In just two years since the BYOD trend has taken off, the response from business and IT has shifted dramatically. In early 2012, most organizations were wary if not downright resistant to the idea of employee-owned devices in the workplace, viewing them as an annoyance at best and a major security risk at worst.
Now, a mere 24 months later, not only do 82% of companies permit the use of personal devices at the office, but “many firms around the world are mandating that employees bring their own products into the office to accomplish their work” according to CIO Insight.
In parallel with the embrace of BYOD, enterprises are also sanctioning much greater use of cloud-based services and applications. Per the recent survey of IT leaders cited by CIO Insight:
- 84% of companies have employed cloud-based applications in their offices.
- 63% of enterprises actually require IT decision-makers to evaluate web-based apps before selecting software.
- This despite the fact that more than 40% of firms say they “can’t effectively manage identities and access management via the cloud.” (!)
The appeal of BYOD to companies is obvious: saving money. With BYOD, a business has no hardware costs; generally lower airtime costs (because these are often split with users); lower training costs (users know their own devices); and support costs generally no higher than before BYOD (thanks to improved cross-device support tools). It can also increase worker productivity.
But despite the significant progress that’s been made in addressing the causes of early business and IT apprehension, considerable security concerns remain. According to this study:
- Just 40% of companies have a process for removing mission-critical data from an employee device after a firing or resignation.
- More than half of companies have detected fired employees attempting to access company data or applications.
- Only 54% of firms believe they can effectively revoke access to their entire IT infrastructure after an employee leaves.
- 57% of companies say (employee- or company-owned) devices, containing sensitive information, have been lost.
- More than eight in 10 companies believe employees are sharing passwords for cloud and corporate applications that contain sensitive data.
- Consequently–over half of enterprises believe it is “just a matter of time” before another security breach happens.
Yikes! So what can companies do?
While security vulnerabilities are nearly impossible to eradicate completely, there are a number of steps companies can take today to reduce their exposure. These half-dozen recommendations are a start:
- Make employees aware of security threats, and provide training on topics like how to create strong passwords, keep personal information separate from corporate data, and avoid device theft or loss.
- Establish a proactive BYOD policy, and implement enterprise request management (ERM) to simplify device registration and remote installation of required software using third-party tools (as well as managing cloud computing resources).
- Implement a remote wipe solution to disable the device or erase sensitive data in the event of device theft or loss.
- Install software that creates separate partitions or data containers on employee devices, so that in the event of a firing or resignation, company data be remotely wiped from the device without deleting the ex-employees personal contacts, photos, text messages, etc.
- Utilize an enterprise-grade cloud backup system so that data can be quickly recovered in the event of device loss or theft, or an employee leaving the company.
- Use two-factor or three-factor authentication to help prevent employees from sharing passwords or device thieves from gaining access to corporate networks and data.
Despite the security risks posed by cloud computing and BYOD, there’s no turning back. The convenience, cost savings and productivity gains are too significant for enterprises to reverse course now, even if employees acquiesced to that (which except in rare cases, they won’t). Instead, employers need to keep abreast of new technologies and practices which will enable them to realize the benefits of BYOD and cloud computing, while progressively reducing associated security threats and compliance risks.
For more information:
– See how Kinetic Data products can help with BYOD management, security and compliance.
– Download the white paper, Enterprise Request Management: An Overview.
– Join the discussion in the Enterprise Request Management group on LinkedIn.