There have never been so many device and OS options available and users have never been so opinionated on their preferences for both. This has sparked a potential revolution in corporate IT – one that has been termed BYOD (Bring Your Own Device) or CoIT (the Consumerisation of IT), but is more recognisable as the osmosis of personaldevices into the workplace.
In the past, an office would be kitted out from top to bottom with identical PCs. Employees would, more likely than not, have something quite similar at home. However, the consumer market is now filled with a mixture of different options. The tower PC at home has been replaced by an assortment of laptops, tablet computers, smartphones, smart TVs and networked consoles. In the office however, the desktop PC format remains, although the bulky CRT monitor is likely to be a thing of the past.
As a result, the current corporate desktop landscape is suffering an invasion of alien, unsecured devices. There are plenty of reasons why users would want to use their own devices, and plenty of reasons why they should be allowed to as well, increased productivity being the biggest potential benefit. However, an organisation could end up in a situation where no two devices in the workplace are the same and none are supported by the IT department.
Although such an extreme situation is very unlikely, it represents a real security risk. With the recent resurgence of the Apple brand, the advent of the user-centric and mobile friendly Windows 8 and the noted shift from desktops to portable devices in the consumer market, business users are demanding support for new ways of working but not considering management or security aspects.
Until recently, the thinking on this issue from management has tended to fall into one of two camps. Some have taken a laissez-faire approach, where users have been free to access their emails, documents and other work files from any device they like. Others have enforced a total lockdown with strict policies to prevent employees using anything other than work-supplied devices for work-related activity. This approach has tended to force those rebellious users underground where they have carried on with no regard at all for policies and procedures.
The driving force for the shift in work styles is coming from the users themselves who can see the potential of, for example, their iPad for presenting in meetings. Everyone from the road warriors to the CEO is keen to leverage the capabilities and usability of their new personal devices in their working lives. IT departments are being pressurised from all sides to support these new devices and to enact BYOD policies.
In this climate, there are three approaches that businesses can take towards BYOD, with varying degrees of success:
- The first is a strict crackdown on unapproved devices and network connections. Internal policies that stipulate which devices can be used for which activities can then be enforced for the business by the IT team
- The second approach is to continue ignoring the need to support new devices – organisations can close their eyes and pretend that users only access their work files between 9 and 5 at their workstation. This approach simply postpones dealing with the problem, which will inevitably be much bigger when the IT team is forced to tackle it
- Thirdly,organisations can actively encourage users to choose the work style that suits them by managing and supporting the devices that they work on, whether these are provided by the business or by the user.
Whether organisations rule against non-company devices or open the floodgates to all, it is clear thatthey need to recognise what devices are on their network. The easiest way to do this is by immediately identifying and tracking devices attempting to enter the network. Depending on the chosen policy, IT departments can either automatically prevent these devices from accessing the network or they can monitor what phones/tablets/laptops/PCs are being used and ensure the software running on those devices, including anti-virus and firewall programs, is up-to-date and keeping the company’s data secure.
By centrally controlling and protecting the data and configuration settings for all mobile devices in the network, Mobile Device Management (MDM) can reduce support costs and business risks. MDM is the obvious choice for companies who can see that the days of IT departments dictating hardware specifications are over. Users are tech-savvy now – they know how they want to work and what they want to use. Organisations need to wake up to the reality of BYOD and its implications, and see that MDM will soon be a critical necessity for keeping any business secure.