Thursday, October 1, 2015

Bring Your Own Device

Bring Your Own Device (BYOD) is an increasing trend toward employee-owned devices within the workplace. Smartphones are the most common example. However, employees may also take their own tablets, laptops and USB drives for use in the workplace.

BYOD encourages company employees to work on the device they choose, accessing corporate email and applications via their own technology. The driving force behind BYOD is an IT self-sufficiency among company employees who already own and use personal technology. These devices are often newer and more advanced than the equipment deployed by many IT departments. Some key advantages to operating a BYOD strategy:
  • Increased employee satisfaction - Employees can work more comfortably and flexibly on equipment they know well.
  • Cost savings - Reduced corporate hardware spend, software licensing and device maintenance.
  • Better work-life balance - Employees who need to work from home already have the technology they need.
  • Productivity gains - Employees are happier, more comfortable and often work faster with their own technology.
While BYOD promises many benefits, it also increases pressure on the IT infrastructure to manage and secure devices and data:
Company-issued IT typically comes with an acceptable use policy, and it is protected by company-issued security that is managed and updated by the IT department. It can be trickier telling an employee what is, or is not, an acceptable use of their own equipment. 

Businesses that fall under compliance mandates (e.g. PCI DSS, HIPAA, or FDA) have certain requirements related to information security and safeguarding specific data. Those rules must be followed even if the data is on a laptop owned by an employee.

In the event that a worker leaves the company, segregating and retrieving company data can be a challenge. Obviously, the company will want to keep its data while the employee wants to keep his/her data out of the company.
What You Can Do
Make sure you have a clearly defined policy for BYOD that outlines the rules of use, ownership of data, and states up front what the expectations are. Lay out minimum security and virus protection requirements, or even mandate company-sanctioned security tools as a condition for allowing personal devices to connect to company data and network resources. Include this in your Employee Handbook, and get the policy agreement of all new hires.

Investigate deploying virtual desktop infrastructure, such as VMWare, Citrix and Remote Desktop. This is using the organization's server hardware to run desktop operating systems and application software, as well as controlling access to file-stored data, inside a virtual machine. Users access these virtual desktops using their existing PCs. All corporate security is managed on the virtual server.

I encourage you to leave a comment by clicking on "...comments" below...
David Schuchman