BYOD: User Policy Considerations
Questions and key points companies should consider when establishing BYOD policies.
BYOD, or bring your own device, is an inexorable force primarily driven by the plethora of smartphones and tablets making their place into the corporate workplace. More so than large enterprises, this trend is making itself felt on SMBs and SOHOs, given how these devices could serve as force-multipliers in smaller businesses with far fewer resources.
SMB usage of tablets is increasing
According to Spiceworks' State of SMB IT report (pdf) for the first half of 2012, three-quarters of SMBs manage employee-owned devices. Specifically, the number of SMBs using tablets has increased from 33 percent to 45 percent. Indeed, another 17 percent are planning to purchase a tablet for their companies in the next six months. Assuming this trend continues, this works out to be 62 percent of SMBs using tablets at the workplace by the second half of this year.
Overall, despite having only a quarter of surveyed SMBs not allowing BYOD, up to 45 percent of IT professionals are not sure about how they should manage these devices, according to the same report. Twenty-five percent of administrators consider it a headache for their department, while another 20 percent haven't formed an opinion yet. Only one-fifth indicated that they have "fully embraced this trend since this is the future."
IBM tightens up on BYOD
At least one enterprise firm has implemented measures to protect itself from data leakages that may arise from the trend of BYOD: IBM. It should be noted that employees have enjoyed a BYOD environment at Big Blue since 2010, to the tune of 80,000 out of 400,000 workers using non-company-issued smartphones and tablets to access internal networks, reports Technology Review. One problem has to do with the fact that most workers were unaware of what popular apps could constitute security risks. Instead of saving money, IBM CIO Jeanette Horan says the situation has actually created new challenges for the IT department.
The company has since established guidelines on apps that employees can use, or which they should avoid. In addition, employee devices are first configured so that they can be wiped remotely in case devices are stolen or misplaced prior to being granted access to internal networks. Cloud-based file-transfer programs such as iCloud, Dropbox and, yes, even Siri, the voice-activated personal assistant, are not allowed. Employees with greater access to internal applications and files will also have their smartphones equipped with additional software that performs the appropriate data encryption.
Work to be done for SMBs
For the increasing use of BYOD in SMBs, there is scant mention of policies or tools to help smaller businesses on this front. Now, I'm certainly not against the use of BYOD, though it is evident that many SMBs are not even aware of the heightened risks that they face with unsecured BYOD hardware inside their network.
The dangers are clear and present, however, as evidenced by the measures implemented at IBM. Indeed, I have recently also outlined some explicit security problems that can arise in "The Dangers of BYOD in Small Businesses." I will be following up on this topic with another post on some basic BYOD policies for your SMB.
In the meantime, what is your strategy or experience in managing BYOD in your business? Feel free to share in the comments section below.