BYOD balance: Bring your own device can be productive and secure
BYOD stands for bring your own device. It’s an IT policy that allows, and sometimes encourages, employees to access enterprise data and systems using personal mobile devices such as smartphones, tablets and laptops.
There are four basic options or access levels to BYOD:
- Unlimited access for personal devices
- Access only to non-sensitive systems and data
- Access, but with IT control over personal devices, apps and stored data
- Access, but preventing local storage of data on personal devices.
BYOD has its rewards. It can improve productivity because employees are more comfortable and proficient with their own devices. They are also more apt to adopt leading-edge features, and they don’t have to manage two devices. It can also boost employee satisfaction by letting employees use the devices they choose and prefer — IBM® reports that 83 percent of users considered their mobile device more important than their morning cup of coffee. BYOD can also help cut costs by shifting device costs to the user and away from the IT budget.
BYOD also has its risks. As users potentially mix their personal and professional lives on their devices, they can unwittingly expose sensitive data or create vulnerabilities to malware (malicious software) and destructive cyber attacks.
An initial concern with BYOD was loss of the actual personal device and the sensitive or proprietary data on it. According to a 2014 study (PDF, 1 MB), the ability to remotely wipe lost devices was the policy most enforced by organizations interviewed.
Unfortunately, cyber attackers are opportunistic, and soon found vulnerabilities through mobile applications and operating systems. By 2015, mobile devices monitored by IBM Trusteer® showed an active malware infection rate equal to PCs. A 2018 IBM Security Intelligence article notes an example of this type of threat by reporting the rise in mobile banking Trojans (malware disguised as useful apps) linked to Marcher malware (a combination of banking Trojans and phishing — fraudulent emails that entice personal information). The Marcher malware impersonates legitimate apps to victimize millions of Google Play users. These same users may be downloading a fraudulent app one minute and uploading corporate data the next.
In addition to managing security threats, BYOD can also mean additional tasks and responsibilities for IT departments — for devices they do not own or officially control. This brings a new level of complexity to IT functions and concerns such as help desk support, regulatory compliance, provisioning, asset management, data privacy and more.
Secure and manage BYOD
The ability to work from any device is no longer a privilege — it’s an expectation. See how IT can respond.
Blueprint for a Borderless Workplace
Read this report from Forbes to gain a greater understanding of the challenges IT organizations face in making it possible for employees to work on their terms.
Why is BYOD important?
BYOD policy is important because it helps organizations strike a balance between improved productivity and managed risk.
BYOD as a work practice appears inevitable. Forbes reports that 60 percent of millennial workers and 50 percent of workers over 30 think the tools they bring from their non-working life are more effective and productive than those that come from work. What is termed the BYOD market is expected to hit almost USD 367 billion by 2022, up from USD 30 billion in 2014, Forbes also points out.
Security risks and additional complexity persist. But which is riskier asks IBM security expert Jeff Crume?
- “Letting employees who may know little about threats or mitigation strategies sort out what the most appropriate defenses are, install the proper tools, configure them for optimal usability/security and maintain all this in the face of an ever-changing backdrop of newly-discovered vulnerabilities and attack types.
- Letting subject matter experts chart the course and enable members of the user community to focus on their daily jobs.”
Most IT organizations, sensibly, are going with option B — which makes BYOD an inevitability for them and their teams. As such, BYOD becomes more than letting somebody from finance work on quarterly results from their tablet at home. It elevates BYOD to an IT imperative challenged with enabling a mobile workforce while mitigating the risks.
IBM Managed Mobility Services
Manage, containerize and optimize laptops, tablets, phones… whatever. See how IBM can help you manage any device, anywhere, any time.
Accelerating the Support Experience with the Cognitive, AI-Powered Help
Discover best practices for delivering personalized and intuitive support experiences at the scale required by a highly mobile and diverse workforce.
Keys to effective BYOD
For BYOD to be effective, policies need to be developed and deployed that support productivity, enforce security and operate efficiently to meet business requirements.
There are software technologies that can help.
Enterprise Mobility Management (EMM) and Mobile Device Management (MDM) solutions can help enroll users and enforce secure BYOD policies, such as identity management and authentication procedures. Unified Endpoint Management (UEM) has evolved to enable IT organizations to consolidate disparate programs for provisioning, securing and supporting mobile devices into a single solution. UEM can survey and report on devices enrolled with an IT department, and provide a single, dashboard view of their management. UEM solutions are also incorporating artificial intelligence (AI) technologies to surface anomalies in vast amounts of data and recommend actions to remediate malware and other security incidents.
Even with AI-powered software, effective BYOD is an elusive challenge, and IT organizations will need to consider help from services providers as well, according to analyst IDC (PDF, 658 KB):
“As enterprises undertake or expand mobile deployments, they will need to get their arms around which deployment choices and which suppliers work best for them. Most enterprises will not be able to keep pace, nor will they have the technology, staffing, and processes in place or the ability to capitalize on mobile assets to deploy and optimize a mobile strategy to its full potential. As a result, IDC believes that the need for external IT services that can help enterprises plan, build, integrate and manage their mobility initiatives will grow in importance.”
IBM has developed ten guidelines or “rules” to help plan and implement effective BYOD:
- Create policy before procuring technology by looking at key questions and factors — and considering all the key mobile players. What devices will be supported — or not? Who will pay for the data plan? What are, if any, the compliance issues of that data? What are the privacy implications for company and employee? Each organization will have their own questions and ensuing policy decisions
- Find the devices that are accessing corporate resources with tools that can communicate continuously with an email environment and detect all devices connected to the network.
- Enrollment should be simple and protected, and configure the device at the same time. In a perfect scenario, users follow an email link or text to a profile on their device, including an Acceptable Usage Agreement or AUA for network access.
- Configure devices over-the-air to avoid further help desk requests. All profiles, credentials and settings should be delivered to the device. This is also an opportunity to create policies to restrict access to certain applications and generate warnings about data limits.
- Help users help themselves by enabling self-service for functions such as PINs, passwords, geo-location and device wiping.
- Keep personal information private by communicating privacy policies to employees and providing settings capabilities to disable app inventory reporting and location services.
- Separate personal information from corporate data by making sure an MDM solution can selectively wipe corporate data should an employee leave, and provide the option to wipe the entire device should it be lost.
- Manage data usage by setting roaming and in-network megabit limits and customizing the billing day to create notifications based on percentage used.
- Continually monitor and address devices for noncompliance by looking for activity like “jailbreaking,” where a user may attempt to get paid apps for free; use SMS to notify of any non-compliance before hitting the wipe button; and work with users to keep operating systems up to date.
- Enjoy the return on investment (ROI) from BYOD by examining costs associated with shifting mobile device costs to employees such as device purchase, subsidized data plans — and include the costs of mobile device management solutions and services.
Ten Rules for Bring Your Own Device (BYOD)
Practical guidance from IBM shows you how to create a peaceful, protected and productive mobile environment.
EMA – Unified Endpoint Management: Enabling Responsible End-User Computing in a Multi-Device World
IT and security need to view, manage and secure their endpoints, apps, content and data — plus manage user identity and access — from a single platform. EMA looks at top features for effective UEM.
Is your MDM/EMM measuring up?
Support for legacy systems? Includes AI for endpoint management? Identity and access management standard? Get answers.
Manual app provisioning and device management was time-consuming and challenging for users. Facility services provider ISS used an enterprise mobility management platform to help staff provision and update mobile apps and safeguard mobile devices.
Airline Garuda Indonesia needed to distribute, update and track mobile devices, apps and content — and address regulatory requirements — to deliver an “electronic flight bag” for pilots. See how they did it, and increased productivity for pilots by 50 percent.
VE Commercial Vehicles Ltd.
Indian commercial vehicle maker VECV simplified coverage for its multi-vendor environment across locations, including support to help employees easily connect their own mobile devices in the workplace. Downtime is down and productivity is up.
Find the latest security analysis and insight from top IT security experts and leaders, made exclusively for security professionals and CISOs.
IBM Developer for mobile
Visit IBM Developer for mobile application development and get the tips, tools and techniques to integrate mobile in the workplace.
IBM Digital Workplace Services
Enterprise mobility services help users seamlessly work across virtual, physical and connected environments.
IBM Workplace Modernization Services
Transform the office into an environment that is collaborative, productive and security-rich.
IBM Digital Workplace as a Service
Digital workplace as a service (DWaaS) provides turnkey mobile device management for small and midsize businesses.
IBM Enterprise Mobility Management
A single platform to manage and secure endpoints, including personal and corporate-owned devices across iOS, macOS, Android and Windows.
IBM MaaS360® with Watson™
Harness the power of AI for unified endpoint management.