By Sharmila Ganapathy
The BYOD (bring-your-own-device) trend has been much talked about in recent years. For the uninitiated, BYOD refers to using mobile devices that you bought for your personal use to access work-related information. This has resulted in a growing number of organisations allowing their employees to bring their own smartphone, tablet or laptop (in some cases all three) to work so these employees can work the way they like, when they like.
“About half of the world’s companies will enact BYOD programmes by 2017 and will no longer provide computing devices to employees. So far, BYOD adoption is most common in companies with between US$500 million (RM1.6 billion) and US$5 million (RM16 million) in revenue, but there are significant differences according to geography. The U.S. adoption rate is double that of Europe, but the highest rate is in India, China and Brazil,” said David A. Willis, vice president and distinguished analyst at global research firm Gartner (pic), in an e-mail interview with Business Circle.
Commenting on the advantages of BYOD, Willis said that Gartner’s inquiries with early adopters revealed that employees’ satisfaction with their employer and their IT department consistently improves when BYOD programs are introduced.
“BYOD also permits smaller companies to go mobile without a huge device and service investment. In some cases, the low-cost consumer apps or the mobile clients of existing server apps can add significant value without significant cost,” he added.
However, all is not rosy in the BYOD space. According to Willis, security is the top concern for BYOD.
“After decades of owning the device that a business user would use and centering much of its security protections on control over the endpoint, the new BYOD model makes the business more like a cloud service provider. The risks of data leakage on mobile platforms are particularly acute and are now a bigger problem than malware. Mobile devices like the iPad or iPhone are designed to share data in the cloud and have no general-purpose file system for applications to share; thereby increasing the potential for data to be easily duplicated between applications and moved between applications and the cloud,” said Willis.
To mitigate the security risks that BYOD brings to corporations and their employees, Willis recommends establishing clear policies for BYOD. “It is essential that IT specify which platforms will be supported and how; what service levels a user should expect; what the user’s own responsibilities and risks are; who qualifies; and that IT provides guidelines for employees purchasing a personal device for use at work, such as minimum requirements for operating systems.”
In addition, he recommends that companies invest in technologies that separate enterprise and personal applications and data. “It will help if they establish user self-support and third-party support options. Retrain existing service desk staff, and augment the mobile support team as needed. Also, let workers know what devices are appropriate, or not, in the workplace. Not all devices can be supported. Specify the widest range of operating system/mobile device families as is reasonably possible, rather than certifying specific products,” he said.
There is also a need for users of mobile devices to protect themselves against various security threats, said Dr Amirudin Abdul Wahab, chief executive officer of CyberSecurity Malaysia (pic).
According to Dr Amirudin, potential security threats users need to be aware of include data theft due to loss of mobile devices, access to open WiFi and public hotspots, downloading and running vulnerable applications that can easily be exploited, malware and phishing attacks.
So, what steps can users take to protect themselves? Dr Amirudin advises that users choose a mobile device that has security features such as file encryption, ability for the service provider to remotely find/wipe the mobile device, delete malicious apps remotely and has authentication features.
“Users must configure their mobile device to be more secure such as enable password feature that locks the device until the correct PIN or password is entered and choose strong complex password. Also, disable interfaces that are not currently in use, such as Bluetooth, infrared, or WiFi. Attackers can exploit vulnerabilities in software that use these interfaces,” he told Business Circle.
Meanwhile, Microsoft Malaysia’s National Technology Officer Dr Dzaharudin Mansor (pic) said that organisations that implement BYOD need to properly define and enforce security policies to protect information and minimise risks of having unmanaged connections within internal networks.
He agrees with Dr Amirudin that mobile devices should be secured with a PIN or passcode of some sort, and data stored on the devices should be encrypted.
“To take it a step further, IT administrators should consider an end-to-end security and management approach as well as access control based on level of impact and device type,” suggested Dr Dzaharudin.
“Enforcing compliance mandates and dealing with the security issues have been major hurdles for quite a few businesses. The good news is that technology, platforms and know-how have progressed to the extent that these issues can be adequately addressed cost-effectively. With proper policies and technology strategies in place, even SMEs will be able to afford the benefits of embracing and leveraging on BYOD with minimal risks,” added Dr Dzaharudin.
“We also strongly emphasise the use of genuine software throughout the IT ecosystem due to the inherent dangers of pirated software. Having all the necessary policies in place without ensuring genuine software throughout the ecosystem is akin to locking one’s front door, but leaving the backdoor wide open,” concluded Dr Dzaharudin who had also moderated a roundtable on security at the recent PIKOM (National ICT Association of Malaysia) Leadership Summit 2013.
(Business Circle was also told by industry that Dr Dzaharudin is a Microsoft “Circle of Excellence” Award winner, an accolade reserved worldwide for the company’s “High Impact” employees comprising about 0.2 per cent of its global workforce.)
Despite the risks involved, Gartner clearly believes that BYOD will become pervasive going forward. “We project that the number of workers having mobile access to applications will soon double, due to the shift deeper into the workforce and the push to go beyond voice and email,” said Willis.