BYOD, otherwise known as Bring Your Own Device, is a policy used by many enterprises which allows employees to utilize their personal mobile devices to connect to the company network for business purposes. It’s often cheaper than providing company-supplied devices, and it’s more convenient for business professionals who don’t have to carry separate devices for work and personal use. However, BYOD is getting a lot of attention due to the security risks it creates. Here’s a look at the risks and benefits associated with BYOD.
Benefits of BYOD
Modern organizations are looking for the most efficient ways to streamline operations and boost productivity. BYOD is attractive because it offers cost savings over investing thousands of dollars-or more—in company-provided devices. This also eliminates the confusion and frustration that comes along with employees carrying multiple devices, which may even be identical—one for work and one for personal use.
In some cases, employers subsidize personal use of mobile devices, providing a monthly stipend or covering a portion of the costs associated with carrying a device and an adequate plan. Typically this subsidy is more affordable for enterprises than supplying devices and plans outright. However, a recent Trust in Technology survey conducted by TechNet found that one-third (33 percent) of businesses surveyed provide no subsidy at all. Overall, more than half (53 percent) of organizations condone BYOD, while 24 percent prohibit the use of personal devices for work purposes and 19 percent have no policy.
For enterprises, allowing employees to tap into the company network from their personal devices means enhanced communications for both with team collaborators and with customers. This also allows for the easing of cross-time-zone challenges faced in the global business marketplace.
Risks of BYOD
From a user standpoint, one of the primary concerns with BYOD is the privacy of their personal data. Many BYOD policies allow for some level of enterprise control over the devices used in the workplace, including access when necessary. The increased likelihood that personal information could be breached should the company network be compromised is also a concern.
However, it’s actually the lack of control that creates the biggest risk for enterprises. Legally, and ethically, employers can only exert so much control over a device that they haven’t provided. That means limitations on the restrictions that can be enforced, such as what sites and applications can be accessed by the device’s owner.
Other risks include lost or stolen devices, improperly secured devices which can be easily hacked and remotely accessed to expose sensitive information, and the use of applications which contain vulnerabilities which can lead to malware and other viruses infiltrating the company network and all connected devices.
Experts largely regard BYOD security practices as the best compromise in the BYOD dilemma. What is BYOD security? It’s a set of regulations, guidelines and policies that enable enterprises to capitalize on the benefits of BYOD while minimizing the associated risks.
Banning employees from accessing specific applications that are considered risky is one of the most common restrictions set forth in BYOD policies. The challenge with this is that restricting access to applications employees want to use could make them less willing to use their personal device in the workplace. Providing a company-wide mobile software application free for employees’ use is a viable way to create consistency across a variety of devices and exert necessary security precautions to protect enterprise data. To avoid the exposure of sensitive company information, guidelines and protocols should also be in place in the event a user’s device is lost or stolen. Other rules, such as requiring that devices be password-secured and locked when not in use, add a layer of protection.
If your organization is considering implementing a BYOD policy, a careful analysis of your needs, the risks and benefits associated with BYOD, and the security measures available is the first step in the decision-making process. With careful planning and proper security precautions, BYOD is a workable solution for many modern enterprises.
Fergal Glynn is the Director of software audit tools from Veracode, an award-winning application security company specializing in secure software supply chain and other security breaches with effective risk assessment tools like secure software supply chain toolkit.