BYOD becomes a necessity
For any enterprise, the practice of BYOD is fast becoming a necessity, not a luxury. Companies that apply BYOD, or Bring-Your-Own-Device, to their operations, experience enhanced levels of productivity. When employees are allowed to use personal smartphones and laptops for work, research shows that they are more content and efficient when accessing technologies with which they are familiar. BYOD has become an unavoidable strategy to device management that promotes flexibility and mobility.
In this article, you can examine the essential benefits of BYOD and some of the issues raised by this MO. You can also explore the relationship between data protection and BYOD in the context of the EU General Data Protection Regulation (GDPR).
BYOD benefits
Probably the most obvious BYOD advantage is the saving on capital expenditure. You won’t need to spend a fortune on phones, tablets and laptops that your employees don’t want or like in the first instance. BYOD means that your company has access to the latest and greatest technologies purchased by your employees.
Your staff bring their own devices to work, so why not benefit from the situation? You can even implement a service-reimbursement agreement in which you pay a fixed percentage of employees’ mobile bills. Should you choose a more elaborate cost-sharing method, your IT department can install software that monitors usage and tags specific voice and data activities. This approach allows for precise accounting and accuracy for cost and reimbursement calculation. Either way, you’ll end up with a win-win scenario.
BYOD also supports and mobile and cloud-based IT strategy, an advantage from which your business is likely to benefit the most. Cloud processing and storage is increasingly being emphasised in the way a company sets up and manages its IT infrastructure. This means that collaboration and device independence are replacing the outmoded model of copying data to a specific device. This model is restricted by local access and use of files and does not support sharing.
The benefit of collaboration speaks for itself. End users can work together on a document, at the same time, using any Wi-Fi enabled device and from anywhere. So gone are the days of emailing files back and forth, and not knowing which version is the latest. Creating and editing is achieved collaboratively. Also, modern handsets have unprecedented processing power and application support that add to users’ productivity.
BYOD risks
There are definitely risks associated with BYOD and the gloom-mongers in the business like to highlight these. However, with a comprehensive policy, some user education and some management software, the potential for BYOD in your company is enormous. Nevertheless, take a moment to review some of the apparent BYOD disadvantages.
Letting your staff use their own devices can turn into a headache for your IT department. It would be unrealistic to expect them to support their own. Your IT guys will bear the responsibility of ensuring that software is updated so that the technology is optimised and functions well within your IT network. In-house IT must also ensure that rigorous data backup is followed, especially since data is been entered into a vast array of different devices. Coping with the influx of consumer devices may be a significant short-term cost. You will have to purchase expensive mobile data protection software and mobile device management (MDM) tools. On top of that, there is the hassle of configuring access privileges on an individual device basis.
Security is a paramount issue with BYOD. Unless managed correctly, allowing consumer devices into corporate networks brings serious risk. You will need to set strict and enforced BYOD guidelines. Your staff will need to be vigilant about security, irrespective of whether they are using their device for work or pleasure. Your IT department will have less control over personal devices. Will they be able to guarantee that devices are patched and encrypted? Will they know that each device has active and up-to-date antivirus software? According to a recent BT survey, only one in 10 IT managers believes that BYOD users understand the security risks involved.
Then there’s data loss, and data is what drives organisations these days. With BYOD you run the risk of placing sensitive data on staff devices which will be lost should the machine be stolen or subject to a cyberattack. With MDM tools you can reduce the risk but some employees may be reluctant to grant your IT department access to oversee what is on a device that they own. When somebody leaves you need to protect your corporate data and conduct a remote wipe. However, you don’t want to run the risk of compromising individuals’ personal data such as photographs, music and emails.
BYOD and GDPR
With the GDPR now in full swing, you cannot afford a data breach in any form. In short, if you are able to pay a fine of €20 million or 4% of your annual turnover, whichever is greater, then you are one of the lucky ones.
By now you should have in place all the required policies and procedures to enable appropriate GDPR compliance. These include, but are not limited to, knowing all your data, obtaining explicit consent, providing clear steps for consent withdrawal, and possibly appointing a Data Protection Officer (DPO). BYOD should be intrinsic to your overall data protection policy so that your organisation is fully protected against data compromise and thereby avoiding GDPR non-compliance.
Some say that BYOD poses additional risks in light of GDPR adherence. This is not true. The right BYOD strategy can play an integral role in ensuring that your company remains compliant. Key tenets of the regulation include having measures in place to protect all sensitive personal information, from how it is accessed then processed and then stored. You need to enforce strict policy relating to who has the right to access and make sure that any breaches are reported in a timely manner. A robust BYOD strategy will assist you and your IT department with all these things.
BYOD strategy for GDPR
If you haven’t done this already, you need to establish a BYOD policy that meets all the requirements of the EU GDPR. Besides creating a policy that works for both your company and your staff, your executive management needs to educate your employees around BYOD policy and GDPR fundamentals. Enterprise Mobility Management (EMM) is vital in securing your BYOD practices and policies. The goals of EMM are to determine how to integrate mobile technologies with your IT infrastructure and how to support workers when they are using the devices in the workplace.
Avoiding penalties
Make sure that your employees are on board with your BYOD policy. They need to understand what the policy is and why it is important to critical business operations. This will ensure continued efficiency and productivity. Your IT guys should make sure that employees are easily able to configure their own devices. Also, check that they can securely and seamlessly access the information that they need. Ease-of-use should be a BYOD priority. If accessing information is tricky and time-consuming, your employees may find a workaround. In doing so your BYOD policy will be compromised and you are at risk of having a serious data breach.
Employee personal data
Some of your employees may have concerns about the privacy of their own personal data on BYOD devices. They may conclude that your company has the ability to access and delete anything or everything. EMM solutions include solutions that separate apps and data into two virtual containers: a personal one and a corporate one. In this way, you can combat any doubts that your employees have about the security of their data. Having separate containers also makes it easy to delete company data should an employee move on.
BOYD, GDPR and your network
Access to your network is not limited to employees these days. Guests, visitors and partners attending meetings with your employees all expect to be granted access. This, together with the increase in BYOD means that you have innumerable endpoints accessing your IT infrastructure. In addition to the number and variety of devices, there are many different applications used to access your network. In this scenario, you need to apply solutions that offer granular control over access. In this way mobile device sessions are managed on-site and over a secure SSL VPN.
Closing remarks
Companies that steer away from BYOD for fear of a data breach that will cost them a fortune are wrong to do so. There is no reason why a well-managed and fully-understood BYOD should increase the risk of data compromise. In fact, a comprehensive BYOD policy is a means of showcasing your GDPR compliance. And all the while, you are promoting productivity and profitability.
