What is it?
Bring your own device (BYOD) is the IT model that allows employees to use their own devices for work purposes, rather than company-owned hardware. This may be anything from smartphones and tablet computers to laptops and PCs.
The popularity of BYOD has rocketed over the past 12 months, with research by tech firm Cisco revealing that 95% of businesses already allow BYOD to some extent – whether that’s reading work emails on smartphones or allowing network access through employees’ tablet computers.
BYOD is relevant for most businesses that have office space or a current reliance on PCs, where day-to-day business practices could be supplemented by using a smartphone or tablet computer. It is unlikely to be relevant for a retail store as employees cannot bring in their own cash register to complete sales but would be highly relevant for a mobile workforce or an office with flexible hours outside of the normal 9-5 workday.
The key ‘who?’ question that we should be asking is: ‘to whom do we allow access and to what?’
Businesses can reduce the security risk by establishing different levels of access for different teams. For example:
- Basic – access to routine information – nothing sensitive or confidential. This level of access requires a low level of security. A basic level open to all employees.
- Moderate – access to some sensitive information like business financials or customer databases. This level would be offered to fewer people than the basic level and poses a moderate security threat.
- High – this level of access would need higher security measures than the previous two as it enables users to access confidential information about the business, customers or employees. This would only be offered to high-ranking managers or directors of the business.
- Top Secret – the highest level of access. This would require the highest security as would permit access to highly-sensitive information that could be government-related or could put the public at risk. In this situation it may be recommended not to provide access through personal devices.
Why has BYOD become so popular?
The millennial generation, or Facebook generation, has grown up with 24/7 connectivity as a way of life and has accepted this ‘always-on’ structure of IT as the way that it should be in not only a personal but a work environment as well.
Add to this the increasing adoption of smartphones and tablet computers – smartphone adoption now stands at 51% in the UK overall, and at a massive 75% of 18-29 year olds – employees now not only expect to be always connected but also to be able to access the network/business information in a way that they are comfortable with.
Many businesses are behind the curve with BYOD, which is very much a consumer-led trend. The technology to enable the use of your own device at work has been available for some time – smartphones and tablets, virtual desktops and cloud storage. It has taken the employee, who has become accustomed to having access to everything at anytime, to put the two together and translate it into the workplace.
BYOD adds the flexibility that modern workers have been waiting for. Many offices no longer have a strict 9-5 working day. Having access from both inside and outside the workplace on a device that is with employees at all times enables them to get that extra hour of work done on the train to work or on the bus home.
Having a secure connection and end-to-end security, whether accessing from within or outside of the office is paramount to the success of BYOD. Other than offering different levels of access as suggested above, there are ways to mitigate the threats posed by opening your network up for access.
One of the key concerns is a business’s inability to prevent users downloading malware or spyware. Having systems in place to detect when a new device joins the network that then directs them to a page to download the relevant security package (that would be necessary to install before access to the network is allowed) would reduce this risk significantly.
Businesses should also put a policy in place that lays down guidelines and procedures for employees to follow should they choose to use their own device for business purposes. This could include security advice, the access limitations and best practice.
Other than the security issues, BYOD strategies have the potential to place a huge strain on a network with devices connecting via wireless, wired, VPN and WAN. A business considering adopting BYOD should ensure that its network infrastructure is robust and can meet the demands of the IT shift.
Once the network infrastructure and security strategies are in place, giving employees the ability to bring their own devices not only increases productivity but can also cut IT costs significantly.
As employees are bringing in their own smartphones, tablets or computers to use in the workplace, you, the business, no longer has to spend huge amounts of money providing a phone, laptop or PC (whichever is relevant) for each member of the workforce. It is not your responsibility when it comes to maintenance costs and upkeep of the technology – as long as your network and security strategies are fit for purpose.
An iPass survey of more than 1,000 mobile workers revealed that employees who use mobile devices for both work and personal issues put in 240 more hours per year than those who do not.
A BYOD strategy also allows the in-house technical team to focus on supplementing the growth and evolution of the business, rather than spending their days dealing with internal support tickets.