to costly lawsuits and erosion of customer trust in case of an untoward incident.
2. Lost Devices- If an employee loses his or her device, it might be catastrophic, as anyone who finds the device can have access to the company’s sensitive information as well as applications like Email.
3. Infiltration of Hackers and Malware- Gaining access to an employee’s BYOD device, either physically or through compromised public networks can mean easy access for hackers. The problem is compounded if the employee is lax in installing the proper security patches and mechanisms. Once they gain access to the company’s network, hackers can literally wreak havoc, using malware like ransomware. Ransomware attacks can cripple the business and take weeks to recover from.
4. Unrestricted access- Employee owned devices allow them to access content that would have been otherwise restricted by the organization’s security policies. This can lead to viruses and other malware being downloaded inadvertently on to the device. It is possible that the device has been rooted or jail broken, which means the normal security mechanisms that are part of the device are also bypassed.
With the knowledge of risks that BYOD brings in, let us look at the ways in which companies can address, prevent and mitigate these risks. Let us understand how can they implement BYOD, without disrupting the security mechanisms and policies of the organization.
Making BYOD Secure
1. Awareness- A study by Ovum, has pointed out that many employers are not aware of employees bringing their own devices to work, or they choose to ignore it. So, any attempt to make BYOD secure must start with recognizing and listing each and every device that is being used in some way or the other, to access work related information.
2. Mobility Management- There are several enterprise mobility management solutions available that enable safer BYOD programs. These include the creation of virtual environments, data classification, virtual container approaches, device integrity scanning solutions, encryption, and so on. Enterprise Mobility Management solutions come in the form of MDM- Mobile Device Management and MAM – Mobile Application Management. These provide ‘sandboxing’ mechanisms to separate out the personal and enterprise applications and data. The enterprise’s data is encrypted and strong authentication mechanisms are installed to make access to the company’s network secure. MDM also allows for the device to be securely remote-wiped in case the device should be lost.
3. Policy and Process (Communication and Compliance)- The organization must make sure that the BYOD policy is clearly and repeatedly communicated to its employees. There must be checks to ensure that they buy into it and are committed to adhere to the policy and process.
4. Profiling and Tailored Security- Often, BYOD security mechanisms are not a one-size-fits-all. There are systems that allow tailored security policies based on a user’s profile, and use of these can ensure higher compliance as well as risk-based mobility management.
5. Use of Cloud Servers and Storage- This is one of the most important aspects of ensuring BYOD security. Most often, employees bypass the organization’s security policies in their quest to have data easily accessible to them, even when offline from the company’s network. They often mail company documents to their personal mail IDs, or store it on public cloud services like Dropbox or Google Drive. The real issue here is convenience. An organization can plug this loophole by offering private cloud server storage to its employees, whereby they can get fast and convenient access to their documents across all their authorized devices, so that they are not tempted to share it on public storage or email.
BYOD has been recognized by employers as an essential part of modern lifestyle that brings in many benefits like employee satisfaction and reduced cost. Like everything else, it has its own attendant risks but by the use of carefully tailored security policies and Enterprise Mobility Management Solutions, the risks of BYOD can be minimized, if not altogether eliminated.