We have witnessed the ever-increasing popularity of Bring Your Own Device (BYOD) where employees bring their own mobile devices into work – according to a survey my company conducted among UK workers this year, nearly half of us (42 per cent) now use the same phone for work and personal activities. In fact, well over a third (38 per cent) believe their job would be impossible without mobile access to work email.
But just as organisations are starting to get to grips with the challenges of BYOD, now they have to get used to the fact that employees want to bring their own applications and collaboration tools to work as well. Known as BYOA or Bring Your Own App, individuals are downloading their own favourite mobile apps to find quicker and more productive ways of working and to manage their ever-increasing workloads.
Admirable though this is, the problem is that many mobile applications are inherently insecure, and pose real concerns for organisations where preventing data loss is absolutely critical, such as in highly regulated industry sectors, like financial services, government and pharmaceuticals.
Having access to a browser, or to corporate email, calendar and contacts, it seems, is no longer enough for today’s mobile workers. Employees want the most up to date information at their fingertips and access to the business applications they use every day, as well as the ability to easily share and collaborate on work files wherever they are, regardless of what restrictions their companies set.
Many individuals are used to visiting app stores, installing software of their choosing, whenever they want, and configuring it to individual taste, and they expect the same freedom and choice when it comes to the productivity, travel, networking, media or news apps they use at work.
Take Dropbox, the cloud-based storage service, popular for accessing and synching documents, or the likes of iCloud. Many workers are already familiar with such apps to store and organise files, music and images at home. The concern is that they are now using these services to share confidential work files and documents via different mobile devices, with little or no thought for the security of the data being shared or the legal consequences of their actions. Data leakage then becomes a major concern for the business, with potential loss of highly sensitive information and corporate IP.
Any cloud-based service of this nature is going to be problematic for organisations. Concerned with data leakage, the loss of corporate IP, and putting highly sensitive data at risk, the use of such cloud-based storage presents a real challenge when it comes to corporate governance, risk and compliance.
Some companies are taking a traditional approach and simply blacklisting all non-official mobile business apps, which certainly helps put their IT departments’ minds at rest and reassures them that they have done all they can to keep the company’s data safe.
The first step, however, is not to focus on securing the mobile devices themselves, but to address the issue of securing the data instead. The second is not to ban these potentially powerful and productive mobile business apps, but to secure the data that resides within them and transfers between app-to-app with the right mobile security tools.
In addition, some companies might want to consider developing their own custom applications and creating corporate app stores that allow employees to download and used corporate-owned and approved apps. This way, the organisation controls the usage and addresses any security concerns.
Finally, and most important, companies need to educate staff about the security consequences of installing and using insecure or non-approved software and apps at work. Get this right, and you have a productive, collaborative and happy mobile workforce, secure data and an IT team that is able to sleep soundly at night.