BYOD is no longer just a buzz word, it’s now a bonafide IT policy and to a growing extent, an employee expectation. David Goldschlag, SVP of Strategy from Pulse Secure explores the challenges and advantages of BYOD and outlines the many areas businesses need to address in developing and deploying a successful BYOD strategy.
The concept of BYOD is less than a decade old but it’s already outlived its adolescent buzz and is now a trend that has matured into a market worth billions. A recent study carried out by MarketsandMakets revealed that the BYOD market is increasing at an annual compound rate of more than 25% a year. This puts the enterprise mobility market at $266.17 billion in 2019.
The advantages and challenges of BYOD go hand-in-hand
Deployed successfully, the advantages of BYOD include increased productivity, lower costs and overall employee satisfaction. For organisations with remote workforces especially, having employees being able to log in and access information easily with mobile devices means less frustration for the employee and ultimately more productivity. The same is true of onsite employees when they bring their own mobile devices and also for guests or partners who attend meetings.
But the enterprise also needs to ensure that the devices, apps and information being used is secure. That’s the balance that needs to be struck for a successful BYOD strategy. Putting in place a policy that’s too restrictive in terms of devices and apps supported or technology that’s difficult to use, is unlikely to get buy-in from employees.
Gartner estimates that by 2016, 20 percent of enterprise BYOD programs will fail due to enterprise deployment of mobile device management measures being too restrictive. On the flip side, a data breach because of poor security could cost European companies up to 5% of their annual turnover in fines with the new EU data protection regulation on the way.
So how can businesses reap the advantages and avoid the pitfalls of BYOD?
Considerations for a successful BYOD strategy
- Devices
The first thing to think about is what devices to support because supporting mobile devices is very different to supporting desktops. In the desktop world, Microsoft Windows has over 90% market share with an updated software version released about every 3 years. For an IT department used to operating on this basis, a mobile market split roughly as 50% Google Android, 40% Apple and 10 percent other including Microsoft, Blackberry and other smaller niche players each with new versions of software released every few months, BYOD programmes represent a huge challenge. Employees will have favourite brands which they’ll want to use, but you have to be realistic about what the IT department’s resource can realistically support and make a balanced decision about which devices you’ll support.
- Apps
There’s no doubt that organisations are benefiting from giving employees access to mobile applications such as email, browser, collaboration tools, document management and remote desktop access but some applications come with a risk. In the 2015 Data Breach Investigations Report by Verizon, researchers from FireEye analysed more than seven million mobile apps to find that 96% of mobile malware was targeted at the Android platform. They also found that more than 5 billion downloaded Android apps are vulnerable to remote attacks.
With a marketplace saturated with not only mobile devices but also with a slew of apps, it is imperative that your strategy addresses the risks that each of these individual factors presents to your IT infrastructure.
- Access
Implementing a robust SSL VPN and Network Access Control (NAC) solution is a must for organisations adopting BYOD to protect the enterprise network. Role-based, application level security policy enforcement will allow enterprises to manage and monitor mobile device sessions on-premises network as well as over secure VPN.
Your BYOD policy also needs to extend to guests, visitors and business partners that your employees need to collaborate with. A NAC solution that offers granular control over guest network access will allow your employees to share data without compromising your network.
- Usability
One of the main reasons why many BYOD and remote access programs fail is because they’re simply too complex. The first priority in terms of usability should be the successful and efficient on-boarding of users – if connectivity is too complex, productivity will suffer. A NAC solution that offers automated configuration and a unified desktop client that can help to streamline the overall user experience will help with both on-boarding and connectivity.
- Security
Across countless surveys the number one perceived inhibitor to widespread BYOD adoption is security, followed closely by compliance issues. This is not an ungrounded fear as the use of enterprise apps on employee-owned mobile devices may lead to new data leakage and connectivity issues. To that end, any device accessing your corporate network should be viewed as a potential risk.
Security also covers the issue of loss of devices which, more often than not, means a loss of data. In the 2015 Data Breach Investigations Report by Verizon, the forecasted average loss for a breach of 1,000 records is between $52,000 and $87,000. As already mentioned, the new EU data protection regulation on the way could mean huge fines in Europe for data losses.
Although all the major device manufacturers now include optional encryption across smartphone and tablet devices, there is still uncertainty over managing BYOD and while EMM (see below) plays a part in supporting security, so too does the right company culture.
- The actual policy and EMM
A BYOD policy is comprised of several aspects. The first is compliance with any industry requirements such as regulatory issues within healthcare, financial services and public sector. The policy also needs to give employees access to underlying application and business processes they need. Lastly, any policy needs to be backed up by enforcement and management tools – this is where Enterprise Mobility Management (EMM) comes in.
EMM can help define what can be enforced within a BYOD policy and help create processes for dealing with issues such as when devices are lost, stolen or misused or indeed when an employee leaves. Some EMM solutions use container security that fully separates enterprise and employee data, apps, communications and networking, giving IT complete governance over corporate information on an end users BYOD workspace while not infringing on their personal privacy which is helpful to both employee and enterprise throughout the employee’s time with the company and upon completion.
- Culture
Considering over half of security breaches are the result of human error, a successful BYOD transition requires enterprises to evangelise the benefits and promote its use to deliver the promised advantages of increased productivity and employee satisfaction but this is also about educating users about the impact of data losses and developing a culture of responsibility for mobile devices and the data they house.
- The future
The last consideration is flexibility. With the BYOD concept less than a decade old, it is critical that anybody heading down this path consider technologies that are relatively open and able to support the widest ecosystem of applications possible both now and in years to come.
BYOD is complex but enterprises who avoid taking ownership of it not only won’t benefit from the advantages but could also be introducing further risk by turning a blind eye to unofficial BYOD practices that can open up the network to serious security threats. A BYOD policy is becoming a must for most enterprises.
About the author
David is senior vice president of strategy at Pulse Secure. Previously, he was co-founder and CEO of MobileSpaces, which Pulse Secure acquired in October 2014, where he was responsible for defining the company’s vision and strategy. David brings more than 20 years of experience within the mobility, security and enterprise SaaS industries. Prior to MobileSpaces, David was the vice president of Mobile at McAfee. Before McAfee, David was the president and CTO at Trust Digital, a provider of enterprise mobility management software for government organisations and Global 2000 companies.
