With growing proliferation of smart
mobile devices in the consumer market, the new age professionals have
quickly shifted from PCs to laptops, tablets, and smart phones.
According to IT Consumer Survey conducted by IDC in April 2011, while
88 percent consumers surveyed use a desktop to access Internet for
business or personal use, 91 percent use a laptop, 80 percent use
smart phone, and 36 percent use a tablet for the same purpose. This
is an indication of how fast the smart devices are being penetrated
into consumer space. Driven by this trend enterprises are compelled
to introduce bring-your-own-device (BYOD) model in the organization.
In the first place, this trend not only helps enterprises save
spiraling IT infrastructure cost significantly, but also it improves
the productivity of employees. Nevertheless, this comes with a caveat
– challenges associated with enterprise data security. Now that the
enterprises can't reverse the trend of smart work culture, the
limited option left for them is to evaluate various dimensions of
risks associated with BYOD model and smartly implement an
enterprise-wide data security program.
While enterprises leverage the benefits of BYOD, there are some genuine concerns as well. According to a survey conducted by Mimecast in 2012, 74 percent respondents emphasized that the biggest challenge of BYOD is information security. By allowing employees' own mobile devices to premises, companies open a floodgate of security and privacy issues that could cost them huge amount of money in terms of fine and critical data loss. Here are some critical risks that spring from the BYOD program.
Risks are often thwarted when they are understood well. In case of BYOD, organizations not only face security challenges, but also they come across with a slew of legal challenges as well. For example, loss of customer information, which is protected under privacy act, can draw huge legal complications for the organization. In the recent time, companies like Facebook and Yahoo have lost millions of customers' personal information to hackers. That indeed reflects how vulnerable the large technology enterprise are. But for any organization, small or big, a comprehensive policy on data security and framework for workable BYOD model can ensure the benefits of smart work culture. A report titled “Five steps to a successful BYOD program” published by Forrester, emphasizes that the more an employee has access to privileged data, the more powerful should be the information security rules.
Technological revolutions in the past have brought both opportunities and risks on the same platter. Not a single technology invented till date is absolutely free from some genuine challenges. Organizations encouraging their employees to adopt BYOD must consider the key challenges first and then devise a comprehensive BYOD policy across the organization in order to optimize the benefits of this program.
Here are some major concerns that pose
serious deliberations before allowing BYOD program in the
organization.
- Does the organization have a full-proof BYOD policy?
- Does the organization have a stringent security policy related to critical data exchange over employee devices?
- How will these devices be connected to various data servers in the organization?
- What if the employee leaves or gets fired?
- What if the employee device is lost or theft and passed to a rouge element?
- What are the IT infrastructural limitations for mobility programs?
- What are the monitoring programs for keeping a tab upon a variety of heterogeneous devices?
Advantages of BYOD
Every technology revolution has its
fair share of advantages. And the growing trend of smart mobile
device adoption by employees at workplaces has more edges. According
to a study on BYOD conducted by Cisco, 76 percent respondents said
that adopting to BYOD was somewhat or extremely positive for their
organizations. The same study reveals that BYOD apart from
operational excellence there is a significant cost benefit. As per
some estimation done by Cisco, an employee engaged in BYOD can
benefit the organization in the range of $300 to $1300. Primarily,
the companies allowing BYOD accrue the following benefits.
- Optimized employee performance: Smart devices provide more flexibility to contemporary work culture. They also increase collaboration among employees, management, and customers. Employees can be equally productive while they are traveling or working from home.
- Enhanced employee satisfaction: While employees are allowed to bring their own smart devices to work place, they never crib about obsolete desktop, as often provisioned by the organization. Since they are convenient with their own devices and also they understand the nuances of usage, their independence from the buckles of IT helpdesk provides a sense of contentment.
- Increased client satisfaction: Mostly employees working in the sales and support program quickly respond to customers' concerns, which ultimately elevates customer satisfaction.
- Significant cost savings: With employees taking care of their own devices, companies save a significant portion of IT spending on purchase of hardware and other allied devices. Moreover, companies can save on phone plans, SMS plans, Internet services, and helpdesk overhead.
- Reduced management intervention: Allowing BYOD to employees, the management eliminates a number of additional responsibilities such as selection of vendors, monitoring of employee data usage, and purchase decisions.
Risks Associated with BYOD
While enterprises leverage the benefits of BYOD, there are some genuine concerns as well. According to a survey conducted by Mimecast in 2012, 74 percent respondents emphasized that the biggest challenge of BYOD is information security. By allowing employees' own mobile devices to premises, companies open a floodgate of security and privacy issues that could cost them huge amount of money in terms of fine and critical data loss. Here are some critical risks that spring from the BYOD program.
- Security threats: Mobile devices, especially smart phones, are often vulnerable to hacking. Since mobile platforms are not matured yet the security risks associated with them are not well articulated by device makers. When an employee downloads a new application there is enough chance that the software might be a malware or a tracking program that can eavesdrop any conversation taking place over the device.
- Spreading of malware in the network: If the device is connected through a Wi-Fi or Bluethooth, there is a larger possibility of that the device can play a dumb to tricks of hackers who can spread malware in the entire network. Malware can cause a huge loss of enterprise data and customer information.
- Loss or theft of devices: Since mobile devices are small and easily portable, they are prone to loss and theft. That threatens the loss of critical enterprise data.
- Lack of enterprise-level security controls: As employees use a variety of devices and all that operate on different platforms, it become quite cumbersome for the organization to streamline a single security blanket policy.
- Spamming: Unsolicited messages and contents eats out the bandwidth and storage. Although spams can't directly pose threat to data, any response to that can create otherwise.
- Phishing activities: Phishing is a serious concern for mobile devices as users can't detect it right there as often they can do in PCs and laptops.
Managing the Risks
Risks are often thwarted when they are understood well. In case of BYOD, organizations not only face security challenges, but also they come across with a slew of legal challenges as well. For example, loss of customer information, which is protected under privacy act, can draw huge legal complications for the organization. In the recent time, companies like Facebook and Yahoo have lost millions of customers' personal information to hackers. That indeed reflects how vulnerable the large technology enterprise are. But for any organization, small or big, a comprehensive policy on data security and framework for workable BYOD model can ensure the benefits of smart work culture. A report titled “Five steps to a successful BYOD program” published by Forrester, emphasizes that the more an employee has access to privileged data, the more powerful should be the information security rules.
The organizations can consider the
following strategies to avoid susceptible risks and leverage the
advantages of BYOD program. Before allowing employees to bring their
own mobile devices to the workplace, the companies should enact a
comprehensive BYOD policy, which would address major BYOD concerns.
The BYOD policy should include, but not
limited to the aspects such as employee usage, mobile security, data
protection, data encryption, password protection, identity and access
control, wireless access control, social media usage, internet
browsing control, anti-virus/anti-malware software provisioning,
anti-spam procedures, anti-phishing procedures, application security,
incident reporting, and above all an enterprise-wide employee
training on all these issues.
Conclusion
Technological revolutions in the past have brought both opportunities and risks on the same platter. Not a single technology invented till date is absolutely free from some genuine challenges. Organizations encouraging their employees to adopt BYOD must consider the key challenges first and then devise a comprehensive BYOD policy across the organization in order to optimize the benefits of this program.
No comments:
Post a Comment