BYOD (Bring Your Own Device) is a trendsetter for the corporate world. Most of the companies are following it and giving their employees the leeway to use it. As per a global survey, 28% of the workforce prefers to use personal devices for work and this is expected to increase to 35% by mid-2013.
But the challenge that lies with BYOD is the absence of proper security system. According to Gartner, “through 2014, employee-owned devices will be compromised by malware at more than double the rate of corporate-owned devices.”
The Missing PointsEven though the trend is the catchiest in the industry, but experts fear that security will be an area of concern.In a Gartner survey, it was also pointed out that only 27% of US respondents believed that their mobile security was sufficient to pass an audit.
According to the research firm, by 2014 about 90% of organizations will allow corporate applications on personal devices. So, the IT departments should brace themselves up to resort to proper security strategy. Improvement on security front will ensure network manageability, saving of IT staff time, rise in employee productivity, and gaining of other strategic business advantages.
Best practices for BYOD include creating organization-specific BYOD policies, developed in conjunction with legal and HR; guidelines on who is eligible or not for the program; new employee agreements for support, risk and responsibility; adjustments to service levels; service desk training; funding and reimbursement strategies; employee education; and IT publishing specifications on acceptable devices.
BYOD impacts corporate risk, infrastructure and software costs, customer service levels, and total cost of ownership. It typically requires significant technology protections (including authentication, network access control, mobile device management and mobile application management,encryption/containerization, and content protections) and delivery mechanisms (app stores, file-sharing systems, and desktop virtualization). It often forces adoption of thinner-client architectures, multiplatform mobile application development environments and frameworks, and HTML5 for mobile applications.
The Saving Grace
Organizations have to restructure IT priorities and virtualization can be a saving grace as it offers benefits in terms of energy efficiency, green IT, business continuity and much more.Virtualization can allow IT to securely allow employee-owned hardware to access network resources and help mitigate security risks from attacks such as malware.
Application and desktop virtualization with network segmentation can pacify the impact of radius of attacks as the devices are not directly working with application servers and business data.
The Indian Scenario
In India, Vodafone has launched Vodafone secure device manager for corporates that acts as a simple and flexible tool to keep the data on smartphone and tablets secure, helping business grow without the fear of data security breach.A survey unveiled some interesting trends regarding company policies about personal use of work devices. It was observed that 58% of Indian respondents say their enterprises prohibit access to social networking sites from a work-supplied device. This was registered as highest when compared with China (33%), Europe (30%), and the US (32%).
Gartner believes that enterprises will adopt a similar approach and will block or restrict access for those devices that are not compliant with corporate policies. Enterprises that adopt BYOD initiatives should establish clear policies that outline which employee-owned devices will be allowed and which will be banned.In the BYOD era, security professionals will need to diligently monitor vulnerability announcements and security incidents, involving mobile devices, and respond appropriately with policy updates.