The initial customers were individuals, not enterprises, and as they discovered the power of their new devices – sending and receiving emails, synchronising diaries and address books with their PCs, accessing websites – they saw great potential for using them in the workplace.
In many cases, the individuals leading the charge were senior executives not willing to be told that accessing the company’s email system or its Salesforce CRM system on devices outside of the workplace was against company policy. Thus, bring your own device – BYOD – was born.
Its growth has been rapid because organisations soon started to see the benefits: workers can be more productive on the move, they are more willing to do work outside normal hours and they feel more empowered, thanks to the ease of use of these designed-for-the-consumer devices. Organisations that have embraced BYOD have also been able to offload onto their employees some of the costs of ownership and operation of mobile devices.
However, there are hurdles to be overcome before an organisation can reap the full benefits of a BYOD policy.
Raise with IT people the idea of BYOD and most likely they’ll immediately conjure up a nightmare security scenario. The latest smartphones and tablets can replicate many of the functions of the corporate desktop PC but the security disciplines that are common in the PC world are nowhere near as common in the mobile world. These include installing antivirus tools, enforcing passwords, using two factor authentication, keeping regular backups and patching software to deal with vulnerabilities.
On top of all this, mobile devices are far easier to lose through carelessness or theft than a PC or even a laptop.
Software tools are available to deal with these problems, enabling sensitive data to be encrypted, the device to be locked remotely and, if necessary, all stored data to be wiped.
But, security is only one of the problems. Less well recognised and harder to manage are the ramifications that BYOD can have for the business as a whole. These are neatly summed up in guidelines produced for chief information officers by ISACA – a global organisation dealing with IT governance.
[breakoutbox][breakoutbox_title]Android malware on the rise[/breakoutbox_title][breakoutbox_excerpt]IT security vendor Trend Micro estimated in September 2012 that there were 175,000 potentially dangerous Android apps.[/breakoutbox_excerpt][breakoutbox_content]IT security vendor Trend Micro estimated in September 2012 that there were about 175,000 potentially dangerous Android apps, up from about 30,000 in June. Android has become a victim of its own openness. Apple’s tight control of the iOS ecosystem makes iOS much harder for malware writers to penetrate, so they go for the easier Android target.
Here’s what you can do to protect yourself:
- Install anti-virus software (currently on only about 20 per cent of Android phones).
- Verify the sources of apps before you install them. Check out the publisher’s website, examine their other apps and read app reviews.
- Check what permission the app is requesting. It will ask you to grant these before you install it. For example, if you can’t see any good reason for it to want your contact details, treat it with suspicion.
[/breakoutbox_content][/breakoutbox]
Embracing the strategy
According to ISACA, “Deploying mobile devices cannot be addressed solely as a technical activity. It affects the daily operations of the employees, the organisational information flow, and, as a result, the business processes of the enterprise from many perspectives.” Therefore, ISACA adds, a company’s BYOD strategy “must be supported by all levels of management”.
In fact, some industry insiders believe that the benefits of incorporating mobile devices deeply into a company’s business process will be so attractive that BYOD will prove to be a short-lived phenomenon.
Tim Fussell is the founder and managing director of Sydney-based company imei, which provides mobile device management services to enterprises. He predicts that, as organisations start to see the benefits of adopting mobile technology, they will swing back to corporate devices.
“There are many corporate benefits, some that can completely change the way people operate,” says Fussell. “Similarly, an app can surface overnight that can completely change the way a company operates.”
This trend towards company-owned mobile devices already has its own acronym: COPE – company owned, personally enabled. The argument for COPE is that, by owning the device, a company can have much greater control of device type, management software and access to corporate data, while satisfying employees’ wishes for a personal device.
Meeting the challenges
ISACA has just published a survey of its Australian members, with 33 per cent of respondents stating that their organisation had no security policy in place for BYOD and 34 per cent revealing they did not have remote wipe, password management or encryption in place for employees’ personal devices.
Similar assessments have been made by others. Earlier this year, the respected Forrester Research group evaluated BYOD and the challenges associated with it and concluded that “many organisations have a limited understanding of the real issues involved”.
Forrester says that BYOD reflects a major change in end users’ relationship with technology, that it requires a complete rethinking of information security and identity and access management, and that it will eventually spawn a new class of enterprise computing platform.
On a more positive note, Forrester says many organisations can successfully address the challenges, and its report sets out how to embrace BYOD successfully.
- Accept that BYOD is inevitable, even if (currently) limited to certain users or roles within the organisation
- Think beyond specific devices
- Re-evaluate the role and architecture of enterprise networks versus implementing bespoke solutions like mobile device management (MDM) software
- Take the end-to-end approach
- Actively seek easy-to-manage security solutions
- Source the most appropriate in-house or hosted BYOD security solution
- Consider the benefits of exposing business apps, not just email.
IT market research firm Gartner says MDM software must be able to manage and support all the applications on the device, keep them up to date, back them up and restore them. It must be able to capture location, usage and network information from the device and provide security functions, including authentication, encryption, remote lock and wipe, and antivirus.
[breakoutbox][breakoutbox_title]Easy ways to enhance smartphone security[/breakoutbox_title][breakoutbox_excerpt]Bluetooth leashing and Remote lock & wipe[/breakoutbox_excerpt][breakoutbox_content]Bluetooth leashing
The Zomm Wireless Leash is a handy device that you can attach to a key ring and that communicates with your phone via Bluetooth. If the two become separated, it will beep at you. It costs about $60.
An Android app, Bluetooth Leash (free or $0.99 for the pro version), will sound a warning if the phone and any Bluetooth device with which it is paired get too far apart, but it’s the phone that beeps. Bluetooth Tether, an app for iOS, will warn you if your iPhone and iPad become separated.
Remote lock and wipe
Several of the antivirus/security apps for Android smartphones come with this feature. As long as the phone is turned on and within network coverage, you can lock it and, if necessary, wipe all its data via a browser. Apple’s Find My iPhone does the same for iOS devices.[/breakoutbox_content][/breakoutbox]
Beyond BYOD: custom applications
Meanwhile, the market is changing fast. According to Richard Absalom, from IT consultancy and market research firm Ovum, there are now so many comprehensive MDM software tools available that they are a commodity item and the market is looking beyond them.
“We see vendors turning increasingly to mobile app management and mobile enterprise app platform services to help their customers get maximum business value,” he says.
These new services are designed to help a company develop and deploy mobile applications across multiple device types to specifically support the company’s business aims, as opposed to standard apps available from an app store.
If Absalom is right, companies that are more adventurous and advanced in their BYOD strategies will start to gain real competitive advantage from the BYOD phenomenon by deploying apps designed to increase their efficiency. And those companies that lag in the adoption of BYOD will be left behind.
