BYOD

Android L Keeps Business and Home Separate

Android L Keeps Business and Home Separate 150 150 Kerry Butters

When Android L arrives later this year, it may put an end to the days of carrying separate devices for work and leisure. The mobile platform now boasts the ability to separate data on a single handset or tablet.

How It’s Been Done, So Far:

Historically, there’ve been five ways to access your business and personal accounts without having to carry two phones:

1. Virtual Machines

Created by software your employer installs on your personal phone. Mobile Device Management (MDM) software like Microsoft’s System Centre can control settings on your phone, making sure your security set-up is safe for work.

Virtual machine software like VMware’s MVP permits a phone to maintain a separate business environment with its own apps and settings, distinct from personal data. A phone within a phone.

2. Remote Desktops

Similar to a virtual machine, there are apps (e.g. LogMeIn Ignition on Android) that let a smartphone have access to a Mac or PC. You can see and control programs running on the faraway computer.

3. Proxy Accounts

With forwarding and filters, you can automatically forward messages from your work email to a specific folder or label in your personal account.

This can also be done on calendars, and even with Google Voice to forward calls from one of your phone numbers to another.

4. Multiple Accounts

Android phones don’t provide multiple profiles, but they do allow syncing with multiple Google accounts. The Calendar app uses this to display multiple calendars, on the same screen. Gmail does something similar, but keeps data from accounts separate, allowing you to switch between them.

5. Multiple Apps

This is common for email, where you might use Gmail or Yahoo mobile apps for personal mail, and an Email app employing Microsoft Exchange ActiveSync for access to your company’s Exchange server.

Google: Recent Developments

At Google I/O 2014, a new initiative was unveiled, intended to help enterprise and corporate customers deploy devices to employees with minimum hassle:

·   Dubbed Android for Work, there’s an update to Android L, allowing a more seamless user experience for home and work applications. A separate app is planned to provide similar functionality on older devices.

·   For developers, a set of new APIs will require no modification to existing apps, work with bulk deployments, and take advantage of Samsung’s KNOX platform to maintain full security for sensitive corporate data.

·   Google Drive is being augmented with Drive for Work, an unlimited storage option featuring encrypted data priced at $10 (about UK£6, AU$11) per user per month.

·   Native editing support has been introduced for Microsoft Office, meaning no more format conversion when going from Word to Docs.

The Android Way

Android Work is founded on KNOX, which includes a robust set of enterprise features, with powerful tools for separating personal and business content on a device and for securing business apps and content.

There are other key components, which Google hinted at, but didn’t provided full details for:

1. Seamless transition between personal and work data

The Android Work container will encrypt and secure business data and restrict what users can do with it, but won’t appear as a separate workspace. Apps will have an Android Work badge added any time a user encounters them (on a home screen, in a list of notifications, etc.). This tagging will make it very clear which apps are business and which are personal.

2. Deployment, updating, and management of apps

Google is developing its own volume distribution mechanism. Organisations can make bulk purchases through Google Play, and roll out enterprise apps developed for internal use. IT will be able to push updates to ensure everyone is working with the most recent version.

3. Device Policy Client and profiles

The new Device Policy Client (DPC) app is employed to create work profiles that can be managed by IT. A profile is used to establish the container on an Android device. On personal devices, a work profile can only be created after a user has been authenticated using enterprise credentials provided by IT.

4. Certification

Google will run an Android Work certification programme, which already has the support of major manufacturers. Rather than suggesting specific devices, IT leaders can make a blanket statement that any device bearing the certification name or logo will be supported.

This also gives users with older devices an opportunity to upgrade, with or without a company subsidising the cost of newer devices.

5. Kill switch

Android L will be the first version to support Factory Reset Protection – a kill switch that prevents lost or stolen devices from being used.

Work, for You?

Android Work addresses some core concerns of enterprise IT, like separation of business and personal content, mass deployment of mobile apps, a single set of EMM policies across Android L devices, and policy models appropriate to BYOD and corporate-owned devices.

Questions remain, about devices that people already own. We don’t know which Android devices will be able to update, and when this might occur. Google has indicated that some Android Work capabilities may be available to devices running older versions of Android, but the company hasn’t provided any details.

For organisations that haven’t gone Android yet, it may be better to wait until Android L devices become more widespread.

Implementing Cloud-Based BYOD Policies Safely

Implementing Cloud-Based BYOD Policies Safely 150 150 Kerry Butters

BYOD adoption is on the rise in SMEs. Cloud based services have opened up businesses to the world of bring-your-own-device, allowing SME business managers to save internal spending by encouraging employees to use their own laptops, phones and tablets.

However, these devices are often only intended for personal use, not commercial. This means that they can be ill-suited to the security needs of your company and you may end up spending the money you thought you were saving on implementing new security for these phones. There are still plenty of benefits to a BYOD environment however, so the best thing we can suggest is that you familiarise yourself with the potential downfalls of a BYOD office and plan for it appropriately.

Increased Threats

Some SMEs have been struggling with the new threats presented by a BYOD environment, so it’s important to ensure that if you do adopt BYOD you have the security infrastructure to cope with it.

Using unofficial, personal technology can expose businesses to viruses of all types, especially when it comes to Android devices. If an employee makes ill-advised browsing decisions on their own time, or downloads a dodgy app, but is still networked to your business, this can have an impact on their workspace and beyond.

You can’t neglect security on personal devices. If anything you need to increase it. Personal devices will be exposed to public Wi-Fi, non-secure websites and various other threats. You should also consider the possibility of a device going missing outside of the office, and the implications of that if a device contains sensitive information.

Loss of Professionalism

There’s been a lot made of the fact that smartphones bring the office home with you, but the reverse can also be said. If someone is using his or her device for both personal and business purposes then it’s likely that at some point one world will bleed into the other.

That’s why a lot of SME’s are looking into cloud-based mobile device management software for personal devices. MDMs ensure that even though a device is used for both personal and business purposes, there is a clear divide between the two worlds. This acts as a constant reminder to the user that they should remain professional when logged into the business elements of their device.

Data Loss

Remote workers and BYOD employees may sometimes, either by no fault of their own or user error, delete important files from their device. I once had a colleague who accidentally deleted an entire years work of important documents that sent the department into a panic until IT managed to restore said files. We were fortunate that there had been a recent backup of our information that we could use. This is not always immediately possible within a BYOD office. Whilst services such as Dropbox and OneDrive provide you with cloud backup, these are not always ideally suited for corporate use. That’s why you might want to consider implementing a cloud-based MDM system or some similar system that regularly backs up remote devices and stores copies in a secure, centralised location.

Lost Devices

People can be more careless with devices which they consider to be theirs, which can in turn lead to important documents making their way into the public sphere when a device is misplaced. That’s why it’s imperative that any BYOD solution your company settles on should include the option to manually erase specific files from a secure, centralised location as long as the device is connected to the internet.

Correct Implementation is Key

A good network security solution should be easy to implement, simple to use and be flexible enough to work on multiple platforms and OS’s. There are a number of businesses available who specialise in implementing cloud-based networks that will complement a BYOD device strategy without compromising the security of your business. Most of these are normally quite expensive, and could end up costing you more than what you’d save by going BYOD.

However, the MDM provider Meraki, recently acquired by communications giant Cisco, is a hugely competent system which provides a BYOD office with all the features that are needed to ensure that any company data on personal devices is comprehensively protected and backed up.

You would be right to wonder what the catch of such a comprehensive free service is. Fortunately, there’s nothing diabolical about the offer. Whilst Cisco Meraki’s MDM is an excellent resource, the company makes their money selling networking hardware. This, if anything, is beneficial to your business.

When the time comes to expand there will be no need to implement a new MDM system to work with your new infrastructure. Instead Meraki will slot right in, reducing down-time for your company and allowing you to move seamlessly into your next stage of growth.

Move Carefully

The BYOD office is a hot topic for SMEs. And rightfully so, it promises significant savings and improved worker engagement. However, there are also undoubtedly opportunities for things to go wrong along the way. That’s why it’s important that you consider the issues highlighted in this article, and give serious consideration to the implementation of a robust MDM system that’s capable of managing a whole range of devices running different operating systems.

This kind of caution will pay dividends. Moving too quickly could put your data and your company at risk.

Does BYOD Present Security Issues?

Does BYOD Present Security Issues? Kerry Butters

The BYOD model is becoming increasingly prevalent, as employers and employees alike embrace the smartphone boom. Now productivity can be increased as employees can have constant access to their company’s online services.

However, with this ease of access come security risks that are worth considering. If you have, or are intending, to adopt BYOD solutions in your business it’s important to be aware of the effect, both positive and negative, that it could have on your business.

One of the major problems in the BYOD market is the lack of enhanced mobile security in communications between devices. At the moment, many BYOD enabled networks use the built-in security measures that employee’s smartphones come with. This could be a potential security vulnerability that could be exploited.

Another challenge for the BYOD market is the difficulty for businesses in tracking deployed assets. This is because once a mobile device is deployed in an organisation, tracking it becomes increasingly difficult, even with the implementation of BYOD security solutions. Both of the above areas have been considered in more depth in a market report by Infinity Research that found several security vulnerabilities in the BYOD model.

Security vulnerabilities

The report stated that one of the major drivers in the BYOD market is the need for enhanced mobile communication security. Most businesses are not properly safeguarding online networks and proper mobile device management (MDM) is paramount. Using MDM enterprise software allows an organisation to better protect and control data and configuration amongst mobile devices within an organisational network.

“The growing globalisation of organisations has led to an increased need for enterprise mobility,” the report states. “Enterprise mobility helps organisations exchange data and information without any time and location constraints. Hence, organisations have been increasingly adopting BYOD policies to implement enterprise mobility.”

Many organisations have been discouraged from adopting BYOD methods, as there is difficulty in ensuring the safety of all the deployed assets. This discouragement has influenced the saturation of BYOD policies and the security concerns have reduced the effectiveness of a BYOD security setup.

“With the implementation of a BYOD policy, employees can use their personal devices to handle their organisations data,” the report continued. “This increases the need for BYOD security solutions as such solutions provide data security and enable better handling of data.”

Implementing BYOD

The marketing report conducted by Infinity Research is the latest in a long line of reports documenting the difficulty of successfully implementing a BYOD program. There are clear benefits in terms of increased productivity when it comes to BYOD programs, however, with the security questions unanswered there is still some way to go before this model becomes universally adopted.

The current policies in place in many businesses are out of date and sync with the current way that data is shared and accessed. Many organisations are putting sensitive organisational and employee data at risk and the BYOD initiatives value for many organisations is currently mediocre at best. This is according to a survey conducted by Teksystems of more than 1,500 IT leaders and 2,000 IT professionals.

More than half of IT leaders and upwards of 65% of IT professionals reported that their employers fall within one of three categories regarding their BYOD policies: either “nothing has been communicated,” “there are no official policy guidelines,” or “employees are not allowed to use their own devices at work.”

One billion smart phones

Current predictions suggest that by 2018 the number of employee-owned smart phones and tablets used in the enterprise will exceed 1 billion. The growing trend towards BYOD policies is redefining business connectivity according to a report by analytics firm Juniper Research.

Ownership

Although the BYOD market is growing and has huge potential for businesses, it must be adopted and applied correctly. A current problem that businesses are facing is that of ownership. One of the main characteristics of BYOD is also one of the main detractors from this model: the employee owns and to some extent maintains and supports the device. Due to this, the company will have much less control over the device compared to a device that’s owned by the company.

An employer needs to address this BYOD issue before enabling employees to bring their own devices to work. There are other potential problems for an employee to keep an eye out for including:

·         Ensuring that work data does not merge with an employees personal data

·         Making sure that non-employees, such as family members who may use the device, don’t access work data

·         The employer should have a plan in place in the event of an employee resigning or being fired

Identify security risks

A business intending to implement a BYOD solution must identify key business objectives and benefits, as well as developing account security, and audit and data requirements. Any team developing BYOD policies should be multi-disciplinary and the policies created must be coordinated between IT, human resources, and legal departments.

The UK Information Commissioner’s Office (ICO) provided a BYOD guide for employers setting out how to ensure that an organisation’s policies are in line with the UK Data Protection Act of 1998. If a business considers data protection risks at the outset, the organisation can embed data protection as one of its core values and in turn raise overall data protection and security standards.

The guidance provided by ICO has as a central tenet the importance of a clear BYOD policy. This ensures that employees that connect devices to the company IT systems are clearly aware of their responsibilities. A successful BYOD implementation can lead to a better separation of data. An organisation should also conduct an audit on the types of personal data that can be accessed from an organisation’s online infrastructure and the audit should also include what devices can be used.

Organisational networks at risk

It’s important to remember that an organisation that doesn’t implement BYOD policies successfully can put networks at risk that were otherwise secure. The ICO guidelines state that data security is of optimum importance and far outweighs any potential increase in employee productivity.

It’s possible for employers to use a sandbox or ring-fencing approach to data security. This means that data is kept contained within a specific app and it also ensures that, if the device is lost, the data that is kept on it remains confidential and retained via a backup facility.

It’s really important that a company ensures good safeguarding of its data to protect itself from legal action. If a company loses employee or client data, that company runs the risk of breaching the UK Data Protection Act which can leave an organisation vulnerable to legal claims brought by the client or employee in question and this can lead to a fine being by imposed on the company by ICO.

ICO recommends some guidelines to help an organisation avoid potential data protection and security breaches.

Consider the following:

·         Which type of corporate data can be processed on personal devices

·         How to encrypt and secure access to the corporate data

·         How the corporate data should be stored on the personal devices

·         How and when the corporate data should be deleted from the personal devices

·         How the data should be transferred from the personal device to the company servers

ICO also recommends that businesses implementing BYOD practices should install antivirus software on personal devices, provide technical support to the employees on their personal devices when they are used for business purposes, and have in place a “BYOD Acceptable Use Policy” that provides guidance to users on how they can use their own devices to process corporate and personal data. Employees should also be made aware that they can only process corporate personal data for corporate purposes.

Good monitoring practices

An organisation can alleviate some of the risks associated with BYOD practices by employing good monitoring practices. This monitoring could include recording the geo-location of employee’s personal devices, or companies can monitor the internet traffic on the personal devices. However companies must inform employees of the extent of its monitoring practices and ensure that employees are satisfied that the monitoring is justified by the real benefits and doesn’t infringe on privacy unnecessarily.

As the use of personal devices in the work place rises, so does the risk of company data being lost or stolen. Organisations must consider these risks and ensure that legal and data protection security measures are in place. Businesses need to think carefully about BYOD and implement appropriate policies and processes to tackle these issues and minimise the risks associated with BYOD.

The organisation is ultimately responsible for the security of company data and data protection requirements regardless of the ownership of the device. Businesses need to act responsibly to ensure the best application of BYOD policies.

A successful BYOD scheme can really boost productivity and streamline business processes, so it’s definitely something worth considering. With cloud services becoming increasingly used in businesses of all sizes, it can mean that employees can work from any location, even out in the field. However, a good MDM and sound policies are necessary to facilitate this, or a business runs the risk of exposing sensitive data and essentially, itself to hefty fines.

BYOD: What Every Company Needs to Know

BYOD: What Every Company Needs to Know 150 150 Simon Randall

This in-depth look at BYOD and its increasing use in the workplace gives a great overview of what every company needs to consider when thinking about implementing a BYOD scheme. Whilst for many, security remains an issue, with strong policies and MDM software, BYOD is now completely manageable.

Bring your own device (BYOD) describes a situation where employees use their personal computing devices in the workplace. It’s employees using smartphones, tablets, netbooks etc., to access business enterprise content or networks.

BYOD also takes in software and services, as employees use cloud resources and other tools on the web in order to connect to the company intranet.

Benefits of BYOD

Familiarity with their own equipment, and the option to work flexible hours can lead to improved job satisfaction and increased efficiency for employees. As workers explore the technical capabilities of their phones and PDAs, organisations can reap the benefits of employee collaboration, through greater productivity and creativity.

BYOD can also provide cost savings. These range from initial capital expenditure, to on-going usage and IT helpdesk support, as employees invest in their own devices. Through extensive Wi-Fi networks, workers have access to back office infrastructure, regardless of their location.

 In today’s offices, BYOD is fast becoming the norm, rather than the exception.

The Downside

Allowing employees to use their own devices to access company information gives rise to a number of issues.

Primarily, the employee owns and, to some extent, maintains and supports the device. As such, management will have much less control, in comparison to equipment owned by the company.

In order to address this, companies need to enforce security policies at a device level, and protect intellectual property and customer details if that device is ever lost or stolen. Breaches of customer data can significantly affect trust and business relationships, which take time and effort to rebuild. It can also lead to large fines being imposed on a company that doesn’t enable encryption on the employee device.

Critical Issues

To comply with its data protection obligations, a business must have answers to some critical questions.

·         Who owns the device? In the past, the company owned the devices. With BYOD the devices are owned by the user

·         Who manages the device? Today it could be either the company or the end user

·         Who secures the device? Bearing in mind that the data carried on it is company-owned. Just because they personally own the device, a user can’t escape some accountability for this.

As an employer, you’ll need to address these BYOD issues before enabling employees to bring their own devices to work. For example, by:

·         Ensuring that work data won’t be merged with an employee’s personal data

·         Ensuring that non-employees (such as family members who use the device) do not access work data

·         Setting protocols for what happens when an employee loses a device or resigns.

Plugging the Leaks

Sensitive company data could find its way onto employee-owned devices in any number of ways. The following are most common:

1. When an employee adds his or her company email details to a smartphone. A personal device is now storing sensitive corporate data, as well as all the employee’s private information. If it’s an iOS or Android device, the employee will probably synchronise it with their personal computer.

2. Google Docs, file-sharing services like Dropbox, and the apps that work with them, such as Documents To Go or Quickoffice, represent another risk. Such services are sometimes blacklisted in BYOD set-ups.

3. Text and instant messages may contain sensitive information that could be unwittingly stored on a mobile device – especially if an attachment is involved.

4. Employees will often copy business information directly from a desktop or laptop to a smartphone. A convenient way to collaborate on the move but of course, it also loads the mobile device with potentially sensitive data.

5. With many handheld devices supporting VPN software, remote access to corporate networks is increasingly common. Once connected via a VPN, a smartphone becomes a node on the internal network (with all the rights and privileges of its user), making it easy to copy sensitive data to the phone’s hard drive.

6. Many users don’t protect their phones with a PIN or password. All the information on the device is exposed to anyone who picks it up. And if the device supports remote access, the data on corporate servers may be vulnerable, too.

Security Policy

If it hasn’t already, your company’s acceptable use policy must be updated to embrace smartphones and tablets. You’ll need a clear BYOD policy, so employees connecting their devices to the company IT systems clearly understand their responsibilities.

Employees should be made to understand that their personal data (such as bank details, logons and private emails) needs to be secure – as does the business information on mobile devices.

An audit should be carried out on the types of personal data to be accessed, and the specific devices to be used.

A policy should also clarify who owns the data on the consumer devices, and what the users’ responsibilities are. It should require users to:

·   Register their personal devices before using them for company business

·   Notify the company if devices are lost or stolen

·   Protect their devices with a secure password

·   Only access the company network using an approved method, such as a VPN

·   Install (and regularly update) security software, like antimalware and remote-wipe applications

You may also want to restrict the sensitivity of information that employees can access on their devices. This is especially true if you have protectively marked data.

Overseeing Personnel

A multidisciplinary team should be formed to develop a co-ordinated BYOD policy. This should include IT, human resources and legal. Their aim should be to identify business objectives and benefits, while taking into account security, audit and data protection requirements.

A blanket ban on personal devices is unlikely to work. Employees may simply go underground – ending up unmonitored by your security policies.

The challenge your security officers face is to implement BYOD policies while reassuring your employees that Big Brother’s only watching in a benign way. They’ll be more willing to use their personal devices within the rules you set for them.

BYOD Checklist

A BYOD agreement checklist (PDF) from the Security for Business Innovation Council recommends the following:

  • ·          Ensure that end users are responsible for backing up personal data
  • ·          Clarify lines of responsibility for device maintenance, support and costs
  • ·          Require employees to remove apps at the request of the organisation
  • ·          Disable access to the network if a blacklisted app is installed, or if a device has been jail-broken
  • ·          Specify the consequences for any violations to the policy

MDM

The mobile device management (MDM) market offers many integrated and standalone tools to manage sandboxed enterprise applications, corporate data containers, and secure web browser environments.

Some MDM products can be configured to collect and display location and call histories from corporate devices, but not BYODs. Such options emerged in response to privacy regulations and concerns across international boundaries.

By providing safeguards against the deletion of personal data from apps or content, MDM allows a company to extend BYOD to a much larger audience.

Multi-National Concerns

Many employers are reluctant to allow BYOD as a convenience, as they discover they’re not in compliance with some country’s regulations. Though rules vary from country to country, many require informed consent to access personal information.

This has led to enrolment processes that notify users about all possible MDM capabilities – whether employed or not. Customised “terms of service” then describe how the employer intends to manage the BYOD.

Employers must specify what information will be collected, what actions can be taken, and what workers must agree to in order to complete enrolment and gain access to business data and systems.

The ICO Guidelines

The UK Information Commissioner’s Office (ICO) recently published BYOD guidance for employers on how to comply with the UK Data Protection Act 1998. The ICO guidance cites data security as a prime concern for employers. Significantly, BYOD should not introduce vulnerabilities into existing secure environments.

Employers should consider the use of a sandbox or ring-fencing of data, e.g. by keeping data contained within a specific app. And if a device is lost, the data on it should be kept confidential, and retained via a backup facility.

In terms of data protection and security breach risks, the ICO guidance recommends companies consider the following:

·   Which type of corporate data can be processed on personal devices?

·   How to encrypt and secure access to corporate data

·   How the corporate data should be stored on personal devices

·   How and when corporate data should be deleted from personal devices

·   How data should be transferred from a personal device to the company servers

The ICO also recommends:

·   installing antivirus software on personal devices

·   providing technical support to the employees on their personal devices when used for business purposes

·   a “BYOD Acceptable Use Policy” providing guidance to users on how they can use their own devices to process personal data and corporate – but only process corporate personal data for corporate purposes.

·   Companies must inform employees of the extent of monitoring, and ensure they’re satisfied that the monitoring is justified by real benefits and does not unnecessarily infringe on privacy

Legal Implications

In terms of legal risk, losing employee or client data could result in a company breaching the UK Data Protection Act. This could leave the company vulnerable to legal claims brought by the employee or client in question, or a fine imposed by the ICO.

What the Government Also Says

As of September 2013, the UK government has issued security approval for public sector organisations to offer BYOD schemes for employees to access data and applications using their own smartphones and tablets.

The End User Devices Security and Configuration Guidance policy was issued by CESG, the information security arm of GCHQ. It follows numerous public bodies, such as local councils, in seeking to introduce BYOD schemes.

The guidance states that any mobile device must be returned to factory settings before it can be used to access government data. Also, the device must be able to be fully managed by the employing organisation throughout the life of its use for mobile working.

The policy also provides detailed advice for a wide range of possible products and operating systems. Devices using Android 4.2, BlackBerry 10.1, Apple iOS6, Windows 7 and 8, Windows Phone 8 and RT, Ubuntu 12.04, OS X 10.8 and Google ChromeOS 26 are all on the list.

CESG recommends 12 security controls that need to be considered, including:

·         in-transit and at-rest data assurance

·         authentication

·         secure boot

·         application sandboxing

·         whitelisting apps

·         malicious code detection and prevention

·         an incident response plan for security issues such as lost devices

·         Geo-Fencing

Geo-fencing is the process of combining current location with BYOD policy. Disabling cameras on mobile devices when they are inside high-security areas would be an example.

Geo-fencing has been used in education, to enforce policies that prohibit taking pictures of students or require secure web browsing on campus. Similar measures have been put in force for retail environments.

Using GPS technology, geo-fencing can be applied in cases where it’s helpful to re-provision a device based on its location.

Other Real-world Applications

One way to restrict the flow of corporate data onto employee devices is to use technologies like Microsoft’s ActiveSync. Users can manage their mail, contacts and calendars without a direct connection to the corporate network.

Instead of allowing BYODs to access core network resources, employers can selectively publish enterprise data to new mobile apps. Users get the data they need, while the company ensures it can be accessed securely and wiped quickly and easily if necessary.

Selective wipe – deleting only corporate settings, data and apps – can protect business assets while leaving personal data and settings intact. Users must agree to give IT some control. For example, if a device goes missing, calling in first so that the phone can be wiped, before calling the provider.

Image: Michael Coghlan

The Truth about BYOD

The Truth about BYOD 150 150 Simon Randall

Preparing a Business Case for BYOD

Preparing a Business Case for BYOD 150 150 Simon Randall

It’s fair to say that technology has
evolved in such a way that most businesses and individuals can no
longer do without it, and in recent years, relatively new
technologies such as the cloud are helping to push the
comsumerisation of IT into becoming the norm.

This has led to an increasing trend
across enterprises to implement a Bring-Your-Own-Device scheme in
which the employee uses their personal devices to access the company
network. This means that there are also increasing concerns
surrounding security, especially when the cloud is also added to the
mix, although many of these concerns are unfounded, to some extent.

The cloud in particular tends to more
secure for smaller businesses than on site networks, as small
businesses tend not to have decent disaster recovery plans in place,
or robust enough backup procedures. On the other hand, cloud is often
based at a data centre, where all of the data is easily backed up and
in the event of hardware failure, it can be easily routed to another
part of the network.

That’s not to say that it’s the right
solution for all businesses though, just as BYOD schemes might not
be. Whatever the case, if you’re thinking about putting such a scheme
in place, it’s wise to look at options and reasons that you may want
to first.

Liaise with IT

If
you have an IT department, then they need to be in on it from the
planning stage right up to implementation. If you don’t and use an IT
support consultancy, then head to them first to seek advice.

Think
about:

  • The business case & ROI

  • Which devices you will allow

  • How the devices are used on a
    personal level

  • How the devices will access the
    network

  • How you are going to manage
    said devices

  • What impact BYOD will have on
    security

BYOD carries
numerous benefits to the company, such as less need for capital
expenditure and better collaborative practices which in turn lead to
increased productivity and potentially, an increase in revenue.

Analysts at
Forrester Research state
that there are four key considerations when making a case for
implementing a BYOD scheme.

  • The company’s overall goals

  • When the BYOD scheme will impact
    various business units

  • Which processes need to be
    modified in order to accommodate BYOD

  • How long it will take to achieve
    potential benefits

This means that in the first instance,
it’s necessary to look at justification on a financial level, paying
attention to all of the resources which may be necessary for the
scheme’s success. This means that in order to justify
the need for BYOD
, the company will have to come up with a report
on the following:

  • Network infrastructure:
    every time a device is added you will have to create a new
    connection to the network, so you will need to look at whether the
    current network can support this.

  • Supported platforms: Apple
    devices are popular and more secure than Android but the latter are
    hugely popular choices for many on a personal level. You will need
    to price in the monthly licensing costs for a mobile device
    management (MDM) solution and possibly, some additional security
    solutions to address the variety of supported devices.

  • Software licensing: As
    well as MDM software, you will need to think about licensing for the
    products that your employees might use, such as MS Office and other
    applications as well as maintenance.

  • Physical resources:
    You will need to assess if you currently have the resources when it
    comes to IT staff both internally and externally and if this will
    need investment in order to support the scheme.

  • Security: This will
    have to be assessed and solutions put in place to protect the
    network and sensitive data.

Potential BYOD benefits

In order to prove ROI to the finance
department, you will need to look at exactly what implementing a BYOD
scheme can do for the business. It’s pretty much a proven model now,
so this shouldn’t be too difficult, but let’s look at a couple of
benefits that affect the majority of businesses.

  • Enhanced productivity: This
    is the most widely reported benefit, as it’s been found that
    employees that use mobile devices at work are better communicators,
    as they can collaborate effectively and efficiently at any time,
    from any place with a connection.

Employees are happier in their
work, which also increases productivity and they can connect quickly
with clients and colleagues, no matter where they are in the world,
in real time. This means that rather than sit around waiting for
documents to be couriered over, or email to come through, so
everything gets done that much quicker.

  • Less capital expenditure: This
    isn’t always the case, but for the most part employees that use
    their own devices won’t need access to high-end machines at work.
    However, this is very much dependent on individual scenarios and the
    size and location of the network (on-premise or in the cloud).

  • Increased revenue: Again,
    this depends on the company, but let’s imagine a scenario where a
    company has a sales team out on the road. Using his own device, a
    salesman can close a deal there and then, without the need to go
    back to the office to do the paperwork, enter it onto the system
    etc., which in turn means that the sale is more likely to stick.

It also means that sales staff
can manage their own accounts and complete paperwork on the fly,
increasing their productivity substantially. This could lead to an
increase in revenue as the sales person increases the amount of
accounts they can manage.

Further considerations

Once you’ve looked at the ins and outs
of putting BYOD in place, you’ll also need to think about policies
and this is something that gives many a CIO a headache. Yes, they are
personal devices but they also connect to a business network so it’s
vital that employees know what they can and can’t do.

For example, an employee might enjoy
playing games on a device or social networking; however, you may not
want him to download apps that might compromise the security of the
network. This can be managed with the MDM, but it’s wise to ensure
that workers know what they can and can’t access when using the
device for work.

It’s a fine balance, as you want users
to be able to have an experience which isn’t too intrusive, but at
the same time, you have to consider security. Too intrusive an
experience and productivity will be affected, which then impacts the
business case, so if the solution is going to have a huge impact on
usability, then perhaps you need to reconsider.

Think about the use of corporate apps
in order to overcome this, such as file sharing apps that are
business grade rather than consumer, Dropbox being an ideal example
of this. However, putting sound policies in place should overcome
many of these concerns.

According
to Gartner
, half of all employees will be using BYOD by 2017 and
it’s something that carries a strong case for improving many aspects
of a company. In fact, “[e]xpanding access and driving innovation
will ultimately be the legacy of the BYOD phenomenon,” said
Gartner’s David Willis.

“However, the business case for BYOD needs to be better
evaluated,” he continued. “Most leaders do not understand
the benefits, and only 22 percent believe they have made a strong
business case. Like other elements of the Nexus of Forces (cloud,
mobile, social and information), mobile initiatives are often
exploratory and may not have a clearly defined and quantifiable goal,
making IT planners uncomfortable. If you are offering BYOD, take
advantage of the opportunity to show the rest of the organization the
benefits it will bring to them and to the business.”

Bearing this in mind, perhaps you shouldn’t be asking yourself if
your company can afford BYOD and should be asking if it can’t.






captcha