As businesses demand increased productivity, employees search for the optimal work-life balance and with the number of items connected to the “Internet of Things” (IoT) about to explode from 4.9 billion in 2015 to more than 25 billion by 2020, the era of BYOD – Bring Your Own Device – is truly upon us; but are businesses and IT managers ready?
When the concept of BYOD was made a reality by Intel in 2009, security concerns were cited as the reason for the initial slow take up. However, as mobile devices become more prevalent, with over 2 billion units sold in 2014 alone and cloud computing technology advances, with over 30% of businesses expected to be in the cloud by 2017, an interesting game changer is the fact that cloud-based licensing, unlike non-cloud services, is linked to the user and not the device. This means that the user can access the cloud-based services using multiple devices under the same licence. According to Gartner, the average knowledge worker accesses their organisation’s office system on four devices each week, i.e. mobile phone, media tablet, personal PC and enterprise PC. Considering that in 2012 nearly half of firms supporting BYOD reported data breaches, what are the concerns in securing EUDs – End User Devices?
With 43% of data breaches in 2014 caused by accidental exposure, theft or loss, securing the physical device remains a real issue. To minimise the risks, in the event of a device theft or loss, the business needs to ensure its policy regarding work related data allows for deploying encryption solutions to the device, enabling 2-factor authentication and clear direction on what work-related data can and can’t be stored on the device.
- As the employee owns the phone, how does the business manage their usage in their personal time without invading their privacy? This opens up a potential minefield of risks that include:
- The use of unsecure apps that can be a potential access point for hackers. Here’s a staggering statistic: 92 percent of the top 500 Android apps carry either a security or privacy risk, according to recent data from security firm MetaIntell.
- Access to the device’s contents by other parties such as the employees’ children; do they access third party unsecure sites such as Angry Birds? Are there sufficient controls in place to stop them accessing employees’ work-related information?
- Before the BYOD era, when an employee left a company they handed back their laptop, phone, office key and any other company owned property. If that employee left to join a competitor or they were dismissed, the business was somewhat safe in the knowledge that it had minimised the risk of any sensitive information leaving with the employee, unless there was a premeditated act of espionage. BYOD has changed the security landscape and businesses need to be pro-active in protecting their data!
- Another consideration is how to support a device that the company does not own? Does the business need permission to access it? How does the business know what data can be accessed without invading the user’s privacy? BYOD and remote mobile virtualisation policies bring an extra level of complexity to supporting devices that weren’t there before.
Considering all the security challenges associated with BYOD, there is still no doubt that the trend will continue as a recent survey by IBM shows benefits include increased productivity, employee satisfaction and cost savings. These are three big areas for employers and employees in the pursuit of a competitive business advantage while offering a dynamic work/life balance.
The success of BYOD for each company will be directly related to the company’s approach and according to Gartner, “the increasing adoption of mobile, cloud, social and information (often interacting together) will drive use of new security technology and services through 2016”. In dealing with the challenges and ensuring that they get the balance right in terms of business mobility and the security of the company’s data, businesses must embrace new security tools and ensure that they have a robust, workable BYOD policy that addresses the real security concerns.
Jumble is a new email security product that provides an easy to use and secure end-to-end email encryption solution that protects the business’s information while also saving them time and money. As a SaaS product, it works across a range of devices and platforms providing maximum flexibility to the email sender and receiver. To sign up for a 30-day free trial please click HERE or visit www.jumble.io for more information.