Are workers getting away with more on personal devices?

By Steve Hammond, President of Fiberlink International.

  • Monday, 10th February 2014 Posted 10 years ago in by Phil Alsop

Mobile devices have disrupted the corporate landscape, with or without the control of IT departments. Employees are using their personal devices to complete multiple work tasks, from checking e-mail and tapping into the corporate network, to editing documents on the go and using hosted apps. While the desktop may not be dead, it’s no longer the means by which most employees are accessing digital content. Research firm Juniper Research recently predicted that the number of employee owned smartphones and tablets in the enterprise will exceed one billion by 2018 as the growing trend of BYOD (Bring Your Own Device) redefines business connectivity.

The benefits of BYOD are clear for businesses, such as improving productivity, increasing employee satisfaction and reducing company costs, and as devices become more and more essential to our daily lives, the demand for flexibility is only set to increase. However, by implementing the new BYOD trend, a company can potentially compromise data security. The potential threat for financial loss, legal liability and brand damage from unprotected devices is one of the most underestimated risks facing enterprises, and a single policy or measure carried out by IT departments is no longer sufficient while planning future BYOD strategies.

Many IT departments have been forced, by the influx of mobile devices, to roll out some form of BYOD policy and are moving quickly to implement support and management for workers using their personal devices within the corporate infrastructure. According to a global survey of CIOs by Gartner, half of employers may impose a mandatory BYOD policy by 2017, and as BYOD programmes continue to become more commonplace, by 2016, 38 percent of those companies expect to stop providing devices to workers completely.

In light of the changing mobile landscape and digital debate within organisations today, Fiberlink looked at common security policies that businesses are currently implementing on corporate-issued mobile devices, and compared them side-by-side with those that are employee owned. To find the answer, we tapped into the millions of devcies that we manage for businesses across the globe, and examined popular policies - cloud document back-up, allowing YouTube and app blacklisting, for example – to see how they stack up against each other. Here are the results:

• 94 percent of employee owned devices aren’t subject to restrictions on inappropriate content, compared to 75 percent of corporate issued devices.

• 75 percent of employee owned devices aren’t subject to restrictions regarding document backup via the cloud, as opposed to 52 percent of corporate-issued devices.

• Almost half of corporate issued devices are required to have specific apps used for work, in contrast to 27 percent of employee-owned devices.

• 97 percent of employee owned devices allow YouTube videos, compared to 86 percent of corporate-issued devices.

• Only 4 percent of employee owned devices have required app restrictions (or blacklisting), compared to 22 percent of corporate-issued devices.

These policies suggest that businesses have become a lot more lenient on BYOD. However, BYOD requires a delicate balance between business data security and personal data, and IT departments should move cautiously when evaluating potential secure workspace technologies. Businesses need to mitigate the challenges and the risks of managing a multi-platform environment if they want to protect against potential security risks.

Mobile device management (MDM) software helps IT departments handle BYOD by controlling access to data and applications for a wide range of devices. IT managers should understand the notion of protecting sensitive corporate data without limiting usability for employees by deploying tiered or layered mobile security to address varied end user needs and IT security requirements. With containerisation, sensitive business information is kept in a trusted workplace on the device.

With MDM, corporate email, applications, and documents can be separated from everything else and employees can be free to use personal device functionality and data without risking enterprise data. For businesses that need stringent security policy and compliance controls, this can be especially helpful in making the BYOD experience more palatable for users. Containerisation and smart enterprise mobile management (EMM) solutions are the future of security in the BYOD era and simple passcodes can be an indication that the enterprise is welcoming this balance between security for security’s sake and solutions that are easy for users to live with.

Another way for IT managers to mitigate risk for both the company and its employees is to create a blacklist of apps that defines which apps are not safe for work use. As a result of using recreational apps such as Google Play, often used by employees to watch movies, the bandwidth is limited and it slows the performance of business critical apps. These apps are often times not designed for enterprise use and, more critically, don’t have enterprise level security. Even when employees have the intention of using apps such as Facebook for business purposes, the security credentials are often an afterthought. IT managers cannot afford to assume that all employees will have company security in mind at all times.

Furthermore, it is highly likely that the number of apps entering the enterprise, both recreational and for business will keep accelerating. In order to be best prepared, many IT managers are exploring the use of mobile application management to deliver an easy-to-use enterprise app catalogue for employees, with full security and operational lifecycle management across mobile device platforms.

Organisations taking a proactive approach towards securing employee devices will continue to have access to the best technology options to win the long-term battle to contain corporate data and reduce risks, without restricting employee productivity. With policies in place to control the movement of data, they can restrict sharing by users, the forwarding of attachments, copying and pasting and devices that are lost, stolen or compromised can be selectively set to remove corporate data. Through a seamless dual persona style approach, businesses can put controls in place to manage data without affecting the overall usability of the device.