IT departments may not like it, and some companies may not be ready for it, but one thing is certain: Bring your own device (BYOD) has become a critical component for many businesses.
In this article, I've compiled a list of challenges involved in securing personal device access to internal systems, and five best practices for building BYOD security.
Two main challenges for BYOD
New devices and capabilities provided by software-as-a-service (SaaS) offerings help to empower employees and lead to more productive working environments. It has been reported that BYOD has become standard practice in the modern workplace, with a 60 percent adoption rate among companies, and an additional 14 percent of companies currently in the process of planning BYOD initiatives.
Giving workers access to mobile applications such as email, browser, document management and remote desktop access are just a few benefits that organizations recognize. But transforming organizations for BYOD success brings two main challenges:
1. Fragmentation and complexity
The greatest challenge to widespread BYOD adoption is security, followed closely by compliance issues. Security is not a fear that can be ignored; the use of enterprise apps on employee-owned mobile devices could lead to data leakage and connectivity issues. Security is further compounded by the fragmentation of the mobile operating system market. The release cycle of new versions of operating systems is measured in months instead of the average three-year refresh cycle of Windows in a desktop PC. This pace of change and the fragmented market complicate things for an IT department looking to establish a consistent standard for security and support without being prescriptive about what devices an employee can bring to work. Even though all the major device manufacturers have optional encryption across smart devices, there is still doubt over managing BYOD.
2. Uneven adoption of policy
A secondary challenge is a lack of a BYOD policy. According to a survey conducted by Software Advice, a Gartner company, only 39 percent of organizations have a formal BYOD policy, and another 20 percent of respondents aren't sure whether their organization has a policy or not. But as Software Advice notes, "employees will find a way to use their own devices, no matter what."
Struggling with BYOD? There's a better way
Despite these challenges, BYOD is still flourishing, with estimates from Gartner suggesting that half of all employees will be using their own devices by 2017. For organizations still struggling with BYOD, the following best practice guidelines can help pave the way:
1. Build a BYOD policy
Organizations need to build a sensible BYOD usage, management, and security policy that can be enforced and meets the needs and expectations of end users. A BYOD policy must comply with any key industry requirements, meet employees' application and business process needs, and be backed up by enforcement and management tools.
2. Manage your EMM
Enterprise mobility management (EMM) is one of the biggest components of a BYOD solution. It helps keep corporate data secure. However, not all EMM solutions are equal. Best practice would suggest enterprises have an EMM in place that supports the widest range of devices and places the least amount of restriction on the user so as not to impact their experience.
3. Be flexible
Organizations thinking about adopting a BYOD program should consider technologies that are open and able to support the widest ecosystem of applications. Organizations should also make sure that end users are given access to applications that are easy to use and promote productivity.
4. Do your research
Both users and technical teams need help in understanding the BYOD transformation. Having a sensible and enforceable BYOD policy backed up by strong EMM tools is only half the battle. According to a CompTIA study, more than half of security breaches are the result of human error, which makes it even more important for enterprises to seek the information needed for a successful BYOD transformation.
5. Wake up!
BYOD is here to stay, even if it’s not officially endorsed. In many organizations, this will start at the top, with senior executives demanding access from tablets and smartphones. For IT departments facing the challenge without support, concerns around security need to be raised to encourage senior executives to accept that the enterprise needs to secure devices against potential data loss and compliance breaches.
Been there, done that on BYOD? Share your best practices in the comments section below.
Keep learning
Learn from your SecOps peers with TechBeacon's State of SecOps 2021 Guide. Plus: Download the CyberRes 2021 State of Security Operations.
Get a handle on SecOps tooling with TechBeacon's Guide, which includes the GigaOm Radar for SIEM.
The future is security as code. Find out how DevSecOps gets you there with TechBeacon's Guide. Plus: See the SANS DevSecOps survey report for key insights for practitioners.
Get up to speed on cyber resilience with TechBeacon's Guide. Plus: Take the Cyber Resilience Assessment.
Put it all into action with TechBeacon's Guide to a Modern Security Operations Center.
