Navigating BYOD – Is it possible to manage the risk of organizational data on employee-owned hardware?

By IAITAM

BYOD is the buzz acronym surrounding mobile device planning. Everyone is scrambling to ensure their organization is ready for employee owned devices. Why: Because the opportunities for increased access and employee expectations are driving the adoption of a diverse portfolio of mobile devices. Organizations have not been proactive in the management of their IT assets but are leaping at the chance to limit the costs for the mobile device invasion. Ready or not, mobile devices will take over the organization in the next few years. Organizations will utilize more and more mobile devices in their business operations. Regardless of your BYOD plans, becoming familiar with the future of mobile devices from an organization and C level management perspective is a necessary step. You need to acquire knowledge about the issues and consider the solutions in order to create a strategic plan for absorbing this change into the IT Asset Management program.

The Bring-Your-Own-Device (BYOD) trend has been growing for a few years. It is commonly referred to as the Consumerization of IT. There are real benefits and risks associated with BYOD and consumerization within your organization. These issues need to be considered and re-evaluated frequently as technology features are added for the business marketplace.

A 2012 whitepaper by Checkpoint Software Solutions outlines the results of a five-country survey including the following:

  • Extensive use of mobile devices connecting to corporate networks
    • 89% have mobile devices such as smartphones or tablets connecting to corporate networks
    • Apple iOS is the most common mobile platform used to connect in corporate environments
  • Personal mobile devices that connect to corporate networks are extensive and growing
    • 65% allow personal devices to connect to corporate networks
    • 78% say there are more than twice as many personal devices connecting to corporate networks now than compared to two years ago
  • Security risks are on the rise because of mobile devices
    • 71% say mobile devices have contributed to increased security incidents
    • The Android mobile platform is considered to introduce the greatest security risks
  • Employee behavior impacts security of mobile data
    • 47% report customer data is stored on mobile devices
    • Lack of employee awareness about security policies ranked as having the greatest impact on the security of mobile data
    • 72% say careless employees are a greater security threat than hackers

The results confirm that the mobile device adoption including BYOD programs is exploding despite the harm to your organization’s data that can (and does) occur.. An interesting point is that it isn’t theft of information, hackers, or competitors trying to steal trade secrets, but the employees themselves who create the risk in a BYOD environment.

Ultimately, this is a risk that can only be mitigated through secure technology protocols that are incorporated into the ITAM program with proper education, training, policies and enforcement. Changing your mobile device policies and processes and considering a BYOD program is something you need to be prepared to execute on and soon.

There is movement already in the mobile device hardware and software industries to address organizational needs. Solutions for data security on mobile devices are the next step. For instance a program called Toggle and will soon launch its 2.0 version. It is a service provided by AT&T (IAITAM is a vendor neutral organization) that allows a partitioning of the internal memory on a mobile device. This partitioning allows for work data and personal data to be effectively separated on each device with security controls and data risk mitigation abilities residing within the internal IT infrastructure of the organization. Mobile deletion, access through the cloud, encryption, network security protocols, etc. are all part of programs like Toggle. The differences will be in what platforms the new solutions will be able to support. Toggle’s 2.0 launch will support iOS devices in addition to the current support for Android. The complexity of a new and burgeoning market space is that there are few standards to help create common solutions across platforms. These solutions will be specific to specific platforms and build out their solution set product by product. In the plan announced for Toggle, integration for Blackberry and other RIM devices is highlighted. A BYOD program is a choice each organization has to make. Do your due diligence and educate yourself on the risks and rewards of BYOD. It has the potential to increase employee productivity exponentially, but also leave organizational information on mobile assets that can be lost, stolen, or used improperly. Even with a BYOD program, significant investment in structure to manage these devices will be necessary.

References:

http://www.checkpoint.com/downloads/products/check-point-mobile-security-survey-report.pdf

http://www.computerworld.com/s/article/9228100/AT_amp_T_39_s_Toggle_BYOD_service_lets_users_shift_work_phone_use_to_a_separate_plan

About the Author

The International Association of IT Asset Managers (IAITAM) is the largest organization providing education, certification and thought leadership to the management of IT as a business. IT Asset Management is the management of hardware, software, mobile and other technology to maximize the value to the organization.