According to a global survey of CIOs by Gartner, 38% of companies expect to stop providing devices to workers by 2016. Does this augur good for the new generation workforce as they can bring their own devices to work or is this going to be another headache for IT admins? Because, BYOD strategy may not include a subsidy so employees would need to bear all expenses of owning a device while on the other side, employers would need to deploy a framework to manage all those devices.
While the concept of BYOD has been largely consumer-driven, consumers have not been quite concerned about the security issues. An increasing number of people are using mobile devices for personal as well as office purposes.
All said and done, the biggest advantage of this trend is that BYOD as it picks up would enable CIOs to help enhance the productivity of employees by rolling out applications throughout the workforce which can lead to new opportunities beyond traditional mobile email communications.
Before we go further, let's do a reality check on the readiness of indian enterprises to embrace this trend. "Nearly half of the companies in India have security policies that prohibit BYOD", says ISACA 2012 IT Risk/Reward Barometer. This clearly shows how dismal the BYOD landscape is.
We spoke with Surendra Singh, Regional Director, SAARC & India, Websense to understand the security implications of BYOD along with the trends that are shaping up.
What is the state of BYOD in India?
While some of the organizations have adopted BYOD, it has only been on a pilot basis. Certain organizations have started this practice with certain terms and conditions. Organizations have been thinking about it while also considering security issues associated with it.
Fundamentally, this concept is not driven by the organization or its CXOs. It is driven by the consumers --the iPhone and Android users.
With push-mail and other services available on these devices and also with technology maturing, it is convenient for the employees to use them at work, while commuting, and while working on weekends. The organizations have been slowly but steadily adopting this practice. They are definitely not rushing towards it. While some organizations are wary of its adoption, it is just a matter of time that all the organizations in India would be embracing it at a later stage.
BYOD saves companies money but it costs employees big! Is this a viable model then?
I don't think it is a money saver for the companies as they have to then focus on strengthening the network and security infrastructure.
Also, employees are asking for access through their mobile devices. It is not that organizations who are asking employees to spend their money in buying their own devices. As said, this concept is largely driven by the consumers.
Are we going to see a rise of the corporate app store where employees have their approved apps along with their native workplace apps depending upon their job role? Will users find them usable because they are used to an experience like iTunes or Android?
The main cause of concern is only the security issues associated with BYOD. There are certain vulnerable apps which the companies wouldn't want their employees to use due to the security risks associated with it. Even employees wouldn't mind such restriction because their own information is put at risk. Security issues are not for the organization but also for the users themselves. It is not just about the loss of intellectual property of the organization but also about loss of personal information.
For example, I would rather prefer doing a financial transaction over my laptop to doing the same over my smartphone. There is a certain amount risk associated with use of mobile devices and apps for office purpose. While the Apple App Store is more closed and controlled as far as the apps are concerned, Android's Google Play is more open and hence likely to have more malicious apps.
What are the top concerns around BYOD?
Firstly, there are malicious apps which try to gain backdoor entry in a company's IT infrastructure causing a major security lapse. Companies require careful screening in order to filter out malicious apps and preventing their download and usage. Secondly, there is prevention of sensitive data loss through mobile devices.
This can be done by completely blocking the opening of mails on the device. But here, the user experience has not been very good. Another way of dealing with this problem is redirecting the mails containing sensitive data to desktops or laptops instead of being available on mobile devices.
What are the recommendations that you would like to give to the enterprises?
Firstly, we would recommend prevention of download and usage of malicious apps. We would also suggest a robust security infrastructure to protect the organization from security breaches. Also, we recommend redirection of emails containing sensitive data to desktops/laptops instead of mobile devices.