BYOD stands for Bring Your Own Device. This applies to education and work areas in general but more specifically to work where employees may bring their own mobile devices such as laptops, smartphones and tablets and connect with the company’s network. Traditionally companies chose and supplied the devices, having full control over hardware and the operating system and thus being able to control security among other features.
Mobile devices such as smartphones and tablets have become sophisticated and affordable, leading the trend of employees preferring to bring their own devices to work and IT departments putting in place policies and measures to permit employees to use personal mobile devices to access company systems and data. IT departments may permit unlimited access, access to only non-sensitive systems and data, access with IT control over apps and stored data or access without permission to store data on personal devices.
Since an employee is more familiar with his personal mobile device they can be more productive. People tend to use the latest devices with the best hardware configuration and this powers productivity. Then there is the matter of employees preferring to use their own devices and gaining greater satisfaction. Convenience is another issue. In a BYOD scheme, employees need not carry around multiple devices and this also saves a huge amount for the company since the employee bears the cost of the device as well as data services. A BYOD policy is also favorable as it induces potential employees to join a company.
However, convenience is not without its share of headaches for organizations. If a BYOD policy is in place it needs prior cost benefit analysis and determination of who will have access and to what extent in a defined policy. For each group there needs to be a security policy in place. Organizations also need to manage security and access across a variety of devices with a variety of operating systems and this imposes a heavy burden. Users need to be educated about risks and the importance of safeguarding devices while organizations need to offer full support for all devices and OS. These needs have led to development of apps that keep company data and private data channels separate, with company having full control over data access, storage and usage. Organizations typically have the power to access remotely and wipe data in case the mobile device is lost or the employee leaves the job.
While more organizations are permitting employees to bring their own mobile devices, they have not seriously given thought to risk management and security policies. Some organizations allow partial access to specific high level staff. Where data is shared via public clouds, there is a higher risk of data insecurity. Another risk is that of employees leaving a company and carrying sensitive data with them. If an organization does not have remote access to remove data in such cases, it is at risk. Then again sales staff who leave the company could be contacted by the company’s clients, a potential risk. A common complaint is that of employees losing or misplacing their mobile devices which could have security risks. Another factor is that a user may choose to upgrade to another mobile device by trading it in and if he has stored data, there is an element of risk. Since employees may use devices with varied operating systems such as iOS, Android, Blackberry and Windows, an organization has to put in extra efforts towards security and towards making sure that all apps work seamlessly regardless of the platform. Employees tend to use USB drives to store data, a potential entry point for malware and for hackers to gain entry.
Whether it is enterprise level implementation, healthcare, utility or education, the bring your own device policy offers plenty of benefits to both sides but with inherent risks that need to be addressed with better safeguards and security policies as well as user education.
Image courtesy of basketman at FreeDigitalPhotos.net