Embrace BYOD or get left behind. That’s the reality that many companies now face, as the surge in the “bring-your-own-device” (BYOD) trend blurs the lines between personal and professional. Employees can now access applications and data from any device, at any time, from anywhere – a phenomenon that is gaining traction across all company sizes and industries. And this trend shows no signs of slowing down. In fact, it’s accelerating: some companies are beginning to mandate BYOD to free up IT costs, requiring employees to bring their own laptop, tablet and smartphone to work and paying them a flat reimbursement instead of providing company devices.
A recent report from Gartner, “Bring Your Own Device: The Facts and the Future,” suggests that by 2017, half of the world’s employers may impose a mandatory BYOD policy — requiring employees to bring their own laptop, tablet or smartphone to work.
Some interesting findings from the research:
- 1.6 billion BYODs will be used in the workplace just next year;
- 38 percent of companies expect to stop providing workplace devices to staff by 2016; and
- 70% of mobile professionals will conduct their work on personal smart devices by 2018.
Clearly, BYOD is not only on the rise, it’s here to stay!
The popularity of smartphones, tablets and increased employee satisfaction has helped drive the BYOD movement. However, this also is part of the larger shift toward IT consumerization, in which consumer software and hardware are being brought into the enterprise. As more and more businesses jump on the BYOD trend, IT departments are battling to stay ahead of the game to ensure they are supporting business users while at the same time managing the IT risks associated with these evolving technologies. To quote Gartner Analyst David Willis, “More employees and more devices mean more security and management tool costs, more application licenses, more potential problems for an overtaxed help desk to deal with and more confusion.”
Managing risk, meeting the goals of the business and keeping employees happy is a tall order. Here are two things to keep in mind when building your BYOD strategy:
- In order to better manage the risks associated with BYOD, you will need better visibility to and control over the access privileges granted to workers. The use of mobile devices to access both on-premises and cloud applications makes these controls more difficult than ever. Companies must ensure that only authorized users can access sensitive applications and data, and they must be ready and able to remove all access privileges promptly upon worker termination. It’s no longer a simple matter of removing network access privileges.
- It’s important, however, to selectively apply controls and governance based on application risk and data criticality. For mission-critical applications, such as finance, human resources, or applications with confidential data, a high degree of control and governance is required. When these applications are being accessed by mobile devices, you’ll need to implement the right preventive and detective controls, such as approval workflow, access certifications and policy checking, to ensure that compliance and security guidelines are being followed. Not all applications require this level of governance, so you need to strike a balance between giving workers the agility and convenience they want, while giving IT the visibility and control that is essential to managing IT risk.
The bottom line: BYOD is an unstoppable force, with more employees bringing their personal mobile devices into the workforce and demanding fast, easy access to new technologies and applications. Businesses cannot afford to trade the benefits of mobility for unintentional costly consequences such as fraud, misuse of data, privacy breaches, and of course negative audit findings. The good news is that with the right governance-based IAM solution in place, companies can put preventative and detective controls in place that control user access across the enterprise, regardless of where or how an application or system is accessed.
Have you run into BYOD in your organization? What else do you think IT should do to provide employees the tools they need without compromising enterprise security or personal usage?