According to research firm Frost & Sullivan, only four out of 10 IT decision makers report that their company has a formal BYOD policy in place. Many organizations don’t think they need a BYOD policy or solution because they issue corporate devices, but this reasoning is flawed. Whatever corporate devices won’t permit, most employees will simply do on their personal devices.
> See also: 5 ways to simplify BYOD
The risks of driving employees to use personal devices without oversight cannot be overstated. To get you into the mindset of a typical BYOD user, I’m going to introduce you to Jim Weber, a hypothetical Sr. Sales Manager at Insekyur Corporation (clever, I know). He will help me illustrate the five greatest risks of unmanaged BYOD, and then we can talk about how to address them.
Jim wants to work outside the office
Jim Weber works on commission, so the more he can make calls and lock deals, the more money he can make. He’s gunning for a promotion to VP of Sales, so it’s go time. The only problem is that he commutes 45 minutes to the office, and he has a 6 year old son who plays little league baseball and AYSO soccer. Jim would stay at the office late every night if he could, but then he’d miss the weekly matches on Tuesdays and Thursdays.
He can’t watch the game then drive 45 minutes back to the office, so instead, Jim emails Excel spreadsheets filled with customer information and leads to his gmail account and downloads them to his iPhone. The spreadsheets have names, phone numbers, sales histories, RFPs and notes. After the baseball game, Jim can now work at home.
Sensitive customer information is now on Jim’s device, but IT is unaware. Jim is getting tons of work done, so he tells his colleagues in the sales department what he’s doing, and 10 other employees follow suit.
Excel is a pain in the butt
Excel isn’t cutting it for Jim – it’s just too complicated and slow to use, and Jim wants to make more sales in less time. Plus, he’s sick of constantly emailing and downloading the latest sales spreadsheets and sending them to his phone.
His sales buddies at KlowdCorp have been telling him about Salesforce. So, Jim goes to salesforce.com and sees that he can get his 10 team members on there for $65 per user per month, which is well within their pre-approved budget. He enters a credit card to get started. However, Jim does not want to deal with IT because they always seem to slow things down with security reviews, legal consultations and other approval processes. So Jim tells his team to download the mobile Salesforce app and start loading customer data. Why bother dealing with IT when it’s that simple?
The sales team loves Salesforce, and they’re making a killing. No one in IT knows about it, and the finance department hasn’t blinked at their purchase. It’s called 'Salesforce' and they belong to the sales department – that’s not exactly fishy. Q3 ends with sales up 20% over last year, so Jim organizes a celebration at Blackout Saloon, a rowdy, local bar.
Ok, ‘celebration’ is a bit of an understatement. Jim taxis home, and in the morning, he cannot find his iPhone and can’t remember a good portion of his evening. He calls Blackout Saloon to see if they found an iPhone, and nothing has turned up. Jim did not have a password on his iPhone. Potentially, someone has Jim’s iPhone with full access to Nsekyur Corporation’s rogue deployment of Salesforce, and multiple Excel spreadsheets that Jim never bothered to delete.
It’s unclear who stole the device – it could be a conventional phone robber who plans to wipe the data and sell the device onto the black market, or it could be someone craftier and tech savvier. Jim just changes his Salesforce password and moves on with life. What Jim doesn’t know is that one of his colleagues typed customer credit card information into one of the Excel spreadsheets, planning to erase it after processing the payment. He forgot…
This is one potential outcome in an endless set of BYOD failures that involves downloading sensitive data, using rogue applications, losing devices and using them all without regard to typical policies (e.g. passwords). The variety of risks is infinite, and a serious mess-up is inevitable.
Stopping Ignoring BYOD
So rather than pretending that BYOD isn’t happening, or assuming that all the BYOD activity is harmless, IT has a responsibility to engage employees and support BYOD. By 'engage,' I mean actually talk to their end users, or as they should be called, customers. IT needs to meet with people from every department and determine what they need from mobile devices.
How do they currently use mobile devices? What would they like to be able to do? What devices do they want to use? Your customers have legitimate reasons for using mobile devices, and you can’t win by restricting this activity or offering corporate devices. You have to support BYOD. Jim felt that his IT department would be too slow or unhelpful if he approached them about Salesforce. But what if IT had approached Jim and discovered that he wanted a way to work from home so he could continue to see his son play baseball and soccer? That conversation could have nipped the entire data leak in the bud.
You can protect corporate data without becoming Big Brother. I shouldn’t even have to say this, but employees don’t like it when their employers have the ability to wipe and lock their devices, snoop on communications, blacklist applications or geo-fence their activities. There are wide variety of BYOD solutions, so find one that balances employee privacy and personal rights with the security needs of your organisation.
I find it ironic that every company wants to make their website and services mobile, yet so few support mobility for their own workers. Newsflash: if your customers want mobile solutions, so do your employees. Your people are already using unauthorized mobile devices for work, and like Jim, they have legitimate reasons and good intentions. Support their aspirations.
Sourced from Sarah Lahav, CEO of SysAid
Manchester hospital develops BYOD initiative
Pennine Acute Hospitals NHS Trust, which serves the northeast of Greater Manchester, has taken further steps in its bring-your-own-device (BYOD) initiative.
The Trust said it intends to drastically reduce application-request wait times and increase user satisfaction by implementing App Portal by Flexera Software as a front-end, self-service enterprise app store.
The store will be supported by AdminStudio to streamline Windows XP-to-Windows 7 and .MSI-to-Microsoft App-V conversions, application testing, remediation, packaging, and hand-off to populate the application catalog.
The hospital had been facing challenges as its 10,000 system users experienced slow and inconsistent manual support for application requests and installations.
Its vision was to empower users to request, obtain and consume applications without needing IT services, and make those applications available to users on their device of choice.
Furthermore, it had to deliver this functionality while streamlining the hospital’s migration from Windows XP to Windows 7, and converting .MSI’s to Microsoft App-V format for its virtualisation initiative.
“We look at this from a holistic perspective – data centre to end-user device,” said Jason Birchall, IM&T project manager and enterprise architect at the Trust. “Making apps available to our clinicians in a reliable way in a short timeframe is an essential part of this project.
“It must go right the first time. The best way to make this happen is to go to a provider that does it all. This is what Flexera Software does.”
The hospital’s main priority was to empower its clinical professionals to request, obtain and consume business applications and services quickly and reliably, in an environment that’s easy and intuitive.
“We needed to prepare, package and make applications available in our app store quickly using a strategic, integrated solution,” said the Trust’s associate director for IM&T, Christine Walters.