Skip to main content

Can organisations implement BYOD policies and still keep sensitive data secure?

What are the real benefits and pitfalls of BYOD. What are organisations really doing and is there a cost saving associated with allowing staff to use whatever device they like for work? Survey findings and empirical evidence indicate that cost saving claims are questionable but organisations still need to find ways to embrace new consumer technology.

Bring Your Own Device (BYOD) is the ultimate manifestation of the consumerisation of IT with manufacturers encouraging the growth of ecosystems consisting of both devices and apps. People tend to keep such devices with them at all times, using them from any location, meaning that the workforce could become more mobile/agile/flexible, and the company doesn’t have the cost of buying the devices. Or do they?

In order to use a personal laptop, smartphone or tablet in the workplace, security measures must be taken. What happens if one of these devices containing commercially sensitive data, is lost or stolen? Also, home computers with access to the corporate network be contaminated with viruses, Trojan or other malware. According to a Becrypt survey, over half of those that responded are not currently allowing staff to use their own devices, and nearly 10 per cent never intend to! However, those that do allow BYOD cite increased flexibility, greater mobility for the workforce and improved productivity.

In many organisations, users high in the hierarchy are driving the move to BYOD, and enabling these users to do so can be beneficial. However, allowing all staff to use any device introduces a huge support overhead. IT must consider how they will configure and manage devices to be used securely, and if something goes wrong with the device, is the company then liable?

One way around this is to standardise on one platform - 80 per cent of the organisations in the survey are doing just that. They may decide to issue consumer type technology like tablets because they are cheaper than a laptop, lighter and easier to carry. As software vendors start to develop business applications for tablets/smartphones, so staff may be more prepared to accept a trade-off.

Employees may simply have to recognise that not all business tasks can be completed on private equipment. The risks may be too great, for example, accessing confidential or classified information without appropriate security simply can’t be allowed, therefore staff will have to use an officially issued and suitably secure device to do so. There is much work currently going on in the public sector to explore to what extent BYOD policies can be adopted with the main barriers being data security and potential non-compliance with data protection regulations.

In short, using consumer technology for business purposes is not as simple as some would have us believe. However, there is risk in everything we do, connecting to the internet brings risk, but it doesn’t stop us. It is the job of the IT department to understand the business needs, assess the security risks and working with the business, develop a suitable solution. This could be a variation or a more controlled version of BYOD, or could be a core feature of the next generation of business devices and apps.

Dr. Bernard Parsons is the CEO of Becrypt. The company is exhibiting at Infosecurity Europe 2013, the No. 1 industry event in Europe held on 23rd - 25th April 2013 at the prestigious venue of Earl’s Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit