Why Businesses Still Don’t Trust BYOD?

by Sohini Bagchi    Jan 23, 2015

byod

Even though bring your own device (BYOD) is becoming commonplace, helping business in enhancing productivity and growth, security continues to daunt businesses, who are still not confident on BYOD policies.

Security, a concern

Security risks continues to be a problem in BYOD practices, even though CIOs have a mobile policy in place. A new study from Intel and MSI Research for example, reveals that 78 percent of professionals use their personal devices to carry out work-related activities – the number is overwhelming as respondents state BYOD and flexible working can benefit businesses by cutting overheads and ensuring the workforce is always on-call. However, there is a tangible security risk when it comes to confidential data. For example, 35 percent of respondents admitted to using work devices to log onto public Wi-Fi networks, which are often unsecured.

There is also evidence that the onus may be on the employer to tackle potential security issues, as 65 percent of respondents believe that protecting personal data on work devices is the job of company IT departments, and 77 percent are confident or very confident that their employer is doing a good job protecting important data.

“For many people work happens whenever and wherever, with whichever device is handy,” says Raj Samani, EMEA Chief Technology Officer at Intel Security. “However, just by checking work emails on a personal laptop, for example, an employee allows corporate data to wander outside the network, potentially unprotected.

Also another new research commissioned by HP revealed that despite all its goodwill, businesses still don’t trust BYOD policies, with half of respondents concerned that such a policy would compromise their organisation’s security. Of those companies surveyed that have a BYOD policy in place, 20 percent reported at least one security breach in the last year, with two percent of IT decision makers reporting more than five BYOD-related breaches during the same period.

The study, conducted by Redshift Research, asked IT decision makers about various aspects of their current and intended enterprise mobility plans and revealed that BYOD remains a controversial topic for IT departments.

Less than half (43 percent) of IT decision makers are confident that personal devices are properly protected for the corporate environment, with 36 percent saying that they are particularly concerned about the transfer of malware and viruses from these devices into the corporate network.

No BYOD readiness

Studies also show that there is a lack of BYOD readiness among businesses. When looking at the latest attitudes to BYOD, the HP study also examined the uptake of enterprise mobility devices, revealing that under a quarter of IT decision makers (24 percent) believe their company is currently well equipped for mobile working, while a further eight percent believe that their company is not equipped at all.

This is particularly bothersome as the use of mobile devices is expected to increase in the coming years, as the use of tablets and smartphones which, according to the study, are expected to see a 17 percent and 11 percent increase, respectively, by 2020.

The research also highlighted an ongoing reliance on two staple devices namely, desktop and notebook PCs. Although there are now more mobile device options available than ever  before, IT decision makers believe that desktop PCs will remain the dominant hardware for businesses, with almost half of employees (46 percent) expected to still use them by 2020. Similarly, the use of notebooks is expected to be 29 percent in 2020, the same as present levels.

“OS strategies have had to evolve to match the range of new devices on offer for companies with a BYOD policy. Mainstream businesses now readily accept Android and iOS, which was almost unheard of a few years ago,” says James Morrish, chief technologist, printing and personal systems, HP UK & Ireland. He believes going forward, more sophisticated practices in BYOD will come to play, including wearables and IOT related technologies, which require stronger and more refined BYOD practices.

What goes into making a strong BYOD policy?

Experts believe IT department as well as the entire C-suite now have to rethink how they can secure their data and resolve issues quickly as well as provide faster productivity. In this context, he mentions that the primary task of decision makers is to frame the right policy to overcome the challenges associated with BYOD.

On what should be the elements of a strong BYOD policy? Matt Karlyn, a legal practitioner and a BYOD expert states in a recent interview with ComputerWorld, it’s a short document that clearly articulates what the company’s rights are with respect to monitoring, accessing and reviewing all the data stored, processed or used by the particular device. “It goes through the employee’s obligations with respect to keeping the device secure, password requirements and has all the things you’d expect to see in a general IT policy. It talks about what happens if you’re terminated or decide to leave the company,” he states.

Similarly, experts believe that employees should be the central focus of the policy, as BYOD is a highly people-centric movement. As David Johnson, an associate in Pillsbury’s Global Sourcing group points out in his blog that corporate BYOD policies must take employee control and security interests into account. A policy should not be patently unfair to employees, and employers should provide clear notice and obtain employee consent before implementing BYOD policies that impact an employee’s privacy.

Samani also believes enterprises need clearly defined policies on bring your own devices, outlining which applications and websites are permitted as well as providing advice on where not to access corporate data. “By doing so, companies can reap the rewards of enhanced productivity and collaboration as well as protecting the company,” he states.