BYOD Is the Corporate Norm But Data Security Lags Far Behind
In 2009, CEOs in just about every large organization started purchasing iPhones and demanding access to corporate email. Although IT had securely managed BlackBerry deployments in place, many departments accommodated this request, only to find a few months later that thousands of employees had taken after these CEOs, with the key distinction that their iPhones were unauthorized.
As this story and countless others illustrate, the Bring Your Own Device (BYOD) phenomenon disrupted enterprise IT practically overnight. To catch up, the makeshift solution for many organizations has been "mobile device management" (MDM). This first attempt to secure BYOD was a knee-jerk reaction focused on managing personally owned devices in much the same way that corporate-owned laptops are managed.
According to a recent Gartner report, by 2016, 20 percent of enterprise BYOD programs will fail due to deployment of MDM measures that are too restrictive. The issue with MDM is it secures devices, not corporate data, and has never been a solid solution for either IT or employees in BYOD environments. Let’s examine a few reasons why.
IT. The IT department doesn’t enjoy imposing suffocating restrictions on employees, but meeting the employee demand for BYOD often leaves them no choice. IT is chartered with securing the organization’s data so they use the technology available to them – MDM. That the price of this BYOD security solution is dictatorial control over employees’ personal devices is an unfortunate, necessary evil.
A recent ESG report that surveyed organizations of 1,000 or more employees shockingly found that just 21 percent have implemented and standardized an MDM solution. That means that despite BYOD being one of the biggest trends in enterprise IT today, just one in five enterprises have deployed a solution to secure it. That is cause for alarm.
Employees. Enterprise data is frequently exposed with BYOD. For example, an employee might use a personal smartphone to access data on Salesforce.com over a 4G wireless network, inadvertently sharing sensitive corporate data.
Just as the majority of employees are blissfully unaware of the potential security breaches they are exposing their company to, they would be equally mortified if they were fully aware of what MDM products can access. According to a survey carried out by Harris Interactive on behalf of mobile security firm AdaptiveMobile, most employees do not believe that their employer can see what they are doing on their personal devices, yet 89 percent of employers said they have visibility into their employees devices at all times.
This raises huge concerns for employees who are extremely uncomfortable with IT accessing personal information and controlling their device usage. Not to mention the horror stories of employees who have everything wiped from their phone if they leave a company.
The future of BYOD security. BYOD has been a shock for many organizations, but it is here to stay and the path forward is to enable employees through BYOD programs. The focus must shift from securing the device to securing corporate data on the device. Next-generation BYOD solutions must not only secure corporate data, but be device-agnostic and deploy with minimal effort on either the employee or IT's part.
At the same time, the native user experience on mobile must be taken into account and respected. Today's employees are tech-savvy and quick to write-off IT as old school and out of touch. These employees will not hesitate to “go rogue” and find workarounds if IT slows them down or invades their privacy. Next-generation BYOD security solutions must be completely frictionless and transparent to employees.
Unfortunately for IT, company-issued BlackBerry phones are unlikely to make a comeback in the corporate world, but enabling a mobile workforce does not have to be a constant give-and-take. Enterprises can embrace BYOD while maintaining security and privacy but it will require a solution with BYOD in its DNA.