R.I.P BYOD: On To The Next One

David Lingenfelter, Information Security Officer, MaaS360 by IBM
420
676
149

Who remembers the war  between employees and  their IT departments  when the thought of  bringing your own  device (BYOD) to  work first emerged? I know CIOs remember it vividly because it represents the moment when the discussion around control of enterprise endpoints shifted forever. It pushed the boundaries of what IT departments could control and not control.  Early in the debate over BYOD, enterprises really had three options to choose from when addressing the growing clamor from users – ignore it, block it or understand it.  Unfortunately, most corporations picked the first two. Not a big surprise since many decision-makers also once considered the first-generation iPhone a toy not a business productivity device. (My, were we wrong).  The business case for BYOD quickly made itself apparent, often with company executives pushing to use their new device for work. Once the executives got the ball rolling and we saw them understand BYOD’s implications emerge and CIOs created policies to govern the use of personal devices. According to a recent IBM study, 48 percent of business leaders said their companies have formal, BYOD regulations in place.  What emerged from the early  BYOD wars was, CIOs and IT  units implemented technology  in the form of enterprise  mobility management (EMM)  leveraging techniques to deploy  more granular policies, striking  a better balance between  enabling employees and  ensuring security. Thanks  to the evolution of EMM  technology, BYOD is  now nothing but another  use case to manage.

Flexibility Is Key

Fact is, CIOs still are focused on ensuring employee productivity but the concern around security continues to grow. What we’ve seen is that there is no “one size fits all” approach for BYOD or other mobile use cases. Both IT and the technology to manage mobile is now of higher intelligence. For example, data can be secured in specific areas on  devices while personal data is ignored. In the process, security must not get in  the way of employee activity; it must be  an enabler. To accomplish mobility goals, flexibility is key. One possibility is to  allow employees to enroll in a program that is enabled by EMM solution. This permits users to access company resources while giving IT limited control over their devices, an arrangement that  agreeably takes end-user privacy into account. While it’s the most common way to manage devices, will be a big hit with your employees? Hardly.

An alternative is to provide  employees with a separate app to access  work email, calendar information,  contacts and documents without  enrolling a user in the EMM solution.  In this scenario, IT would place security  requirements, such as passcodes,  encryption, and data loss prevention  controls, on corporate data and apps  without interfering at the device  level. If you’re looking to gain  popularity points with your  employees, this option is  ideal since corporations  would have “less” control  over a user-owned device.  It removes the stigma of big  brother.

Fortunately, flexible  EMM solutions allow  IT to deploy different  approaches that comply  with security guidelines  while respecting user privacy.  Unless a device conflicts with  corporate policy or  contains malware,  there’s no  reason  to impose further on an  employee’s  mobile device. Some options even help both the user and corporation remain safe. For instance, the ability to detect and notify the user that malware has been discovered on their device can  help protect their personal information.  It’s especially relevant in 2015 since malware infected over 11.6 million mobile devices last year.

The focus is now on IT to evaluate the purpose of a specific device, examine the corporate resources that a user  accesses and apply the proper technology and policy to govern. The implementation ultimately hinges on the explicit  use case and user requirements. Just  remember, there isn’t a single policy to  manage all devices and all users. If any - thing, that’s a quick way to pit IT and end users against each other.

“Flexible EMM solutions allow IT to deploy different approaches that comply with security guidelines while respecting user privacy”

Analytics Will Alter the Future

As mobile and big data analytics converge, it will create new forms of intelligent management policies that use context and automation to deliver services. In the coming years, the industry will have more granular control over identity and access management of users and devices. Predictive algorithms in EMM products that forecast risks in devices before they surface will be the new game-changer. Further advancements in analytics and security intelligence will enable IT units to identify vulnerabilities within corporate environments and prevent threats from happening.

These developments will stimulate heightened security measures, further enabling successful mobile adoption.  Slowly but surely, the EMM market will evolve from simply enrolling a device in a solution to understanding context and providing predictive analytics. Exciting times are ahead.

While BYOD may no longer be a phenomenon, securing the enterprise still remains the ongoing challenge. It’s up to CIOs to understand the shifts in the landscape, adopt a flexible approach that ensures user productivity while increasing security standards and move on to the next one.

Read Also

Technology & Mobility- Reshaping the Travel Itinerary

Gerard Insall, EVP & CIO, Avis Budget Group

IOT - Can it be Controlled before it Controls you?

Laura S Marble, VP, IT, Blue Cross Blue Shield of Michigan

Analytics: What Has Changed and What Has Not?

Zhongcai Zhang, Chief Analytics Officer, New York Community Bancorp (NYCB)

Establishing best practices for a comprehensive risk-based product security program

Michael McNeil, Global Product Security & Services Officer, Philips