BYOD – Advantage of Smart Organizations

Everybody‘s doing it these days, that is Bring Your Own Device to work (BYOD). The vast majority of business professionals working today have some type of smart phone, tablet, or laptop; many of us have and use all three on a daily basis.

Is this a question of if employers want to allow employees to use personal devices for work tasks or if employees are demanding the option based on convenience and personal preference?

According to Gartner‘s analysts, by the end of 2016, half of all companies will adopt the policy of „choice“ as a condition of employment in order to satisfy the growing demand and reduce overhead costs. Not surprisingly, the mid- to large-sized organizations are leading the charge in the adoption of new policies for the enforcement and regulation of BYOD in the workplace. The small start-up companies are also recognizing the advantages of a quality BYOD policy, such as reducing the need to build a dedicated company network.

“BYOD strategies are the most radical change to the economics and the culture of client computing in business in decades,” said David Willis, distinguished analyst at Gartner in a statement. “The benefits of BYOD include creating new mobile workforce opportunities, increasing employee satisfaction, and reducing or avoiding costs.”

This statement brings up an interesting point about who is responsible for implementing, regulating, and maintaining a quality ISMS strategy to maximize the benefits and minimize the risks associated with adopting a BYOD policy. Management and the accountants could benefit from the reduction in hardware, software, and networking purchase costs, and along with Human Resources, both would benefit from an increase in employee satisfaction, as a result of the personal gratification of the employee working at home or on the go, while listening to a preferred playlist.

The smart device landscape continues to rise at a dramatic rate, with shipments of mobile phone and tablets reaching 86% in 2013 and 87% in 2014 of the total shipments of computing devices. With smartphones and tablet devices being the most popular BYOD under consideration, the IT and IS managers need to complete the majority of the work in the creation of the new BYOD policies.

If you consider the International Standards for Information Security, such as ISO/IEC 27001 and 27002, very little is outlined regarding a BYOD policy. Organizations are provided a base set of controls and guidelines, but the advantages of allowing personal devices must be balanced with the development of the policies and procedures that best fit the organizations business and security needs. The rise in cloud computing is essential to the success of the mobile devices and the ability of the organization to control and release data accordingly. The planned updates to the ISO 27000 family, outlined in a previous article from us, make the benefits of operating in the cloud through a stringent security policy more appealing.

Here are a few things to consider when creating a BYOD policy for your company.

• Invest in a corporate Mobile Device Management client software – this will provide a security control measure that allows only corporate approved uses for the device
• Data encryption methods are required for all company data considered sensitive or confidential
• Device authentication for each specific devices must be approved by IT/IS
• A list of data types or uses that are prohibited on the personal devices
• Organization approved antivirus / antimalware properly installed and utilized
• To the best of one‘s ability a separation between work and play uses for the device – including accepted levels of personal use while on company time
• A declaration from the organization regarding the seizure and the forensic examination of the device in case of a breach in security or policies
• A signed document outlining the accepted uses and company policies including the right to backup, modify, determine access and/ or delete corporate data without reference to the owner or user of the personally owned device

Risk Management Studio is a software tool designed to aid in the strategy and analysis of the risk associated with information security and the International Standards that govern said policies. The customizability of RM Studio is ideal in a situation as described in this article. Once you have created and implemented your BYOD policies, you are capable of utilizing RM Studio to monitor and maintain the risks associated to the organization and its assets as they relate to the use of personal devices at work.