Skip to main content

BYOD cannot be stopped: Protecting your data in a mobile world

The explosive growth in the unregulated use of personal devices in the workplace is generating what many believe is an unstoppable momentum that will force organisations to develop a mobile experience that embraces data across any and every device. That's certainly the view of market research company Gartner, which predicts as many as 50 per cent of employers will require workers to use their own devices for work by 2017.

While the bring your own device (BYOD) phenomenon promises to boost employee productivity and collaboration, it also brings significant security issues that need to be addressed. The use of personal devices in businesses is an ad hoc development, rather than an official strategy fuelled by the desire of employees to use their chosen device with the most effective apps they can find to make their jobs easier.

Sadly, this does not always match the business and security requirements of their employers, especially if employees store company sensitive data on their personal devices.

Employers have a responsibility

The responsibility rests with employers to ensure that the BYOD surge becomes a policy with an accompanying set of best practices that employees need to be educated about and adhere to. Right now, the indications are that few are shouldering that responsibility. The Acronis 2013 data protection trends research conducted by the Ponemon Institute reported that the majority of companies do not have security policies in place for personal devices. The 2013 survey also revealed that 77 per cent of employees worldwide have received no education concerning the risks associated with BYOD.

Those findings suggest that employers are going to have make a big effort if they hope to have the proper environment in place for BYOD to flourish while maintaining enterprise security standards. In the meantime, they also need to get to grips with the rise of personal device use, which is already happening within their organisations. The reality is that more and more employees are using personal devices, such as smartphones and tablets, in their work environment.

The tide cannot be turned

Some businesses are seeking to stem the tide by imposing a blanket ban on workers using their own devices to access the company network. For those in areas where regulatory considerations are significant, such as finance or healthcare, this is an attractive option. But while this approach might work in the short term, it's not a viable solution. There are security concerns, for example, arising from employees choosing to ignore company regulations and using unauthorised solutions from third parties with their personal devices. Restricting personal device use could also drive employees away, especially in the light of recent research from VMware, which found that 39 per cent of employees would consider leaving their organisation if they weren't allowed to use their mobile devices for work.

The onus, therefore, is on organisations to take steps to get to grips with BYOD by working to incorporate personal devices into their networks in a way that does not compromise existing security standards. Only then will they be able to give employees the improved productivity they seek while ensuring company data is protected.

Protecting data means that a security policy needs to be delivered consistently and universally across the organisation to ensure a safer BYOD strategy. Security practices need to apply equally to all. Too often, businesses take grave risks by allowing exceptions for high-level executives, even though those individuals have access to the firm's most sensitive information. In a BYOD environment, those risks are only likely to exacerbated.

BYOD and beyond

The growing use of personal devices and the BYOD phenomenon are closely linked to a number of related issues. Perhaps the most visible of these is the proliferation of Apple devices with incredible success, particularly the iPhone and iPad. Macs are also enjoying something of a resurgence compared to the overall PC market. According to the 2013 data protection trends research, three-quarters of companies surveyed either already have Apple products in their operation or are planning to roll them out. The popularity of Apple devices is effectively prompting organisations to recognise that data needs to be platform-agnostic. To achieve this goal, they need to have the systems and security in place to enable employees to access data from a device of their choosing.

The flip side of BYOD is take your own device (TYOD), where employees take their personal devices with them when they leave the organisation. Given the risk that these devices may still have company data stored on them when the employee departs, employers need to ensure they have the capability to remotely wipe files from personal devices should the occasion arise. At present, few of them do. The 2013 data protection trends research found that only a fifth of IT teams are taking measures to protect sensitive data.

On the subject of sensitive data, companies also need to be aware of the pitfalls they face if employees turn to public cloud options such as Dropbox to store or access company files for convenience's sake. Public cloud storage apps are unlikely to meet the security requirements that most companies demand for their data. Unmanaged use of public cloud storage apps makes it hard for companies to monitor where their sensitive data is being held, to have visibility of it or to control how it is stored and when it should be deleted. How can they ensure that data held by an employee in Dropbox has been erased when that employee leaves the company?

As with most technological advancements, once the use of personal devices within workplaces achieves a critical mass, it will be harder for employers to impose their desired level of control upon BYOD without being swept aside. Far better that they take steps now to ensure they have the security, access and management policies and strategies in place to accommodate BYOD when it becomes established and adopted into the mainstream.

Anders Lofgren is the director of mobility solutions at Acronis.