Bring Your Own Device—Everybody Else Does It!
But everybody else does it. A phrase all too familiar to parents of teenagers is now being heard in companies everywhere as more and more employees insist on following the bring your own device (BYOD) trend and using their own smartphones, iPads, tablets, Android, and assorted electronic devices to access email, intranets, databases, and other company resources.
According to industry analyst Gartner, BYOD “is an alternative strategy allowing employees, business partners and other users to use a personally selected and purchased client device to execute enterprise applications and access data.” Gartner says BYOD programs “herald the most radical shift in enterprise client computing since the introduction of the PC.”
The advent of the digital anywhere, anytime, on-any-device workforce means developers and those concerned with enterprise security must also navigate increased security risks introduced by these personal devices. Recognizing the potential headaches posed by BYOD, most companies are establishing guidelines.
For companies that may not as yet have formulated their own BYOD policy or would just like to review their procedures against another yardstick, the US federal government’s Digital Services Advisory Group has issued a BYOD toolkit for federal agencies contemplating implementation of BYOD programs. The BYOD toolkit makes a good resource.
The toolkit examines three means of implementing a BYOD program:
- Virtualization: Provide remote access to computing resources so that no data or corporate application processing is stored or conducted on the personal device
- Walled garden: Contain data or corporate application processing within a secure application on the personal device so that it is segregated from personal data
- Limited separation: Allow comingled corporate and personal data and/or application processing on the personal device with policies enacted to ensure minimum security controls are still satisfied
There are helpful case studies included from the Alcohol and Tobacco Tax and Trade Bureau, the US Equal Employment Opportunity Commission, and the State of Delaware BYOD Program.
Ignoring a popular phenomenon won’t make it go away. According to the government report, by 2015 more Americans will access the Internet via mobile devices than desktop PCs. What if an employee uses his iPad to access the company network and then loses his device? What happens next?
While sometimes But everybody else does it is clearly an exaggeration, with BYOD it is not only true but it’s a good idea to keep in mind another saying—Hope for the best, plan for the worst.
