Bring Your Own Device (BYOD) is very much a growing topic of conversation and practical reality in many organizations today.
It used to be the sole responsibility of the IT Department to define and issue the standardized technology devices for each employee, be that a laptop, PC or smart phone. But with the increasing consumerization of technology, those same employees now expect to have the same devices and capabilities that they use in their personal lives at work. Employees are now driving the decisions and timeframes for technology – as opposed to waiting on the IT department.
This trend has both positive and negatives for the organization and employees that you should be aware of when considering a move to BYOD.
One of the many sighted benefits to the employer is the shift of expenses and capital outlay from the organization to the employee. The employee tends to purchase a more powerful and capable device than the organization would otherwise have issued them. Furthermore, with the high frequency in new hardware versions being released by the manufacturers, employees tend in general to upgrade more frequently too.
As for benefits to the employee, they now get to use the device of their choice as opposed to the standard issue company laptop and phone, their morale is understandably increased and as a result productivity is positively impacted. Layer in an employer subsidy for the monthly fees or data plan and the employee sees the additional benefits of utilizing their own device.
However that same flexibility results in an increase in the number of variations of devices to be supported, posing a daunting challenge for the help desk to make sure that not only are the end users kept up and running, but that each device type and configuration isn’t causing a security issue.
Indeed, compliance requirements such as SSAE16, PCI, HIPPA or PPI may exist for the organization that need to be adequately addressed in a BYOD policy. Whether it is through the system architecture, individual platform mechanisms or data protection policies, these standards need to be kept in mind and thought about well ahead of rolling out an initiative such as this.
With corporate data being accessed through a non-company device, the question of ownership and control needs to be addressed. With the loss of control it becomes harder for the organization to dictate what devices can be used for (such as social media, online shopping, etc.) and what rights the organization has to manage that device. Can they remote wipe or disable the device? And in that event what happens to the employee’s personal data? Sound policies addressing those and other security questions need to be developed and agreed upon prior to rolling out a BYOD approach.
Establishing these policies should not be a stuck point in implementing a BYOD environment. There are technical solutions such as desktop virtualization, unified Mobile Device Management (MDM) platforms and other such tools that can be used to ensure that, from a technical standpoint, the impact of a BYOD approach doesn’t introduce anymore security concerns than if the device was owned and managed by the organization.
In any event, whether you decide to formally adopt BYOD or not, you may inadvertently be supporting it already, so it would be worth spending some time considering the ideal approach for your organization.
If expectations are set clearly and the platform developed ahead of time there is no reason a BYOD plan can’t be beneficial and positive for both the employee and organization.