Analysis: Bring Your Own Device

PCR looks at the Bring Your Own Device sector and asks some security specialists for their take on the trend
Author:
Publish date:
1-byod-people-web.jpg

The mobile device sector has truly changed the way business gets done across every industry. And by far the most important change has been the practice of bringing your own device into work.

From humble origins as an unofficial and occasionally illicit activity, the practice has become so widespread that it has earned its very own acronym – BYOD.

This practice is expected to continue – ABI Research predicts that 1.2 billion smart phones and 7.4 billion Wireless N enabled devices will enter the market by 2015. And on top of this, there is a slew of enterprise focused mobile devices expected to hit the market over the course of this year, with enterprise tablet adoption in particular expected to grow by almost 50 per cent year-on-year.

“Overall, I believe that people will increasingly bring their own devices to work in the future, and I’d also add people taking home work devices,” comments Alex Balan, head of product management at Bullguard. “I believe it’s a growing trend and I’m happy to see that companies are starting to develop their own policies around it. The desktop era is almost gone, especially in business.”

Although slow to recognise the shift, employers are increasingly recognising the importance of the BYOD trend – the proportion of organisations that allow the practice has grown by 70 per cent year-on-year.

“It’s really a sign that we’re working in a changing world. People have these great consumer devices, they want to use them for work just because they have great features and so there’s pressure on businesses to allow it,” says Symantec’s UK security strategist, Sian John. “And even if you don’t allow it, there’s a good chance that people are going to use them anyway because it’s convenient. It’s not something that’s going to go away.” John’s point is confirmed by a survey from ESET which found that two-thirds of employees were using their own devices regardless of whether or not their employer had implemented a BYOD policy.

Image placeholder title

There are benefits to the trend. Not only can it reduce IT investment costs for the company but it can also improve the productivity of its employees. Juniper Research found that workers who used their own devices were putting in an extra hour of work per week on average, and that 41 per cent of mobile owners use their personal mobile devices for business purposes without expectation of reimbursement.

Most employers would agree that with the right policies in place, BYOD can bring a wide range of benefits to a company. However, the practice also brings in a range of security headaches.

For example, on Android devices an employer cannot block any activity unless it has root access to the device, which is unlikely when it is privately owned.

“The obvious problem is that it’s no longer your device,” explains John. “With corporate devices there’s a great deal of control but when it’s the employee’s own device you don’t necessarily know what they’ve put on it or what kind of controls they’ve got in place. The historic problem for any mobile device, corporate or personal, is the old ‘left in the back of a taxi’. A personal device could be sitting around with a great deal of sensitive information, probably unencrypted.”

Although the great benefits brought by the BYOD trend don’t particularly outweigh the risks that are presented by the practice, a properly implemented security policy can eradicate these risks almost entirely.

“Companies are developing BYOD policies, now they need to develop it further and enforce them,” offers Balan. “It’s a double edged sword. People are more productive with BYOD, there’s no question of that, but my advice would be that those devices must be in a contained environment. You can’t actively block what happens on a device, so you should at least try to monitor the activity with software.”

Image placeholder title

John concurs with a point about blocking activity: “Some businesses started off thinking that they could control the devices themselves, but most employees don’t want blocks and controls on their personal devices.

“Why not look at how you can provide the information and protecting that? You can’t control the device but you can look at ways to protect the information itself and find a way to pull it back or delete it if the device is lost. That’s where a lot of people are looking now.”

However the company chooses to eliminate the risk, the fact remains that the trend has been growing whether or not an employer recognises the fact.

“People can’t really live in denial,” adds John. “It’s going to happen so you’ve got to think what you’re going to do about it. If you don’t find a way to let the users on in a secure fashion, then they want to use their own devices and they’re going to use them any way.”

Related