BYOD: Empowering your Mobile Workforce

BYOD: Empowering your Mobile Workforce
share on
by Sanjeev Kapoor 14 Dec 2018

The advent of smart phones, tablets, laptops and other portable devices have opened new horizons in the way enterprise IT infrastructures are developed, engineered and deployed in order to support employees and customers.  We are living in the era of “mobile first” strategies, where providing IT services to mobile users is a top priority and sometimes more important than supporting conventional stationary users. This is largely due to the proliferation of mobile devices and due to the rise of a mobile workforce in almost every organization. In this context, organizations must ensure that applications, data, services and other IT resources are securely accessible through the mobile devices of their employees, even in cases where these devices are not owned by the organization but rather by the employees themselves.  This is very important given that most employees, when at work,  still use their own devices rather than devices owned  by their employer.

The BYOD (Bring Your Own Device) movement has emerged to address these considerations based on systems and policies that provide anywhere, anytime accessibility to corporate data and information, even in cases where the users use their personal devices rather devices provided by the enterprise. BYOD is considered a booster to employee productivity, yet it also ensures higher accuracy of the exchanged data and lower IT costs. Nevertheless, BYOD deployments are associated with a host of challenges that have to be successfully confronted at the technical, management and organizational levels.

 

Understanding BYOD Challenges

BYOD means that enterprise IT assets such as data and services become accessible to a selective set of devices outside the organization. In particular, a properly BYOD strategy should enable access to enterprise applications data from anywhere in the world and using any device, without however compromising the security of the enterprise. This implies a need for changes in the security policy of the organization towards authenticating and authorizing a broader set of devices. It also asks for organizational changes that will enable the engagement of users regardless of the type of devices that they possess and the location from where their connect to the enterprise IT infrastructure.

The greatest BYOD threat is cybersecurity related and concerns due to potential data loss. In particular, BYOD opens new holes in the security of an organization, which provides a host of opportunities for conducting cybercrimes and attacking the enterprise IT infrastructure. Previously, any party operating a device outside an organization was classified as suspicious and could be directly banned from accessing the enterprise infrastructure, regardless of whether the owner of the device had valid credentials for accessing resources or not. This provided fine-grained control over the devices that could access enterprise resources, including control of their security features (e.g., their security patches and malware protection programs). With BYOD, this strict but safe banning principle is no longer valid. Hence, malicious parties are provided with opportunities for exploiting the vulnerabilities of BYOD devices towards gaining access to servers, data and applications. Likewise, they are also given more opportunities for eavesdropping or hacking a user’s access credentials, as several BYOD devices reside outside the security perimeter of the organization.

 

Tips for a Secure BYOD Environment

BYOD deployers are in most cases following some basic principles as part of their security policies, which can safeguard them against BYOD-based adversaries. These includes:

 

BYOD as a Risk Management and Investment Management Exercise

Despite the availability of enterprise mobility management solutions that account for BYOD needs, many security managers and CIOs (Chief Information Officers) remain reluctant to deploy BYOD infrastructures. Their concerns lie mainly in the security risks and the potential enterprise damage that they might cause, while also considering the costs of the BYOD deployment that comprise personnel costs, solutions licensing costs, security management costs and more. While these concerns are valid, they are out weighted by the potential benefits of the solution, which reflect directly on enterprise productivity and employees’ satisfaction. At the end of the day, managers should undertake an investment management exercise, which shall calculate the Return On Investment (ROI) of the BYOD solutions taking into account the solution’s costs and making reasonable estimates about its benefits. In recent years, there is good evidence that BYOD solutions yield a very compelling ROI. As part of the ROI analysis, enterprise managers should reflect on the security risks of the BYOD solution, as a means of identifying the ones with the higher probability and impact on the enterprise. The alleviation of these risks should be prioritized as part of the development and deployment of the solution, and accordingly used to drive the selection of the most appropriate enterprise mobility management technology.

 

BYOD is certainly here to stay, as it is already delivering business value to thousands of enterprises worldwide. In this context a defensive stance against BYOD does not really help enterprise productivity. Rather a different approach is required, which shall thoroughly consider BYOD risks and how they can be remedied. Fortunately, there are already a host of mobility management solutions available, including solutions that treat BYOD as an integral element of the enterprise IT infrastructure.

Recent Posts

get in touch

We're here to help!

Terms of use
Privacy Policy
Cookie Policy
Site Map
2019 IT Exchange, Inc