BYOD: Reaping the rewards while staying secure
ALAN YOUNG of ANCILE Solutions shares how to implement BYOD programs to increase efficiency without jeopardising privacy.
The role of the facilities manager has come a long way since the 1980s when facilities management was first recognised as an official discipline. Responsibilities have increased, duties have expanded and the scope has broadened, with facilities management now encompassing the smooth operation of all aspects of a building, including space, infrastructure, people and organisation. There is now open talk of overlap between facilities management and the HR (human resources) and IT (information technology) disciplines as we adapt to the changing world of work.
Bring your own device (BYOD) programs are a good example of one such area of overlap. With Gartner predicting, “By 2017 half of all employers will require employees to supply their own devices for work purposes”1, facilities managers should be considering the role they will have to play in assessing the demands BYOD programs make on infrastructure and technology, as well as in managing the security and monitoring the risks.
So, what exactly are BYOD programs? BYOD, in its simplest form, essentially means allowing employees to use their own devices for work purposes. However, BYOD goes beyond just allowing staff to check emails on personal mobiles, tablets or PCs. It also means allowing employees to use these devices to execute enterprise applications, such as timesheets and site check-in/check-out, and to access data. BYOD programs are changing how and where workers do their jobs and how companies prioritise workspaces.
Much has been made of the business benefits of BYOD, such as improved organisational efficiency and increased employee satisfaction. Allowing employees to use their own devices (people often have more sophisticated personal devices than the ones given to them by their employer) is said to lead to productivity gains, as people will work faster and more often with devices they like, know and understand.
There are also clear cost benefits. Although today a lot of BYOD programs still provide a partial reimbursement for costs, this will become less and less common. Gartner believes, “As the number of workers using mobile devices expands, those who receive no subsidy whatsoever will grow.”1 The employee owns the device, so the company will only need to determine whether or not it wants to cover usage costs.
Rolling out applications throughout the workforce also presents great new opportunities. Providing workers with access to training materials or documents – whether in the office or on the go – leads to efficiencies. It allows companies to distribute ‘just-in-time’ learning or information snippets that are both targeted and tracked. In a profession that is constantly expanding its remit and demanding updating of skills and knowledge, facilities managers themselves can benefit from the mobile learning opportunities that BYOD offers.
At ANCILE, we are seeing an increasing number of our customers take on this type of enablement and, as BYOD gains momentum, expect this trend to continue. So, if the business case for BYOD is so strong, why are many organisations so apprehensive?
The primary concerns for IT managers and facilities managers are around data privacy and security issues. The rise of mobile malware and increased risk of potential data leakage, device loss and the lack of control over what applications employees can download on their personal devices are all major concerns.
Problems arise with the adoption of different devices, the inability to properly secure certain models, the need to track vulnerabilities and stay current with constant updates. What happens when an employee’s device becomes compromised? What should you do when an individual moves on from a company? ‘Remote wipe’ is usually a fundamental feature in a mobile security policy, but this is not an option with personal devices.
The following are several tips that can help facilities managers overcome common BYOD hurdles:
1. Get the organisation aligned
A well-drafted, comprehensive and precise policy that clearly states the employee’s and the employer’s rights, drawing the line between personal and business use, is a very good place to start.
It is crucial for both the employer and employee to know the ground rules from the outset. Any policy should include the right for a company to monitor, access, review and disclose company or other data on a mobile device, and the employee’s expectation of privacy in relation to that device.
A BYOD policy should also include what happens when an employee leaves the company, as he or she will not return the device as would traditionally happen. What is the definition of business content? Business applications? What are you legitimately allowed to delete from the device?
Having a BYOD policy in place will ensure that when an incident does happen, there is a set of policies and procedures in place that all parties are aware of and have agreed to. That way, for example, an employee won’t be shocked when he or she is asked to hand over their device for a partial ‘wipe’ before leaving the company.
2. Enforce a security baseline
An essential security starting point should be stipulated in the policy to overcome the issue of devices with inadequate security. The baseline should require the basics such as, for example, enhanced password controls and lock timeout period enforcement.
3. Manage the mobile software
Using mobile device management (MDM) software is another way to minimise the risk of data leakage and exploiting of vulnerabilities. Asking employees to accept an MDM agent on their devices, and possibly a URL filtering tool, before obtaining access to enterprise information will go a long way towards avoiding potential issues.
4. Be sure employees are aware
Above all, the fundamental thing to remember is that that there is no use having a BYOD policy if nobody knows about it. Whether it’s the IT manager, HR manager or the facilities manager, someone needs to take employees through the policy and make sure they fully understand it.
BYOD is here to stay and, with the right policy in place, the multiple benefits of increased productivity, cost savings and improved access to training far outweigh the risks.
1. Gartner press release ‘Gartner Predicts by 2017 Half of Employers will Require Employees to Supply Their Own Device for Work Purposes’, 1 May 2013
Alan Young is the chief technology officer at ANCILE Solutions. He has more than 20 years of experience with enterprise business applications and infrastructure management companies, and is responsible for all aspects of ANCILE’s technology strategy – including technology roadmap definition, product portfolio strategy and deliverables – new product research, and providing technology vision to the analyst, partner and customer communities.