As more and more employees are bringing their own mobile devices to work, the debate over the risks and rewards of bring your own device, BYOD, is heating up. On one side of the argument, analysts such as Nucleus Research are pointing out hidden costs of BYOD, such as increased support and security requirements, and wondering if the gains truly offset these expenses. On the other hand, the BYOD trend seems destined to win over all objections, with Gartner predicting that half of employers will require workers to supply their own devices by 2017. Given this eventuality, rather than resisting BYOD without reservations, the prudent strategy for enterprises is to investigate BYOD’s potential risks and rewards and develop security practices suitable for the oncoming mobile device era.
Securing Your Mobile Perimeter
Data security remains one of the biggest challenges facing enterprise BYOD adoption. A Dimension Data global enterprise survey released this October found that 70 percent of business leaders view employee use of mobile devices at work as potentially dangerous and expensive. Careless mixing of business and personal device usage can compromise both enterprise and consumer information and introduce malware to corporate networks.
To address this, mobile providers and security specialists have been developing innovative approaches to securing devices. For instance, the latest BlackBerry 10 operating system employs a new technology called Balance which, as the name implies, helps manage the act of balancing business and personal use of mobile devices. BlackBerry Balance lets enterprises create a virtual partition on devices separating business and personal workspace. Encryption by a 256-bit AES safeguards company data and email accounts within the device’s business workspace. Users can swipe apps pages to switch between business and personal profiles, but they cannot share files across the enterprise-protected wall.
Discouraging Device Theft
Another BYOD risk that concerns employers is stolen devices. Lookout Mobile Security, a company that recovers lost smartphones, estimates that lost mobile phones cost Americans $30 billion annually. In the District of Columbia alone, 1,829 smartphones were stolen during robberies last year. Mobile devices are most frequently lost at bars and pubs and during festivals and are also prone to get misplaced during bus and plane trips.
The Seltzer Law Firm, which specializes in employment law, has developed some recommended best practices to help address this type of issue. Among other precautions, it recommends that employers require workers to activate apps for finding lost smartphones and to report stolen devices within 24 hours.
Planning Disaster Recovery Policies
What can employers do in the event a device is stolen or a network is breached, or even if an employee simply leaves the company with sensitive data on their smartphone? As with any other area of IT, it’s vital to have policy for how to respond in the event of a data disaster. In its BYOD best practices manual, software provider Citrix recommends that employers should design networks so that they can remotely terminate access to company apps and databases, close employee software-as-a-service, SaaS, accounts, and selectively wipe work-related data from worker devices.