Balancing Security & Employee Satisfaction in the Mobile Enterprise
Bring your own device, or BYOD, is widespread in today’s modern enterprise.
In fact, approximately 60 percent of employees connect their personal devices to company networks. In doing so, they are prone to storing sensitive corporate and customer information on their devices.
Chief security officers have two options: they either let their firm remain at risk or take advantage of this new trend.
BYOD concern goes beyond security breaches and data thefts. Computer Weekly found that employees who use personal devices are happier with their job because they can better balance work and private life. Enterprises also benefit from cost savings as they reduce spending on hardware.
However, there are more strategic reasons to go BYOD than just cost avoidance. Some positive business outcomes for you to achieve include access to leading-edge technology, building a secure IT environment, higher overall productivity, and better communication and collaboration with clients.
Let’s keep that point in mind as we look at some of the best practices to build your enterprise’s BYOD program:
1) Device Management Strategy
The first step to ensuring the success of your BYOD initiative is to have a well thought-out mobile device management strategy. Consider all the questions relevant to your context such as specific applications, security requirements, user needs, data access, and so on.
A good exercise is then to create a playbook that communicates strategy and tactics, so everyone in the organization is fully aligned right from the beginning. Issues will still arise, but you will have the framework for solving them.
2) BYOD Policies
Not every employee knows the risk associated with using his or her favorite device at work. The first step in restoring your chief security officer’s peace of mind is to educate staff about the do’s and don'ts of BYOD.
The ideal BYOD policies are written, outline rights and duties, and require users to agree to terms and conditions formally. Those policies must recognize the diversity of today’s workplace. Hence, generation X and Y workers have a different concept of data protection compared to Millennials, who grew up in a world of exposed identity and social media.
3) Secure Exchange of Data
A danger of BYOD is that the same devices used in the office accompany your employees on vacation where they are more likely to get lost or stolen.
Public key infrastructures (PKIs) can mitigate risk in that context. At a high level, PKIs assess whether data exchange is secure depending on how trustable users, devices, and networks are. We can consider that an environment is trusted when users authenticate themselves, IT teams actively manage devices, and networks are encrypted
Rules are then defined depending on levels of trust. For example, highly sensitive files may only be accessed by authenticated users, on registered BYOD devices, and when connected to the corporate network. However, identified employees could check their email even on unsecured Wi-Fi networks.
4) Win-Win BYOD
BYOD is a give-and-take negotiation process between your staff and your company. On the one hand, your employees do not want restrictions on their devices. They expect you not to violate their privacy.
On the other hand, your IT teams are responsible for protecting corporate data. They must ensure that BYO devices connecting to the corporate network are not compromised. They also want to prevent the use of dubious apps to reduce risks of data leaking or hacking. Therefore, IT teams should create a collaborative process to test and approve different types of devices and operating systems. Creating this balance does take time and effort, but it shows employees that you want to work with them and value their inputs to the process.
A complete mobility solution can also onboard the hardware of external parties. For instance, imagine that you organize a large exhibition and work with fifty contractors. You may prefer that they bring their own devices and grant them temporary access to corporate applications and data.
In that case, you can now leverage the good work you did setting a win-win BYOD process, and quickly create secure access with your mobile device management tools.
6) Technical Support
Another point to consider in your effort to implement a BYOD program is the quality of support received from the solution provider. Your employees may face technical issues while registering their personal devices.
To avoid discouragement and bypassing, it must be easy for users to raise tickets and get the help they need from a friendly help desk.
BYOD is an opportunity for IT to step up in a strategic way in the eyes of the organization and to develop stronger business relationships with end users.
Your employees’ buy-in is at the core of any successful BYOD program. You must understand how they use their devices in their private life and play a moderating role without taking away the benefits of using personal devices.
BYOD is as much a corporate initiative as it is an end-user resource or an IT activity, due to the potential influence on company culture and security.
Please post a comment about how you make the most out of enterprise mobility. To learn about the financial impacts on the mobile enterprise, read our take on how to stop paying for unused data.