Subscribe

BYOD: benefits vs risks

Companies can mitigate risks by adopting security policies and solutions to ensure the safety of their data.

Kameshwar Rao Sorda
By Kameshwar Rao Sorda, solutions director at Huawei Enterprise Business Group of Eastern and Southern Africa.
Johannesburg, 17 Feb 2015

The evolution of the workplace has resulted in a move towards mobility and a reconstruction of the office space. Growing trends reveal a shift away from conventional work practices, with employees working flexible hours while using their own personal devices.

Companies constantly scout the markets in search of new policies and technologies that will increase productivity, as this translates to increased revenue. Technology and ICT infrastructure make up a large portion of any business expense, and thus employers welcome the opportunity to minimise costs. The bring your own device (BYOD) phenomenon introduces multiple changes in the working styles of employees. It also brings additional profit to the company, but has the potential to prove a nightmare for IT managers if not managed correctly.

The BYOD trend appears to be the best solution for both employers and employees. Using their own devices, employees can send and receive enterprise e-mails, access enterprise resources, and handle business anywhere, at any time. Employees can work remotely on a device they are comfortable with and companies don't have the added expense of purchasing devices for their workers.

Generally, workers have free rein on selecting their preferred device as the device is purchased primarily for personal usage. Some companies do, however, have a prescribed list of devices based on the enterprise's business equipment and applications. By having a list of pre-approved devices, enterprises are able to exercise some level of control. The pre-approved list also assists in the selection of the appropriate BYOD security solutions.

Open door policy

The convenience created by BYOD also opens the door to myriad security risks. Apart from being responsible for personal data, the user now has the responsibility of safeguarding enterprise data stored on the device. Enterprises face the threat posed by malicious viruses and hackers which may result in information leakage. In the event that the employee loses the device, information may fall into the wrong hands, posing a threat to the enterprise.

To mitigate the security risks associated with BYOD, enterprises can adopt security policies and solutions to ensure the safety of their data. Functional mobile device management (MDM) products can be put in place to monitor and manage the devices. This can be used to lock down, control, encrypt and enforce policies on mobile devices.

MDM restricts unauthorised devices from connecting to enterprise e-mail servers. The employment of VPN in conjunction with MDM contributes to the provision of a secure connection from mobile devices to the enterprise servers, while mobile application management (MAM) ensures secure file sharing. This may raise concerns that it will detract from the personal user experience of the device; however, MAM also ensures employees that employers do not have access to their personal data, although enterprise has some level of control over the mobile device and applications installed. Security solutions are not only designed around the protection of the enterprise, as vendors have created solutions that also ensure the employee's personal data is protected.

Wiping the slate clean

Enterprises are able to lock down, control and secure applications specific to their data. Vendors on the market provide data security, terminal security and pipe (connectivity) security. If an employee reports a device missing or leaves his/her place of work, enterprises have the option of remotely wiping the device and removing all data associated with the company, as well as locking the device completely. IT managers need to ensure checks are placed on: unauthorised applications, unauthorised network access, unsecure file transferring and unsecured work device sharing.

[BYOD] has the potential to prove a nightmare for IT managers if not managed correctly.

Device management applications need to be used in conjunction with written policies outlining the responsibilities of both parties. The enterprise is responsible for drafting a written policy outlining the responsibilities of both the employer and the users. The policy would also outline any restrictions on the downloading of applications that may access data stored on the device.

Seventy-two percent of organisations in Asia-Pacific said the majority of their employees use personal computing devices in the workplace, with the global trend being 61%. There has been a significant uptake of the BYOD trend in Africa, and more specifically, in SA. The next five years will see a change in the application side of BYOD. The world will see more developments in enterprise mobile business apps: enhancements will be made in mobile security apps, MDM and MAM.

Companies in SA are now starting to realise the benefits of employees bringing their own devices to work. This is also due to the fact that vendors have addressed the fears associated with BYOD, by implementing security solutions that protect both parties involved. There is, however, still a lack of knowledge around BYOD solutions. In spite of all these obstacles, the trend is set to grow in the African market.

Share