Where, how and when employees work is changing at an unprecedented rate. Only a short time ago IT had almost total control over all the technology used within a company. Everything, from what access employees have, to files, to what applications they used, what hardware and even where they worked has been dictated by the limitations of IT. The high cost of IT limited access, and the relative inexperience of the workforce meant employees had to go through corporate IT in order to use virtually any form of technology.
With increased consumer access to technology, and in particular mobile devices, the BYOD trend has risen up the CIO agenda in recent years. Whilst BYOD certainly brings benefits to the organisation in the form of reduced procurement costs and increased employee flexibility, it opens up a wealth of challenges to the company.
In particular, there are complications regarding what data should be allowed to sit on these devices and how an organisation should approach BYOD securely to reap the benefits. What was once a corporate policy of, “No” has changed to an expectation of, “Yes”. The “Yes” leaves the organisation, as well as the CIO, at an exposed risk.
Fundamentally, a CIO may ask whether BYOD should be permitted in the first place due to the potential difficulties and exposure it could bring. While the answer is partially dependent on the industry the CIO works in, if a company looks at ways to enable BYOD they will in fact reduce the uncertainty surrounding the problem.
If a company doesn’t provide a reasonable and effective means of remotely managing data, even on personal devices, employees will carry on with their existing habits, presenting a potential security threat to the business. What is key, however, is that companies have a strategy for enabling access through personal devices, which may be more restricted in nature than on company-owned equipment, but which still provides reasonable access to employees.
Prepare for the next device now
Companies need to begin putting together a plan for making applications, files and network access commensurate with company-owned devices (including desktops, laptops, tablets and smartphones). While the devices themselves will likely limit the utility of this access in the near term, the workforce will evolve rapidly to leverage these devices to their maximum utility. This means companies must stay ahead of the curve or risk employees “finding their own way”, putting the company at considerably higher risk.
What often scares CIOs is that BYOD allows for corporate data to be accessed remotely, potentially exposing it. In an era where compliance is such a high priority pursued with vigor by bodies like the Financial Services Authority and Information Commisioner’s Office, CIOs increasingly have to consider the implications for compliance of any technology deployment. Fundamentally, the difficulty for CIOs when it comes to BYOD is that they must mitigate risk as far as possible. There are compliance, legal, reputational and IP risks to consider, all of which have serious implications for a business.
However, what the CIO must do as far as possible is utilise a solution that will mitigate the risk of losing corporate data on devices in order to reap the wider workforce productivity. Giving employees access to information that they need in the most convenient way possible frees them to be more productive and in more ways. Also, if an employee normally has access to some form of data, they’re likely going to find a way to get it on their own remote devices whether or not they’re granted permission.
The truth is that it really isn’t a choice for the enterprise. If an employee routinely has access to data on their laptop/desktop, they’re going to get corporate data onto their personal devices one way or another – and for good reasons as it ultimately increases productivity. The real question for the enterprise is not “if”, but “how” to best balance productivity with sensible data security policies, and for highly-regulated industries, understanding the compliance and reporting implications.