Is your Enterprise Mobility Strategy BYOD ready?
While there was some early speculation that BYOD was more of a fad than a trend, the verdict is in and the debate is over: BYOD is not going away anytime soon. And as far as employees are concerned, why should it? BYOD helps them get more done, while they spend less time stuck in their workstations. What’s not to love?
Well for enterprises, what’s not to love are BYOD’s inherent security risks. The mainstream devices that employees buy in droves or receive as gifts — like iPhones and Android smartphones — were not designed to work and play well with rigorous corporate network security systems. And many of the productivity and communication apps that employees use on a daily basis are vulnerable to data leaks; some of them, staggeringly so.
Still, more and more enterprises are accepting that BYOD is here to stay. And so rather than fight a losing battle with their employees, they’re pragmatically moving to govern the practice. A recent study by Tech Pro Research found that 74% of enterprises are using or adopting BYOD, and Gartner predicts that by 2017 half of employers will require employees to supply their own device for work purposes.
That leaves IT with the big question: Is our Enterprise Mobility Strategy BYOD Ready? As the enterprise transitions towards BYOD adoption, it is paramount to minimalize data leakage and corporate risk while empowering maximum producitivity of the workforce. However, an IBM survey found that only 29% of enterprises have implemented an enterprise mobility strategy, while another 10% had it perpetually on their “to-do” list. The rest were too occupied with plugging security holes.
However, the missing insight here is that an enterprise mobility strategy is, in fact, connected to security and compliance. They work together as part of an overall BYOD control and governance framework that enables productivity, security and compliance. It’s all or none.
4 Steps You Can Take To Make Your Enterprise Mobility Strategy BYOD Ready
In light of this, here are the four aspects that enterprises need to focus on as they develop and implement a functional – and foundational – enterprise mobile strategy:
Evaluate the kind of work that is being done in the enterprise.
Do employees need communication apps? Productivity apps? Line-of-business apps? Answering these questions involves taking an inventory of the apps that employees are using – but that’s not where the process should end. It’s also vital to evaluate the work itself, and determine what type of apps employees should be using vs. what they are using, or could be using, in order to maximize productivity and minimize risk.
Discover how employees are using their mobile device.
Are employees using mobile devices to augment what is available via their workstation, or are they using them as an alternative? Indeed, some employees take the BYOD route out of convenience rather than performance. It’s important to analyze how, why and when mobile devices are being used, so that an enterprise mobile strategy can function to support desired usage, and diminish undesired (read: risky) usage.
Identify what needs to be secured.
Do enterprises need to secure every single email? How about instant messages? And for how long? These answers to these (and other related) questions directly determine the framework of an enterprise mobility strategy, because they impact usage rules, as well as the kind of security solution that is either desired, or increasingly, is required per prevailing standards and regulations (e.g. HIPAA, SOX, etc.).
Create a robust and enforceable BYOD security policy.
As mentioned above, a BYOD security policy is not synonymous with an enterprise mobility strategy. However, it’s clear that such a policy must form the strategy’s core. To that end, enterprises must determine how they will: secure corporate-owned data while leaving employee private data alone, wipe data from lost or stolen devices, use encryption to prevent unauthorized access, implement user authentication, prevent data breaches and cyber crime attacks, and so on. This policy must be robust and enforceable; not the former instead of the latter. Otherwise, employees won’t play by the rules, and both the security and the strategy goals will not be achieved.
The key message for enterprises here is that simply adopting BYOD does not in itself makes your enterprise mobile strategy BYOD ready. Enterprises must therefore make a focused, determined effort to build a strategy that makes sense on all levels: productivity, security and compliance.
Doing so will help them reap the rewards of a BYOD landscape that is only going to become populated as the future unfolds – not less.