Is the practice of bringing your own device to work a perk or a setback?
We’re creatures of comfort and habit – so it was only a matter of time until we decided to bring our favourite mobile device from home to work. Besides who wants to be the proverbial bad workman when we can use a tool that we’re familiar with? As a result, the culture of “Bring Your Own Device” (BYOD) was born.
Roughly translated, employees are allowed to bring their personal devices (tablets, smartphones, laptops) to work and use them as an office equipment. The ease of working from anywhere, anytime using your mobile device is definitely convenient and to a large extent increases efficiency amongst employees.
Throw in the consumerization of IT (where more and more office tools and apps are interchangeably used for both work and leisure) into the mix and you’ll start to see the appeal of BYOD. But there are some aspects of this culture that both employees and employers should be aware of.
The Diminishing Security Line
20 years ago, companies were able to pinpoint exactly where their network started and where it ended but the same can’t be said at present. Employees can plug in and out of their company network from virtually anywhere. This obviously increases the risk of loss of data because employers find it difficult to identify what are the systems or data that is being accessed by devices as well as to whom the device belongs to.
But what makes things a little more difficult is that you as an employer can decide to not sanction BYOD but your employees can still find a way around it.
A Win-Win Agreement
So if you can’t beat them, what are the security measures employers need to implement to stop or limit potential loss and abuse of data?
The Security for Business Innovation Council recommends employers to create a BYOD agreement with their employees that protects the rights of both the end user and the company prior to allowing access to the company network via the employee’s mobile device. Some of the points they suggested to incorporate into the agreement includes:
- Reporting and providing full details immediately if the mobile device is lost.
- Granting the company full access to monitor and wipe the device and to not hold the company liable if the data is wiped off accidentally.
- Establishing that end users are solely responsible for backing up any personal data.
- Requiring the use of a corporate account to store corporate data in the cloud.
- Laying out clear responsibilities of company and employees in terms of device maintenance, support and costs.
- Requiring employees to remove apps when requested to by company
- Denying access to company network if the a blacklisted app is installed or if the device is jailbroken or rooted.
- Listing out consequences of violation
Network security company, Tenable in its BYOD and Mobile Security: 2016 Spotlight Report Results listed the top three tools in managing mobile device security as mobile device management (43%), endpoint security tools (28%), Network Access Controls (27% ).
Now if you’re an employee, you would have backtracked a little at the “full access to monitor and wipe the device” part. To not just give someone access to our mobile device but also the power to completely wipe out the data that’s on it is downright unnerving simply because of how much we rely on our devices and the data stored within it.
In reality, employees are already sharing a large amount of personal data with their companies (human resource) – so is it then merely a matter of applying the same level of trust placed in the employer into protecting the data that’s on the mobile device? This is somewhat subjective and depends on the user’s view on data access. The solution to concerns regarding potential loss of personal data, given the vast availability of cloud storage tools, lies in regularly backing up the data on a mobile device.
Try as they may to draw a security perimeter, if employers were to go that extra mile to implement strict access to data, it will make the entire workflow process rigid and thus inhibiting the user experience. And with more apps coming into existence, the implementation of BYOD is the sensible way forward.
Small to larger organizations have in the last five years made a leap to use suite of apps such as Google Apps. This move allows employees to manage their inbox, edit documents real time from different locations with their colleagues schedule meetings and locate information from anywhere outside their cubicle. Tenable also reported that apart from using mobile devices to access apps such as email, calendar and contact management, 45% of the respondents said they use it to access and edit documents, 43% to access intranets, and 28% to access Software as a Service apps such as Salesforce.com.
The flexibility in choosing a device the employee is comfortable with as well as the lowered cost of investing and supporting equipments on the employer’s part are just some of the reasons why companies are jumping aboard the BYOD ship. And a recent survey with 206 professionals from around the world by Tech Pro Research found that 72% of organizations surveyed were permitting BYOD or are planning to do so.
Apart from the security factor which can trouble the minds of both the employer and employee, the BYOD culture is actually a great practice. It is up to the employer to implement and constantly educate its employees on how best to practice and safeguard its data as well as predict controls and settings in a manner that does not inhibit the efficiency that BYOD brings.
Written by Ruba Nackreeran, Corporate Communications and Legal Manager at Lava Protocols.
Article first appeared in The Malay Mail.
Lava is an authorised Cloud Partner of Google and is a reseller of G Suite (previously known as Google Apps, Google Maps for Work, and Google Cloud Platform) in Malaysia. With more than a decade of experience in the industry, we’re proud to say we’re one of the leading cloud consultants and service providers in the Asia Pacific region.