In recent years IT managers have worked hard to protect their networks from threats posed by unsecured employee devices. However, the rise of the smart device has reversed this trend, with an increasing number of companies implementing bring your own device (BYOD) schemes.
Technology has evolved, resulting in a new generation of employees who have grown up with the use of internet-enabled devices. The tech-savvy Generation Y expects their devices to switch seamlessly between Facebook and emails, from work schedules to Twitter. As a result, the personal device has begun moving into the workplace, as was demonstrated by Aberdeen Group (via ZDNet) whose research revealed that ‘bring your own device’ policies have been implemented in as many as 75 per cent of enterprises.
It’s known that the use of wireless is now all but mandatory, yet, as more employees use their personal devices to log into company networks, it is increasingly important that organisations move to resolve issues quickly. Chief executives need to ask themselves; how does their network currently operate? Can it incorporate multiple devices across varying platforms? What’s the most effective way to regulate employee use?
Connecting external devices to the network undoubtedly raises a number of security issues, and often results in companies needing to review their internal structures. This question of security brings forth the issue of the 1992 Data Protection Act whereby, if an employee steals data they, and their employers can face prosecution. One such example is the T-Mobile employees, fined thousands of pounds for sharing the personal data of customers with rival companies.
As the move gathers pace, IT directors will have to find the balance between access and control, accommodating BYOD into their overall strategy. The knowledge that companies misjudging this are likely to suffer as a result creates added pressure. Understandably, creating this equilibrium requires time and effort, and presents a genuine problem for IT departments.
See also: Should people really trust their ‘trusted’ devices? – There is a false sense of security around mobile devices, and businesses need to rethink the ‘trusted’ device security model
Extra pressure is created by the increasingly expensive consequences of data loss. The Information Commissioner’s Office (ICO) can issue fines of up to £500,000 to companies that break data protection, though this seems minor when compared to the public relations disaster that might accompany the loss of highly sensitive business or customer information.
With this in mind, the next question is how to secure data from employees, or anyone else that might take advantage. In addition, what’s the best way to manage incidents where devices containing data are lost or stolen? One method is to employ encryption software, whereby algorithms scramble data, making it appear nonsensical. Alternatively data can be stored/backed up on a cloud network so if it needs to be wiped from a device, it can later be retrieved with ease.
Questions such as how to accommodate and regulate the numerous apps that employees want to install are equally important. Skype is an excellent example; it’s a popular application, particularly with Generation Y, international students and recent graduates. However they are unlikely to know that the reason it is effective is that it punches through firewalls and security systems to make its connections.
Facebook and Twitter, conversely, are less threatening. Then again, one of the key benefits of BYOD is that employees can make the most of integrated apps, running PowerPoint presentations off their iPads and responding to work emails, from anywhere, at any time.
The adoption of BYOD can blur the link between work and home life and, as a result, organisations must be more alert than ever about those accessing their networks. For many companies, data is the most valuable asset. IT directors need to keep up to date with the inevitable generation of network solutions being fashioned so as to protect this important resource.