Like it or not, IT has become consumerized. “BYOD” is a phrase that refers to employees who bring their own computing devices (i.e., smartphones, laptops, tablets) to the workplace for use and connectivity on the corporate network. BYOD is happening—and fast. An article on Search Security cites rates of adoption reaching 40 percent to 75 percent, driven largely by consumer smartphones and tablets. The article’s lead describes the risk/benefit of BYOD:
Mobile devices come in all shapes and sizes, from smartphones, notebooks, and tablets, to the new-breed hybrid convertibles and detachables that made headlines at the Consumer Electronics Show 2013. While mobility boosts enterprise employee efficiency by delivering “anywhere access” to business data and systems, it obliterates what’s left of the increasingly ineffective corporate network perimeter. Many security managers have already discovered the disconcerting implications: less control than ever over enterprise data access from a myriad of consumer devices—including a groundswell of BYODs—and more difficulty determining which devices are accessing which systems and data.
The article quotes Anthony Peters, director of information technology at Burr Pilger Mayer Inc., a financial services firm headquartered in San Francisco, on the development. Peters notes his tidy, policy-driven corporate BlackBerry world was shattered several years ago by the Apple iPhone craze. “Today, we’re almost entirely BYOD,” Peters said. “We allow iPhone 3GS and above, Windows Mobile, and Android.”
The Security for Business Innovation Council recommends a BYOD Agreement Checklist for those organizations embracing the practice:
- Ensure that end users are responsible for backing up personal data.
- Clarify lines of responsibility for device maintenance, support, and costs.
- Require employees to remove apps at the request of the organization.
- Disable access to the network if a blacklisted app is installed or if the device has been jail-broken.
- Specify the consequences for any violations to the policy.
On another front, a recent USA Today article focuses on the significant productivity gains enabled by BYOD, with studies showing that mobile users taking advantage of productivity apps save 88 minutes a day—22 days a year—by doing so. It cites a new line of BYOD products that has emerged to address the attendant security issue:
Those products are designed to protect personal devices without penetrating the user privacy, by "splitting" the device in two partitions: one for personal use and the other for business use. The organization gets a full control over the business part, while the employee gets to do whatever he wants with his private partition.
Until those tools become commonplace, the article offers tips for safe use of BYOD:
- Use a passcode to screen-lock devices.
- Install antivirus or mobile security applications.
- Set a password for voicemail.
- Turn off WiFi and apps that use location services and Bluetooth when not using them.
- Avoid using hotspots whenever possible.
The author concludes: “Businesses should establish guidelines about who gets to use mobile devices to access corporate information, and what they can do with it—and couple this policy with accountability and enforcement. Use of a Mobile Device Management (MDM) solution enables remote device tracking and wipes off data on lost or stolen devices. Companies should use enterprise-grade mobile apps and keep security patches updated.”
Posted by the Epicor Social Media Team