Mobile devices are completely ingrained in our daily lives. They entertain, remind, socialize, and manage us. They are our personal authentication key to the world around us. They are an extension of ourselves. Handheld mobile devices are just extremely personal, more so than any other device we interact with during the day. When asked, most people will say that they’ll give up food or sleep before they’re deprived of their mobile device, and for most there is a discernable level of anxiety when their device isn’t actively with them.
The personal dynamics of mobile devices and, in turn, mobile device management, has made adoption of mobile technology a tricky business across the board. For most organizations, Bring Your Own Device (BYOD) policies are still complex and perceived as risky. But, with the global workforce’s rapid adoption of the mobile work style, integration of BYOD policies have been necessary for most organizations to maintain the high levels of productivity needed to sustain business success. In fact, only businesses with high-level security concerns and strict privacy needs—like financial organizations—can succeed in today’s marketplace without some form of acceptance of BYOD in their mobile policies.
Originally, the largest motivation for BYOD was the desire to get rid of the traditional corporate device and its restrictive user experience which contrasted sharply against the newer, smarter consumer devices providing more personal experiences. The result for many early BYOD adopters was the increased employee satisfaction, productivity, and improved competitive advantage that they were searching for.
We’ve talked about BYOD for what seems like too long, but it continues to be a hot topic as employers allow employees to utilize their own devices at the office. But, as many of us know, giving employee-owned devices access to the corporate network increases risk and is difficult for businesses to manage. Many IT departments don’t have the time to deal with the challenges inherent with BYOD; the co-existence of personal and business data, multiple operating systems, and problems with backup, recovery, security, and compliance.
In fact, the 2014 Executive Enterprise Mobility Report released by Apperian and conducted by CITO Research, helps shed some light on how important the issues are that executives at a range of companies embracing these mobility strategies face.
For example, 77% of the respondents highlighted security as a major concern with mobile device management—not much of a shocking discovery if you’ve ever dealt with mobility in the past. What is shocking? That 70% of respondents are still unable to detect data or device loss, which highlights a starteling lack of mobile security initiative in today's businesses despite security being a key concern.
What is clear, is that companies understand the inherent risk surrounding BYOD and many are still struggling with how best to address their concerns.
Some of the challenges of managing BYOD programs have re-invigorated a “bring-your-own” trend that dates back to the 1980s—Bring Your Own Apps (BYOA). BYOA can be used as a way to preserve the productivity benefits of BYOD while reducing the capital costs associated with managing a BYOD program.
The BYOA trend centers on employees’ use of third-party applications in the workplace. But BYOA is really the key driver of a much larger trend that's growing in popularity; IT consumerization. Why? Because BYOA and its associated benefits for employees include greater engagement and satisfaction, and improved productivity, the chief cornerstone of the IT Consumerization movement.
Since BYOA employees choose their own applications, each employee can use the apps that he or she is most comfortable with. Not only does this improve productivity by allowing employees to have more control over the software they use, it also enhances efficiency by letting each individual person use the tool that best matches their work style. This gives you the opportunity to provide more software and business process features to your team than you could logically provide while employing a BYOD or other corporate mobility strategy. IT Consumerization essentially allows businesses to create endless opportunities with multiple new ways to get work done—which would likely have a positive effect in terms of employee morale and efficacy.
But the greatest strengths of the BYOA policy are also its greatest weaknesses.
Most consumer apps being used in the enterprise are cloud-based in order to allow user access from multiple devices, laptops included. Many organizations are finding that the combination of cloud-based document sharing and cloud-based business process solutions are meeting a growing number of their business requirements.
As employees are increasingly under pressure to do more with less in terms of budget and IT resources, they often turn to BYOA to get the job done. While this can be rationalized as a means of reducing the capital expenditures and licensing costs associated with using corporate-issued file storage, document sharing, and business process software, all budgetary benefits that come from reducing capital costs are often negated because of one thing—sacrificed security. Your prized corporate data is now sitting in someone else’s cloud.
There is no ace in the hole when it comes to security policies. The simple fact is that SMBs must absorb certain types of risk out of necessity when competing with large enterprises—which is why you’re likely to see higher BYOA adoption among SMBs than enterprises.
But for those who can’t absorb that risk, or simply don’t want to, there’s good news—that risk can be managed.
The key challenges for businesses of all sizes adopting cloud and mobility applications is finding the right balance between usability and data security. In an ideal world, users would like to have one-click access to an increasing number of apps without needing 12 digit passwords for each app. Since users are bringing in their own devices, and these devices are the primary means to app access, they must be “trusted” within the organization and secured.
“Perimeter Security” no longer exists in the enterprise. Network boundaries are slowly disappearing—and many IT departments are still trying to control all facets of off-premises application access from roaming mobile endpoints. But this is, quite simply, impossible to do. And so a shift in the way we think about security may be in order.
Protecting data directly, not the device, guards your data at the source rather than the endpoint, ensuring the safety of your businesses’ information regardless of your employee’s location. Information Rights Management and other such technologies directly embed access rules into documents by way of cryptography. With this method, the rules are applicable to documents regardless of location or device, allowing effective security measures for multi-device environments.
This pattern also allows for “detecting, logging, and blocking” data that leaves enterprise premises. Having the capability to follow the transmission of sensitive data solves part of the problem that has become apparent in Apperian’s Mobility report—understanding where, when, and how users are transferring information out of the corporate network.
Secondly, the drive to demand better security from consumer app providers needs to be spearheaded by SMB and enterprise businesses. Since most businesses are embracing some form of BYOD/BYOA, and most of us spend at least 40 hours a week in the workplace, the burden of changing app security—and consequently cloud stability—really falls on businesses, not consumers.
Finally, securing critical business communications can solve a lot of data leakage from the start. Unified Communications (UC) can help keep your company keep its contacts and other data safe and secure when an employee’s device is lost or stolen.
With the right UC app, your IT administrator can secure data loss easily. Unified Communications lets employees bring their own devices while still maintaining high levels of corporate security. The best UC platforms let you support multiple devices through one single approved UC app, meaning your employees can have access to their favorite communications tools without your IT department having to support each device individually.
In regard to other security issues, many organizations that have started implementing consumerization policies are establishing acceptable use standards for use of consumer technologies in the workplace. Acceptable use policies (AUP) stipulate requirements that must be followed to be granted network access.