When BYOD first established itself, IT and telecommunications departments, and the higher-ups who sign their checks, were rightly concerned that the new trend would have fundamental and widespread effects. They acknowledged that a tremendous amount of hard work would be necessary to leverage the new approach without compromising security.
It is easy to react when something is new and exciting. The challenge is long-term commitment. Vendors continually bring new products to market and strategies change. Will IT departments continue work to integrate the new techniques to make BYOD increasingly secure – and not grow lazy or compliant? Will the budgets they need to keep up with what is new start to shrink as other priorities emerge?
Joe McKendrick at ZDNet took a look at a BYOD survey by CompTIA. The results suggest that people are not paying as much attention as they should:
The survey finds many companies have yet to implement new policies and processes to tap into mobility’s full potential. Only 30 percent of companies have a formal mobility policy in place. Just eight percent have performed significant workflow changes as a result of mobility.
Integrating BYOD and mobility securely is complex, and that complexity shows no sign of abating. Jeff Scott, the vice president of North American Sales for Precise Biometrics, suggests in a SecureIDNews piece that the issue is to confront the partially contradicting priorities of preparing the work force to draw as much functionality out of mobility as possible while maintaining adequate security. Scott offers interesting insight into how to do this. The ideas seem good, but a challenge to implement:
Despite the challenges, BYOD is the way of the future, ensuring security and maximum productivity amidst an increasingly mobile, connected world. In order to glean its full benefits and combat its main challenges, a proactive, results-driven approach to interoperability, customization and integration is required.
The question is whether businesses, especially the budget- and personnel-constrained, have the capabilities and desires to implement these sophisticated approaches.
It is not hopeless, however. FierceCIO’s David Weldon posted an interesting Q&A with Matt Santill, the chief information security officer for Broward College, in Fort Lauderdale, Florida. The education sector likely had a head start in dealing with BYOD since its prime customers, students, have in essence been BYOD users for years.
In terms of IT, kids studying for a test (or downloading music) are no different from a mobile worker remotely accessing corporate results (or downloading music). The good news is that Santill lays out an understandable and viable vision. Indeed, it is complete with the names of vendors from which the company buys products.
The challenges of BYOD even extend to disposal of devices. Steve Skurnac, the president of Sims Recycling Solutions, used a column at InformationWeek to make the point that devices often are sold or discarded by employees with corporate information still on them. He said that an identity theft expert working with McAfee recently found that more than half of the 30 devices he bought online for analysis contained corporate information. The bulk of his piece is a series of four suggestions on what an IT Device Asset Disposition (ITAD) policy should consist of.
The bottom line is that plenty can be done to ensure that mobility and BYOD are reasonably secure. The question, however, is whether organizations are methodically taking those steps, or simply letting employees use their own smartphones, laptops and tablets without serious planning.