Bring your own device (BYOD) is not a technology buzzword. Nor is it a passing fad. BYOD is a corporate reality that is already affecting – to one extent or another – virtually every business operating in Europe today.
In some ways BYOD is inevitable, with businesses having little choice but to adapt to it. Just as the consumerisation of motor vehicles killed off the company car, so too will consumer smartphones, tablets and laptops eventually end the corporate mandating of employee devices.
But BYOD is not simply an inconvenience that needs to be lived with: it is also a huge opportunity. Those businesses that embrace the trend and work to enable it within their organisations enjoy a wide range of tangible benefits, including productivity and cost gains.
HR, for instance, can attract innovative employees that value being able to work in ways that suit them and with devices of their choice. Managers, on the other hand, benefit from employees’ ability to work just as effectively when out of the office, while the CFO enjoys the cost savings associated with not having to stock devices such as laptops and phones.
BYOD can offer significant savings on procurement and network costs, adding real value to the business. It can, for example, put the development of mobile applications ‘into the black’, meaning it will pay for itself in reduced costs.
Barriers to adoption
Despite this impressive litany of benefits however, the latest research from Oracle suggests that few businesses in Europe have fully warmed to BYOD, with 44% of businesses stating that they dislike BYOD and only allow it in exceptional circumstances.
A further 22% have a complete ban on data or information residing on a BYOD device and – perhaps most worrying – 20% have no rules in place at all.
Fortunately, the research from Oracle also provides some clues as to why, given the benefits of BYOD to businesses, many still seem so reluctant.
Firstly, there seems to be confusion around what actually constitutes BYOD, with half of organisations not managing smartphones as a part of it. There also seems to be big concerns around the security of BYOD. Device security (45%), application security (53%) and data security (63%) were all listed as areas of concern.
Anecdotally this is something that we have seen come up time and again, and it is not just the security of the data that businesses are worried about; there are legal ramifications too.
The main issue arises over ownership. If an employee owns a device, what legal rights does the employer have over the data on said device? What right do they have to mandate that employees lock their devices with appropriately secure passwords? If the device is lost, what right does the employer have to remotely delete the data on the device – data which includes the personal data of the phone/tablet owner?
Some businesses have already tried to get around these issues through something known as COPE (corporate-owned, personally enabled), which has emerged as an offshoot of BYOD.
With COPE, employees can select the devices and applications they use for work purposes only, in collaboration with the IT department. This allows IT to effectively manage and secure devices. COPE is a halfway house between the traditional IT-driven procurement model and the free and open BYOD model.
The awareness gap
With both COPE and BYOD the central issue of security does still need to be addressed. This issue is not a technological or process one – it is an educational one. The main thing hindering further adoption of BYOD across Europe is a lack of awareness of what exactly it is (i.e. BYOD includes both tablets AND smartphones) and what can be done to secure it. Fortunately the technology already exists to cost-effectively deliver secure BYOD.
Containerisation, or sandboxing as it is sometimes referred to, illustrates this point perfectly. In our survey the majority (37%) of the IT professionals we asked had never even heard of containerisation, let alone deployed it (only 8% reported that they have deployed containerisation).
Yet containerisation is exactly the security approach they are crying out for.
It works by separating personal and work-related data and applications in much the same way as a virtualised server separates compute resources. This means that the IT department can effectively ‘own’ the work portion of the phone – putting in place what device and application management policies they wish to without in any way affecting personal data and applications. It provides businesses with all of the benefits of BYOD or COPE, without them having to relinquish any control.
In terms of security for BYOD, containerisation currently cannot be beaten. The most advanced containerisation solutions on the market today not only extend a security blanket around corporate applications but are capable of updating every minute, ensuring that the device’s security policies are always current.
The approach also overcomes the usability issues associated with VPNs. While VPNs have their uses in securing remote sessions – for example, they are not truly mobile – every time a wireless session is handed over to a new network the VPN needs to be re-established, requiring usernames and passwords to be re-entered.
With the best containerisation solutions, on the other hand, the security blankets remain unbroken between network handovers – but it is worth checking the market to ensure you get a solution capable of delivering this capability.
Containerisation provides a clear example of where a lack of awareness is holding businesses back. They should stop thinking of BYOD as a security threat that must begrudgingly be mitigated and to look at it instead as an important part of their organisation’s technology infrastructure.
The key is to closely integrate security technologies such as containerisation, end-to-end encryption and device and application management with identity management and take an application-centric approach to security.
By so doing, employees are freed to choose the best device for the job according to their own specific needs at any given time. Those businesses that can adapt to this new way of thinking will quickly enjoy a powerful competitive advantage.
Sourced from Alan Hartwell, VP security and identity solutions EMEA, Oracle