BYOD – The Good, The Bad & The Ugly
Between the Samsung Galaxy Note 10.1 that was released in August, the iPhone 5 that hit stores in September, and the Microsoft Surface tablet that’s set to be released in late October, tablets, smartphones and other personal devices are saturating the marketplace these days.
While we enjoy playing with the latest and greatest technology, we also realize that this abundance of “personal gadgetry” is changing the way the workplace functions. Employees are increasingly utilizing their own personal devices, whether it’s a tablet, smartphone or even laptop, for work purposes. And business IT has to keep up.
As this Bring-Your-Own-Device (BYOD) phenomenon becomes more and more integrated into the work world, it’s apparent that there are a number of benefits that come with employees using their own devices. However, it’s also clear that there are some major challenges.
In an effort to cut through the hype of BYOD, let’s take a minute to run through The Good, The Bad and The Ugly of personal gadgetry in the workplace —
The Good: Cost Savings, Employee Satisfaction & More
Companies that embrace BYOD programs and formulate a policy around it tend to see significant cost savings since workers pay for most, if not all, of the data and hardware costs associated with their devices.
Why are BYOD workers on board with fronting these costs? Two surprisingly simple reasons it seems — First, people who have multiple personal devices are already paying for them. They would be paying for them even if they weren’t using them at work.
Second, getting to use personal devices at work is seen as a privilege and a bonus. According to Pros and Cons of Bringing Your Own Device to Work, “Users have the laptops and smartphones they have for a reason — those are the devices they prefer, and they like them so much they invested their hard-earned money in them. Of course they’d rather use the devices they love rather than being stuck with laptops and mobile devices that are selected and issued by the IT department.”
Another benefit: Personal devices tend to be more up-to-date with the latest features and upgrades when compared to company-issued devices. Upgrades to a personal tablet, smartphone or laptop only have to be approved and implemented by the owner of the device, whereas company-issued IT has to follow time-consuming processes and procedures simply to upgrade old software to the next iteration.
Not only are these personal devices cheaper and more likely to be up-to-date, but they’re also more likely have the ability to become an extension of an employee’s work phone. The telecom industry is moving so rapidly these days that almost device has the ability to become an extension of your work number. This is made possible through a variety of SIP applications that can work with multiple platforms, including VoxNet UCC and the Mitel Communications Director.
By not having to purchase or maintain physical endpoints, companies can realize even greater cost savings and flexibility as BYOD extends into their telecom budget and resources.
The Bad – Murky Waters without Formal Policy
Though the benefits can be significant for companies that embrace BYOD policies, such practices can also bring up tough questions when it comes to outlying issues.
For instance, say an employee takes a smartphone that doubles for business and personal use on an international work trip. Who pays for its usage during that time period since the reason the phone incurs international costs is work-related? Or, what happens when an employee is let go but still has company data on a personal laptop, tablet and/or smartphone?
In addition, compliance mandates, such as HIPAA, SOX or GLBA, require that rules related to information security still be followed even if a company’s data is on a laptop owned by an employee. So how do businesses that need to adhere to regulations enable themselves to utilize BYOD and still remain compliant?
One way to combat some of the data storage issues and tough compliance mandates is to direct employees to use a secure, company-managed Virtual Private Network (VPN). A VPN can provide a company with a truly secure connection between locations since the traffic is fully encrypted from end-to-end over the Wide Area Network.
Whatever secure interface a company uses, it should also invest in a BYOD policy if it’s going to let employees use their own devices for work purposes. That means written and agreed upon rules and procedures for employees to follow.
The Ugly – Serious Security Challenges
By letting employees access private, company information on their personal tablets, smartphones and laptops, businesses are enabling their secure data to accessed, viewed and managed on devices that are essentially out of their hands – literally and figuratively.
BYOD gadgets are the property of your employees, who will search and click on what they want when they want and will add apps to their devices as they please. Who knows what kind of security software is on each employee’s personal device, or if there even is any at all. Simply put, this creates a multitude of walking, talking threats to your security.
In addition, tablets and smartphones are relatively easy to lose. If an employee is working with company data on a tablet and loses that tablet, consider both the tablet and data in someone else’s, possibly malicious, hands.
Though business IT cannot retain complete control of employees’ personal devices, it can control access and management of company files and information by utilizing password protection, investing in a virtual private network, as mentioned above, and looking into Hosted Token Authentication, among other things.
Hosted Token Authentication is a relatively simple but good layer of additional protection for companies with BYOD in place. For instance, with ETA’s Hosted Token-Based Authentication system, remote users must enter a unique PIN code they choose, a One-Time Password (OTP) they generate using a keychain-sized token device, and their standard Windows credentials to login to your network. Not surprisingly, this enhanced, layered protection doesn’t just make good business sense — It’s sometimes required by regulations such as HIPAA, PCI and SOX.
Along with these protective measures, it’s also important that business IT create a policy employees must abide by when it comes to BYOD. This is no easy task, especially since there is no real standard to follow in terms of creating and implementing a BYOD security policy. Businesses have historically provided employees with company-issued devices that come with an acceptable use policy and are protected by company-issued and company-managed security software.
To take on the task of creating a BYOD policy, it’s important to understand how your entire network – voice, carrier and data – works together to stay secure and run at optimum efficiency.