As IT departments across businesses try to stay on top of constant changes in technology, company employees have started to demand support for corporate access on their personal devices. Bring your own device (BYOD) is a policy whereby this is specifically allowed and enabled. Personal smartphone usage is the best example, but BYOD can also include tablets, laptops, and even USB drives. Advantages to a BYOD strategy include:
- Increased Employee Satisfaction: Employees can work more flexibly
- Cost Savings: Companies have reduced spend on hardware and on software licensing
- Productivity Gains: Employees are happier, more comfortable and often work faster with their own technology
- Convenience: Employees can stick one phone in their pockets and don't have to worry about taking care of two devices
By far the biggest risk to a BYOD policy is not having any way to manage security on individual employees’ devices. Beyond passcode protection, BYOD policies might involve encrypting sensitive data, preventing local storage of corporate documents, or limiting corporate access to non-sensitive areas. Critical issues include:
- Device Sharing: It's simple to define how employees can use company devices, but it's often much more difficult communicating the limits of that security agreement to employees who want to let friends or family use their personal devices. When everyone who shares a device has access to private company information, security becomes much more difficult to guarantee.
- Data Separation: What happens when an employee leaves your employment? You'll want to remove confidential information from any employee device when they leave the company. But you don't want to delete their personal information.
- Data Protection: Fundamentally, when an employee has complete control over a hardware device, they control all the data that’s stored on it. What prevents a salesperson from downloading a database of client information, or saving an archive of all email and documents received as part of their employment?
BYOD security can be often addressed by having IT dictate comprehensive security requirements for each personal device used in the workplace and joined to the corporate network. The policy can include:
- IT requiring devices to be configured with passwords,
- Prohibiting specific applications from being installed,
- Requiring all sensitive data on the device to be encrypted,
- Limiting activities outside the scope of the company being performed on the devices while at the workplace,
- Scheduled audits performed by the IT department to ensure compliance with the BYOD security policy.
The driving force behind BYOD is a new IT self-sufficiency among company employees who already own and use personal laptops, tablets and smartphones. Mobile devices are oftentimes more advanced than the equipment owned and maintained by a company’s IT department. It's not surprising that the rapid adoption of lightweight Ultrabooks, iPads and large-screened phones are changing the way that people want to work, and when employees are allowed to integrate their own devices into the infrastructure of a company, it lowers overall IT costs, and often increases productivity.
How Barracuda Can Help
The Barracuda Web Security Gateway protects web browsing across multiple devices without the need to install client software or browser add-ins on each device. For total network protection, the Barracuda CloudGen Firewall provides secure network access from network-connected and off-network remote devices. Supported devices include PCs, Macs, iPhones, iPads, Android, and Chromebooks.
Do you have more questions about Bring Your Own Device? Contact us today.