South African companies are becoming increasingly open to using mobile technologies to empower worker mobility and support work-from-home scenarios; and whether it is by design or default, employees’ personal mobile devices are proliferating enterprises at a rapid rate.
On the plus side, a Bring Your Own Device (BYOD) model approach simplifies the hardware allocation and management component of a mobile strategy.
Instead of the employer furnishing employees with devices and deploying them, employees are responsible for their own devices and carry the costs of purchasing them, paying insurance and very often the subscription fees.
BYOD also keeps employees happy as mobile devices are highly personalised and individuals can cater to their preferences. These are often resolute but vary from person to person in proportion to the array of devices available. Companies need to embrace diversity in order to satisfy employees. In return they are rewarded with a more agile, dynamic and productive workforce.
While there are good arguments to support a BYOD model, there are some obstacles that need to be managed.
Dries Morris, the Operations Director at Securicom, a specialist provider of managed IT security services, including a cloud-based Mobile Device Management (MDM) using Zenprise (ZenCloud as either a public, private or hybrid cloud and on-premise solution) says IT and data security are the big issues.
“Employees might use one or more mobile devices, and every unmanaged device that is allowed to connect to the network exposes it to a number of security threats. There is always a risk that a device could be jail-broken or rooted and have unsecured or infected applications installed which could compromise network and data security. Employees are also very likely to be using the same mobile devices they use for work to browse the internet, for social networking and downloading internet resources.
“Furthermore, when employees bring their personal mobile devices to work and use them to share files or data inside and outside the office, it is also difficult to maintain visibility and control over company information.
“We are seeing a very similar problem to the one which the advent of USB data storage devices brought about. Users are able to move intellectual property from the company owned infrastructure and onto personal owned devices. And so, data leakages and loss of sensitive business information is a significant risk,” he says.
Although BYOD brings with it complex security challenges, Morris says these aren’t reason enough to ditch the idea. Security is an issue with company-issued devices as well.
Michael Hutchinson, Infrastructure Product Manager at Blue Turtle Technologies, which has the rights to distribute Zenprise technologies in South Africa and offers it as an on-premise solution to companies, agrees.
“Whether devices are company-owned or employees’ personal devices, there is a need to manage how they can be used, what services or applications can be run on them; and what resources can be accessed by the users of those devices. Any unmanaged device could expose the entire organisation to malware, espionage and other risks including liability.
“Email attachments are where the security risks multiply. The loss of a single attachment of financial planning, customer contact information or even building schematics could push the organisation into regulatory non-compliance.
“These threats emphasise the importance of implementing a proper MDM solution,” says Hutchinson, adding that a MDM solution combined with a well-defined BYOD security policy allows companies to quickly and securely leverage the power of mobile technology across the enterprise.
“Almost everybody has a smartphone nowadays. So, BYOD has the potential to make companies substantially more efficient and better-able to quickly respond to an ever-changing marketplace. One of the most exciting possibilities presented by a BYOD policy is that it will enable easy video-conferencing. This means that employees will be able to hold meetings wherever they are using their own computing devices,” he says.
Morris concludes: “BYOD can work and it can be made secure by enforcing a security policy around BYOD and by implementing MDM technology. With a robust but flexible and easy-to-use solution, organisations have the flexibility to implement best-fit strategies, even if it means allowing a mix of BYOD and corporate-issued devices.”
Staff writer
Regarding Dries Morris' observation that “Employees might use one or more mobile devices, and every unmanaged device that is allowed to connect to the network exposes it to a number of security threats," new technologies are available that eliminate such threats. One approach that's gaining steam is a "container" approach that communicates with mobile devices over a private communications link, keeps information encrypted at flight and at rest, and isolates corporate data from the rest of the device.
One example is Rover Apps, at http://www.roverapps.com. I'm not a Rover Apps employee, but have done some consulting for them, and they're finding favor in situations that were previously driving IT nuts. For anyone trying to solve the BYOD dilemma, they're worth looking into.
Hi Bob.
Zenprise is based on a "container" approach; with seperate database and security instances to ensure data does not get mingled; device encryption with the ability to do a selective wipe – deleting only corporate data – when an employee leaves, data encryption at REST and in transport is a non negotiable when positioning MDM with security and risk the primary considerations. It supports all the various mobile platforms and is easy to use, it will be worth your while investigating and familarising yourself with the technology; thank you very much for your contribution.