Securing your BYOD Play

Enterprise computing has seen its share of disruptive moments that has altered the conventional ways of doing things, thereby ushering a totally new paradigm shift. The CIOs are being challenged all through these shifts to create a definite impact enterprise wide - whether it be user experience or bringing in the much talked about tangible RoI benefits.

While cloud brought in a whole lot of benefits, then other technology concepts redefine the user experience. For instance, Bring Your Own Device (BYOD) is altering the enterprise dynamics in more ways than one, but enabling employees to access the corporate network with their own personal computing products is becoming a growing challenge and the CIO's bone of contention.

The Balancing Act

Today due to social media and phenomenal developments in seamless 'on-the-go' pervasive communication access through broadband, Wi-Fi, and mobile networks have indeed empowered the individuals. The blurring of lines between a desktop and portable computing devices has brought in a new power, performance, and functionality shift.

Reflecting on this, Venkat Iyer, CIO, Wockhardt says, "BYOD ("Mein and Meri Mobile as against Mein and meri tanhayi") is a phenomenon happening slowly in the Indian market. When I used to work for a broadcast media company earlier, the majority of the employees would be in their 20s and 30s, carrying iPhones and other devices and they wanted corporate mails on their personal devices. However in traditional manufacturing companies, the majority age group would be in 40s and 50s where the company would provide the mobiles/BBs where there is almost no BYOD culture."

Clearly, BYOD is a new trend and any company with bulk of young population will challenge these archaic IT rules and many CIOs are hence being told to reform to the changing times and in instances like BYOD, they are grappling with one of the biggest inhibitors and challenges: Security. And given this, risk management assumes critical proportions.

 

A report by Gartner states, "Many new risks emerge when employee-owned devices are used for business purposes: One, corporate data that the organization cannot control in traditional ways is residing on personal devices; and two, employees are using applications that the enterprise did not select, and whose functionality and licensing terms may be inappropriate."

Policy Driven Approach - The Key

BYOD is seen as disruptive because it is not just seen as an IT issue but is also an added incentive the companies give to the employees. Even some analysts are saying that it might end as one of the HR retention tools. CIOs say that it is definitely welcoming the technology as it marks the shift to a more progressive IT user regime. It gives freedom and broader choice to the employees.

Says Chella Namasivayam, CIO, iGATE Patni, "Yes! BYOD is a happening trend but organizations need to be a bit careful when it comes to security and avoid unnecessary conflicts at the users end. A policy driven approach with clear communication of the security policies of the organization on BYOD will help in addressing the security issues involved in BYOD and tuning the workers towards the organization's security processes is the key."

Agrees Venkatesh Natarajan, special director, IT, Ashok Leyland. He says, "BYOD will definitely alter the IT procurement policies and by encouraging employees to bring their own devices will liberate the organization from the elaborate process of buying hardware. While this cannot be enterprise wide, but if a good section of employees brings in their own devices, it does have huge cost savings as well."

However Natarajan cautions that CIOs need to create a fool-proof security strategy for the whole concept as it cannot take chances on compromising mission critical data. Some of the CIOs have already taken the lead in proactively managing the security issues. At Wockhardt, for instance, Iyer is looking at the BYOD in the field operations where the company has 3,000 plus sales personnel. The application will be on the cloud. The day the person leaves, the application on the device will be wiped out. "Security though is very important but it can be managed proactively with the tools available and with that one can distinctly separate personal vs company data," says Iyer.

Analysts also echo the CIOs concerns on security. Philippe Winthrop, mobility analyst and founder of the Enterprise Mobility Forum says, "As the adoption of smartphones and tablets continues to grow both at the consumer and enterprise space, mobility is quickly transitioning to the second wave of mobility predicated on applications. The consumerization of enterprise mobility - most visibly manifested by the BYOD trend - has now moved on to the application front.

Organizations are now quickly recognizing the power and value of providing mobile applications to both their employees and their customers. Despite this, many companies are still faced with the challenge of striking the balance between maintaining security and control for IT, while preserving the user-experience of the device for the employee."

Analysts say that one of the biggest challenges is that enterprises have invested a multitude of resources to create seamless Single Sign-On (SSO) environments within their network walls where applications and PCs share a direct trust relationship. Extending this type of trust to a mobile device has been a challenge due to valid security concerns and simplicity of use. So, clearly CIOs need to put in place a separate security policy that is user friendly so that BYOD adoption will go forward.