The term ‘BYOD’ or ‘Bring Your Own Device’ is not a new term for most technologists and is no longer considered a cutting-edge trend, but a widely-adopted way of conducting business. According to Gartner, ‘90% of businesses will support at least some facet of a BYOD strategy by 2017’.
The fact is that there are now more knowledge workers using their personal devices in the workplace than ever before. The continued adoption of BYOD is largely due to a well-documented increase in workplace productivity. Cisco found that ‘BYOD employees increase their productivity by 37 minutes per week compared to non-BYOD employees’. This may not seem like a big difference at first glance but the mass adoption multiplier is what’s convincing businesses of all sizes to adopt some degree of BYOD policy.
With the opportunity for productivity gains that consumer mobile technology in the enterprise presents, there are accompanying new security challenges for both technology integrators and IT professionals.
There is more device diversity than ever before. There are now more devices than there are people on earth, as well as 50+ operating systems and millions of proprietary apps. This level of device diversity creates the significant challenge of securing the IT network that is accessed from such a broad range of devices.
More devices (and things) require more complex network designs. Network topologies are getting increasingly more complicated with the introduction of more connected devices and things (IoT) . There are currently 8 network types, countless network topologies, and there is expected to be 20.8 billion things connected to the internet by 2019. In an IT pro’s perfect world, thousands of devices on a network could be managed effectively from one platform. Sadly, that’s not the case, though there are some organizations out there like Spiceworks that think they’re up for the challenge.
Security protocol must be clearly defined for a successful BYOD deployment. Ideally there would be a 1:1 relationship between BYOD usage and BYOD policy. Unfortunately, this does not appear to be the case. Based on a Tech Pro Research survey, 74% of organizations are either using or adopting BYOD and another survey by Cisco revealed that only 64% of organizations currently have a BYOD policy in place.
A basic BYOD security checklist would consist of a password policy, blacklisting unsecure and/or malicious apps, creating a list of supported devices, etc. Some additional considerations include enterprise-grade data encryption and how to secure and support a guest network alongside the main enterprise network. The needs of each organization will vary, but in general, the BYOD policy should be an extension of the IT security policy that is already in place – to enable the productivity gains BYOD support brings to the organization.
The real BYOD challenge is how to balance security against increased productivity. The IT consensus is simple: the less device diversity there is on a network, the simpler the network design, therefore the easier it is to secure. But the use of consumer-grade mobile devices in the workplace has been shown to drive significant productivity gains. The question is, should the IT manager and integrators prioritize productivity or security? The hard truth is that a secure BYOD policy is no longer optional, but necessary, to meet ever-increasing demands for greater productivity and keep the enterprise network safe and secure.