How Enterprise Companies are Managing the BYOD Trend

By

Everyone loves BYOD—Bring Your Own Device, right? Well, maybe everyone but your IT department.

BYOD makes employees more productive with “anytime, anywhere” access to their enterprise networks. BYOD also saves many companies money, since employees purchase their own devices, eliminating that expense from the corporate bottom line. As an employee, BYOD provides freedom of choice, allowing you to use the mobile device of your choice, rather than one selected for you by the IT department.

But BYOD takes security concerns to a heightened level, and adds a whole new dimension to IT management, administration, control and associated costs. BYOD can also lead to conflict between the employee’s ownership of his/her mobile device and the IT department’s natural tendency to want to “own” any device that will access their network.

The BYOD movement is one that businesses must address, if not wholly embrace. A recent TechRepublic survey cited in ZDNet showed 44.1% of businesses currently allow BYOD and another 18.2% plan to do so in 2013. From a Forrester Research study (Understand the State of Data Security and Privacy: 2012 – 2013) cited in SecurityWeek, 31% of security breaches were caused by loss/theft of a company asset and 27% by inadvertent misuse by an employee—both surpassing external attacks.

So how should you manage BYOD? We’ve come up with a few tips for developing BYOD strategies, policies and implementation plans.

    • Create a Clear and Concise BYOD Policy and Guidelines.

      You probably already have an Acceptable Use Policy (AUP) for computer and network usage. Referencing your AUP when creating your BYOD policy will be helpful. Clearly specify BYOD functions and applications users can access, as well as acceptable behaviors. And, of course, make sure your legal team has blessed the final draft.

    • Educate your employees regarding BYOD policies.

      Once your policy is implemented, educate users on its importance, with emphasis on compliance. Many non-technical users are simply unaware of the potential network and data security risks that rogue devices and applications may bring. Remember, as an employer you are benefitting from the device your employee purchased and brought with them to work.   Now is not the time to dictate. Educate and encourage.

    • Enforce your BYOD policies, but make compliance easy.

      Clearly articulate the consequences of policy violations and enforce them. At the same time, don’t create barriers that make compliance difficult. Remember—many times, users are just trying to get work done, even if it means using unauthorized workarounds.

    • Ease into implementing your BYOD policy.

      Identify and prioritize BYOD usage and access by employee function, resource and application needs. Then phase in BYOD practices, allowing for a smooth transition and ensuring your network, systems and applications function in the mobile environment.  

    • Control device and platform selections.

      With so many different devices and platforms, it’s impractical to support all the various options. Identify standard, acceptable platforms and the various devices you’ll allow and support.

    • Secure and protect your data.  

      Above all, secure and protect your data. Mobile device management (MDM) solutions, either on-premise, offered as a cloud-based software as a service (SaaS) solution, or as a component in a larger enterprise mobile management (EMM) solution, enables IT and service providers to configure, secure, monitor and wipe content from smartphones and tablets. Since this is a device owned by your employee, stay targeted in your efforts. Focus on solutions that protect the organization’s data without being too intrusive within the employee’s device.

If you’re planning to implement a BYOD program, talk to us at Windstream. BYOD is an important issue that our data center and network security experts factor into our managed network security solutions.     

What are your experiences with BYOD? Have you encountered a security issue you can attribute to BYOD users? What other measures are you taking to manage BYOD? Share them with us and post your comments below.

BYOD—it gives “leave them to their own devices” a whole new meaning, doesn’t it?