As the commercialisation of IT continues, SoHoBlue’s Nick Morse looks at ways to improve security instead of banning devices altogether
The growing movement towards “bring your own device” (BYOD) is causing headaches for companies looking to secure their networks, but far from introducing blanket bans, organisations should be looking to reassess their strategies for working with this new trend.
The consumer market will always be ahead of the corporate market when it comes to adopting new technologies – whether they be smartphones, tablets or the next big thing – and there are important benefits to companies allowing their staff to connect to their networks using their own devices. These range from increased productivity from using devices with which they’re comfortable, to procurement spending less re-equipping employees who are generally upgrading themselves. There’s also an argument that staff morale will improve because they can use their gadget of choice.
While those controlling network access – from business owners to security officers – may break out in a sweat at the thought of having to manage all these devices securely and protecting the integrity of their own systems, the secret is to control their usage through education and understanding. This is as big a problem at SME level as it is for enterprise managers.
According to a survey published last year by Juniper Networks, more than half of mobile device users are accessing employer networks without permission, and the majority of them do not follow the company’s security procedures. The best way to avoid security issues through incidences like these is by educating staff and setting out a clear mobile device policy – which too many companies still do not have. Without this type of policy in place, companies are simply inviting disaster.
Also, the problem is not just about protecting critical systems from being accessed by unauthorised devices, but about how data on those mobile devices is protected. Although people are using their own devices to access company information they often have a very different view of security and they certainly do not regard the loss or theft of a smartphone with the same level of alarm as they would with a laptop – despite the fact that many smartphones now have similar capabilities to laptops. Again this is a case of education and of setting out clear policies.