The BYOD evolution: Three common approaches

(c)iStock.com/martinwimmer

It has become a way of life for employees to bring personal devices to work, whether or not your organisation has a BYOD policy. Employees want the ability to use their own phones, tablets and laptops at work, without losing ownership or control of those devices. But this should raise some red flags for a company’s IT and security teams. The modern issues with BYOD have gone beyond just basic user-privacy issues, to the serious security and compliance matters that need to be addressed to ensure IT ecosystems are not vulnerable.

As organisations begin to change their strategies and infrastructures to keep up in the digital evolution and meet the requirements of the next generation of employees, we are going to see a shift in the acceptance of BYOD policies. To better understand the evolution of BYOD policies and to better predict where they are headed, let’s discuss the three most common approaches companies are currently taking to address BYOD.

Approach 1:  Head in the sand

If an employee receives a new iPhone for their birthday, it doesn’t mean the IT department automatically receives extra budget to buy a product to manage it. As a result, sometimes it’s easier for IT to just pretend the new phone doesn’t exist. But ignorance isn’t always bliss, as we’ve all have heard the scary stories about mobile devices being used to breach a network. With such a high risk, it’s understandable IT doesn’t want to pop its head up and become responsible, to some degree, for the device and network security.

For other IT members, it’s not a question of wanting to be involved, but whether they have the authority to do so. Mobile devices are embedded in our personal lives, and as a result, employees can be sensitive about IT having access to them. Even when IT wants to enforce a policy and properly manage a device, it’s not easy with unclear ownership. In the past, either the employee or the company would purchase the service, data and device, creating a clear distinction. Now, the employee may own the device but there can be ownership divisions at the application and data layer, which only complicates things for IT.

For some IT teams, that would be enough to stick their heads back into the sand, despite the fact that these devices are typically connected to the corporate network and have access to corporate email services.

Approach 2: Cro-Magnon

Typically, companies that subscribe to the ‘Cro-Magnon’ approach are the most cautious about BYOD. Their goal is usually to remove the ‘Y’ and the ‘O’ from ‘bring your own device.’ Cro-Magnon organisations are often prescriptive with their IT and device management policies; outlining which devices they support and making clear distinctions between corporate and personal assets.

In highly regulated environments, however, some organisations go as far as to just say no to BYOD altogether. However, while this is a well-defined stance, it can serve to alienate users and is frankly difficult to enforce. In many cases, users will go around the regulations and connect unauthorized devices to the network, opening up a variety of security and compliance issues.

Typically, the strongest force behind the Cro-Magnon approach is security. Oftentimes you’ll see organisations in more regulated industries adopt rigid BYOD policies in an effort to be compliant and adhere to policy. It’s also not uncommon for companies that have previously had security breaches lean towards this policy.

In theory, this strategy should make IT easier, but in some cases, it just creates a stop-gap solution. It requires a different set of policies to manage mobile and other user devices and PCs. As a result, IT needs two sets of toolsets and solutions that aren’t linked together in order to get their job done, and providing a unified experience to the end user remains elusive. 

Approach 3: Enlightened IT

BYOD has its risks, but ultimately, enabling it is based on a real business need. It provides valuable benefits to both users and organisations. For employees, BYOD enables them to use the devices they want and encourages IT self-sufficiency. By adopting this BYOD strategy, organisations can expect to see productivity gains, cost savings and increased employee satisfaction.

Still, for IT, BYOD can be a nightmare. In order to navigate this, standardization is key.

Standardisation is one of the best strategies IT can employ to ensure it delivers high quality service and protects the company and its assets. Standardisation of policies is critical in having a well-defined and auditable strategy for how IT is going to support and offer services to these devices is key. Additionally, taking a user-centric approach is essential since the user is the common denominator linking all of the devices for which IT is responsible to secure and deliver services.

In order to implement the best strategy, IT departments are going to need a unification of toolsets that allow for the management of the different classes of devices by users.  Simple MDM capabilities are not sufficient for enterprises wanting to manage PCs in all of their forms. Perhaps years from now, when sandboxed operating systems are ubiquitous, we may be closer. Meanwhile, IT shops need to search for tools that provide that level of integration and support customers need or stich together the integration themselves.  

 

https://www.iottechexpo.com/northamerica/wp-content/uploads/2018/09/all-events-dark-text.pngInterested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.

Related Stories

Leave a comment

Alternatively

This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.