The Bring Your Own Device (BYOD) phenomenon has been around for a number of years. Even where the IT department hasn’t implemented a specific BYOD policy, many users are still choosing to work through their own personal devices.
Often, employees are keen to overcome the limitations of the hardware that the IT department provides, which is often seen as slow, old and inefficient, and instead turn to their own quicker and more powerful consumer products. What this means is that in most corporate environments, you’ll find that the average user now has multiple devices, ranging from a smartphone and possibly a tablet, to a laptop and desktop computer.
What we’re seeing in the workplace is a fragmentation in the types of devices that are being used. Previously, each employee would have had the same laptop and mobile phone, with each type of device using one operating system (OS), and having access to the same applications. With BYOD, the fragmentation of devices has expanded to the choice of OS and applications employees use.
This expansion of devices within the organisation has left some IT teams grappling with a growing list of form factors and operating systems. Previously, the narrow range of corporate devices being offered by the IT team meant it was easier to manage and keep tabs on them. However, as platforms and devices have fragmented, it has become increasingly difficult to do this.
A solution that may work for a Windows laptop won’t necessarily work for an Apple one, for example. At the same time, controls have to be in place for every device on the network, even things which don’t fall under the heading of a consumer device such as a corporate desktop.
The issue is that in situations where control is lost, often the corporate networks, documents and other resources are at the mercy of unmanaged devices. Without management of each and every device connected to the infrastructure, it is impossible to ensure business-wide device policies tailored to the needs of every user.
This means a business cannot easily respond when a device is stolen or data is breached, or when a user does something with their device that is in breach of general IT policies. Even an innocuous programme, such as consumer cloud storage application, represents a potential data breach. Also, where it isn’t possible to control and track each device on the network, IT teams could simply not be aware of the number of devices. If a data breach does happen, it is impossible to gauge the scale of the problem.
Ultimately, where a business needs to restrict access or control device usage, these restrictions should be maintained regardless of the device or operating system. The only constant in this equation is the user, not the device. Device fragmentation has meant that this is now truer than ever. If your BYOD policies rely on managing each individual device, then something will always slip through the net.
What is needed is a centralised policy that works on all devices, which can be tailored to who is using it and how it is being used. The devices themselves are not the cause of the problem, nor are the users. This is because BYOD is not a technical problem; it’s a business problem, and it must be approached in this way.
One of the major problems with device fragmentation is that the greater the number and range of ways to access corporate infrastructure, the harder it is for IT departments to keep track of what their users are doing. Where users have unfettered access and control, then it becomes impossible to secure corporate infrastructure and data. The question though, is how do you manage so many different operating systems, hardware types, applications and users?
Rather than investing heavily in multiple IT policies and infrastructure based on device type, IT should focus on the user, rather than the device. After all, the main purpose of a BYOD policy is to secure the corporate networks and data that these devices will access. And typically, access to networks and data is defined by the individual, not the device.
The organisation’s BYOD policy needs to specify what can and will be done with the device relative to the corporate data and infrastructure. In this respect it needs to act as a complement to an existing baseline IT policy that covers all services and is in effect regardless if the device is owned by the employee or the organisation. It should be a constant protocol that IT implements based on scenario and user activity — not on the type of device.
Any BYOD policy is useless if there’s no way to enforce it, so it’s imperative that the IT team has access to the tools and technology to properly support all users. And if you intend to support a variety of form factors and operating systems, make sure your IT infrastructure aligns with these objectives.
Attempting to retrofit existing infrastructure for additional operating systems and form factors can be a complex and time consuming process, which will need to be gone through each time new types of devices are incorporated under the BYOD policy. Ideally, the IT manager needs to be able to see all devices, both BYOD and corporate, in a single environment in order to ensure IT policies are maintained across the business.
In this day and age, efficient businesses consolidate their infrastructure and resources whenever possible. So a single policy that can cope with device fragmentation and one which covers all devices is a perfect fit, especially when it’s been tailored with the end user in mind. It also ensures that each device that enters the business is already aligned with its goals.
Across the company, employees are looking for the productivity gains that come from having the flexibility to work how and when they want. Not having a robust BYOD policy in place, or even banning BYOD, means your company will be left behind. Ultimately, a well thought through BYOD policy will drive consistency of policy, greater efficiency and position the business to seamlessly support the overall industry shift towards mobility and flexible working.