Bring your own device – is it good idea?

Bring your own device, better known in the world of IT as BYOD, is becoming hugely popular. With the advancement of mobile technology and cloud architecture, work trends are changing with employee’s now working longer hours away from a centralised office. Many employees are now using their personal devices for work purposes and many people have already set up email, synchronised data stores and other methods of retrieving work data remotely in order to keep on top of their growing work commitments and pressure. A vast majority of employers have welcomed this trend as it means greater productivity and lower investment costs in terms of purchasing technology etc. This has given birth to the idea coined as BYOD.

Some of the Benefits of BYOD

From an employee’s point of view they don’t need to carry around multiple devices for work and personal use and the device they use will be one which they are comfortable using and familiar with.
The employer benefits not only from cost saving but many other benefits as well. Employee’s personal devices tend to be higher spec’d and more cutting edge than that provided by many organisations and they tend to upgrade their devices a lot more often than most organisations. This means that the company can benefit by using the feature of newer technology without having to undergo the cost and hassle of a mass refresh.

Some of the Drawbacks/Risks of BYOD

There are risks associated with undertaking BYOD or allowing users to use mobile devices to access data via sync tools, these are often over looked by employers and employees alike. Below are some of the things you should take into consideration if you choose to introduce this way of working into your organisation.

Scenario

One of your employees brings in his tablet device and proceeds to set up his email and uses a data synchronisation tool to map to all folders on your file server. The user may not want the hassle of typing in password every time he syncs files or accesses email and so saves his passwords to his system. Now let’s look at the risks which are associated with this user’s device.

  1. If the employee’s machine lacks adequate security, this could spread viruses throughout your organisation and if the device is hacked from outside the organisation the hacker may be able to gain access to all your company’s sensitive data.
  2. If the employee’s machine is stolen, this could pose a threat as the thief could have access to email, contacts, and company data which is being synced. Most criminals are more interested in the device rather than data, however should they decide to clear the data, when the device next syncs with your file server all your data could disappear.

The main concerns here are security and data handling. Some of these risks can be mitigated by the use of a good mobile device management (MDM) software which applies security policies and software to the device. The only problem with this is that the MDM solution needs to be easy to install or the employees won’t install it, they may also not be willing to have their personal devices locked down.

Devices issued by an organisation will usually come with company policies and will be secured against malicious attacks to the company network. MDM programs can and in many instances are used to wipe data from devices when employees leave the organisation or in the event a device is stolen to prevent data leaks etc.

With BYOD, most remote wipe features cannot be used as this will delete all the data held on the devices itself including any personal pictures, emails and information. This opens up the debate over who actually owns the data on the devices and what rights the employer and employee has to this data. There are a few MDM solutions which will allow you to distinguish between work and personal data and thus allow you to delete only corporate information however this is not the norm so you really need to look into whether your management software provides this feature or not.

As the device is also used for personal use this can open doors to a lot of malware and viruses alike, especially if the employee decides to jail break or root their device. So again a MDM solution which stops hacked phones, laptops and other mobile devices connecting to your network is a must.

Moving away from security another thing to consider is support in the event of failure. If a employee is using a device supplied by an organisation and the device fails, your IT support would have a support tool in place to enable them to troubleshoot and in some cases they would provide a replacement machine to keep the user working. With BYOD if the employees device fails it is usually down to the user to get it repaired and even if the support wanted to help they may not have the parts, software or the correct hardware to rectify the issue, this usually results in a lot of down time.

Conclusion

From a support perspective many IT companies advise against BYOD, for the reasons above. BYOD can however work well but a lot of investment needs to be made in terms of management of these devices, acceptable use policies and HR policies.

Procedures should be put in place outlining what happens when an employee leaves the company, providing details of how data will be retrieved from the device. Even with policies and procedures in place BYOD can be a nightmare to manage, and it might be worth considering restricting the types, makes, models of devices used and set rigid security policies which protects against compromised system being connected to your network. In my opinion BYOD is great idea in theory but in practice can be a disaster waiting to happen from both an employer and employee’s perspective if not managed effectively.

Tags:

Comments are closed.