With bring your own device (BYOD), employees are allowed to access corporate data, any time and anywhere, from devices they are already familiar with. This is particularly convenient for workers who have historically been required to carry secondary, company-owned devices or install invasive software on their personal phones in order to access corporate data.
The increased satisfaction resulting from this flexible manner of work is likely to improve employee retention as well. But the decision to adopt this modern method of work has far-reaching implications for the security and privacy of businesses and their employees.
Avoiding employee backlash
Addressing the privacy concerns that accompany BYOD is critical. Workers are increasingly apprehensive about their employers viewing their personal data. However, businesses need to be allowed to secure corporate data even when it is accessed and stored by personal devices. As such, steps must be taken to protect data on any endpoint without compromising the privacy of personal information – especially for UK companies faced with numerous regulatory demands.
In light of the above, appropriate BYOD policies must be put in place. For example, organisations should determine which types of devices can access corporate data, create exit policies for employees that use their personal devices for work, and more. While such policies are important, some employees are unlikely to comply – especially if they find said policies to be inconvenient.
Therefore, training and education must be used in order to endow employees with a sense of understanding and corporate responsibility around BYOD.
The risk of shadow IT
BYOD has undeniably facilitated the rise of shadow IT. In other words, it is now simpler for employees to circumvent official procurement channels and use their preferred cloud applications and resources to perform their work. Employee holidays are a prime example of how this can occur.
At the start of their holidays, employees are typically eager to spend time away from work. However, as the days go by and they experience reduced contact with their colleagues, they often become curious about how things are progressing. When their interest is piqued, employees will often check their email from mobile apps of their choosing. From there, catching up on the latest information is a fairly simple task. This rapid, flexible access to data results in a loss of control for employers though.
Under future regulations, such as the impending General Data Protection Regulation (GDPR), this sort of shadow IT scenario will be completely unacceptable.
Choosing the right security software
Companies tend to address BYOD problems by relying on mobile device management (MDM), software that was originally designed for company-owned devices. MDM ensures that security requirements are met, updates are installed regularly, unsecured Wi-Fi connections are rejected, and unsanctioned apps are unable to access company data. But these tools require the installation of an agent on each employee’s device.
These agents slow device performance and grant employers visibility into employees’ personal information, harming user experience and invading users’ privacy. This typically results in employees rejecting MDM tools and using shadow IT to perform their work from personal devices. Obviously, this can adversely affect workflow and have drastic security consequences.
Instead of exerting draconian control over apps or devices themselves, companies should secure BYOD with data-centric, or agentless, solutions. In this way, a positive user experience can be maintained when organisations protect their sensitive data. Agentless BYOD solutions are quickly gaining adoption in the enterprise. Unlike MDM and MAM alternatives, these solutions do not require harmful software installations on employee devices and, fortunately for employees, only monitor corporate data.
Despite its pain points, bring your own device is now an integral part of the business world – it is providing countless organisations with increased flexibility and efficiency. However, implementing BYOD requires a thorough plan that considers corporate data protection as well as employee privacy. For this reason, IT teams should focus on BYOD security solutions that emphasise protecting corporate data instead of just controlling devices or applications.
Rich Campagna is CMO of Bitglass
When people start booking their summer holidays, it is vital that employers ensure their BYOD policies are rigorous enough to protect their business against any potential data breach.