Is It Time for SMBs to Implement Policies for BYOD?

Paul Mah
Slide Show

BYOD: User Policy Considerations

Questions and key points companies should consider when establishing BYOD policies.

BYOD, or bring your own device, is an inexorable force primarily driven by the plethora of smartphones and tablets making their place into the corporate workplace. More so than large enterprises, this trend is making itself felt on SMBs and SOHOs, given how these devices could serve as force-multipliers in smaller businesses with far fewer resources.


SMB usage of tablets is increasing


According to Spiceworks' State of SMB IT report (pdf) for the first half of 2012, three-quarters of SMBs manage employee-owned devices. Specifically, the number of SMBs using tablets has increased from 33 percent to 45 percent. Indeed, another 17 percent are planning to purchase a tablet for their companies in the next six months. Assuming this trend continues, this works out to be 62 percent of SMBs using tablets at the workplace by the second half of this year.


Overall, despite having only a quarter of surveyed SMBs not allowing BYOD, up to 45 percent of IT professionals are not sure about how they should manage these devices, according to the same report. Twenty-five percent of administrators consider it a headache for their department, while another 20 percent haven't formed an opinion yet. Only one-fifth indicated that they have "fully embraced this trend since this is the future."


IBM tightens up on BYOD


At least one enterprise firm has implemented measures to protect itself from data leakages that may arise from the trend of BYOD: IBM. It should be noted that employees have enjoyed a BYOD environment at Big Blue since 2010, to the tune of 80,000 out of 400,000 workers using non-company-issued smartphones and tablets to access internal networks, reports Technology Review. One problem has to do with the fact that most workers were unaware of what popular apps could constitute security risks. Instead of saving money, IBM CIO Jeanette Horan says the situation has actually created new challenges for the IT department.


The company has since established guidelines on apps that employees can use, or which they should avoid. In addition, employee devices are first configured so that they can be wiped remotely in case devices are stolen or misplaced prior to being granted access to internal networks. Cloud-based file-transfer programs such as iCloud, Dropbox and, yes, even Siri, the voice-activated personal assistant, are not allowed. Employees with greater access to internal applications and files will also have their smartphones equipped with additional software that performs the appropriate data encryption.


Work to be done for SMBs


For the increasing use of BYOD in SMBs, there is scant mention of policies or tools to help smaller businesses on this front. Now, I'm certainly not against the use of BYOD, though it is evident that many SMBs are not even aware of the heightened risks that they face with unsecured BYOD hardware inside their network.


The dangers are clear and present, however, as evidenced by the measures implemented at IBM. Indeed, I have recently also outlined some explicit security problems that can arise in "The Dangers of BYOD in Small Businesses." I will be following up on this topic with another post on some basic BYOD policies for your SMB.


In the meantime, what is your strategy or experience in managing BYOD in your business? Feel free to share in the comments section below.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post
May 30, 2012 9:03 AM Chris Halcon Chris Halcon  says:

Thanks for your post, Paul. There definitely needs to be more discussion about policies and procedures for BYOD in SMBs. SMBs are struggling to the proper balance between enabling mobility and maintaining a secure IT infrastructure. One of my colleagues here at Symantec recently wrote a blog post sharing some best practices for mobile devices and tablets in the SMB workplace, starting with taking stock of the mobile devices. SMBs need to know which employees are using mobile devices to connect to business resources. The fact of the matter is you cannot protect or manage mobile devices you don't know about. You can read more here: http://bit.ly/LQXd59

Chris Halcon



Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.