Do Enterprises Really Need a BYOD Policy?

The Federal Bank started using mobile devices for accessing the corporate information from 2009 onwards. Back then the number of such devices was limited and corporate email was the first application that could be accessed through them. Today, however, the number of applications published for access on mobiles has increased manifold along with a variety of devices available in the market. This has both advantages and challenges.

K P Sunny, CIO, Federal Bank, says, “Our challenge is to ensure availability of applications on all these devices and to build a device management capability, which can enforce control on all these devices. To be on safer side, we restrict the access to information from specific brand of devices.” Further stressing the importance and criticality of the challenge of protecting data that an organisation deals with, he says that this is what will ultimately decide an organisation’s willingness to build a mobility strategy.

“Also, we are under strict regulations that mandate the need for data management and control. Any instance of data leak will be looked at seriously by the market,which in turn will affect the credibility of the organisation. Hence, there can be no compromise in building such capabilities,” adds Sunny.

There is a Gartner report that predicts that by 2017, half of all employers will require workers to supply their own devices for work purposes. According to Gartner, enterprises that offer only corporate-owned smartphones or provide stipends to buy your own will soon become the exception to the rule. As enterprise BYOD programmes proliferate, 38% of companies are expected to stop providing devices to workers by 2016 and let them use their own.

Data capture mayhem
With consumerisation of IT, organisations are grappling with the massive amount of unstructured data generated every minute and second. Capturing data becomes an issue when it comes to BYOD.

According to Tarun Kaura, Director, Technology Sales, India, Symantec, “The advent of BYOD in recent years has turned personal security threat into a corporate one as well.” Owing to challenges like security, data breach, device management, regulatory issues amongst others, enterprises are reluctant to implement BYOD in their business strategy. According to Symantec’s State of Mobility Survey 2013, 72% of surveyed enterprises faced mobility incidents and 37 % lost revenue due to mobility incidents in the previous year.

Manoj Khilnani, Country Marketing Head – Enterprise, BlackBerry India, says, “To provide real value to an organisation’s business, data capture systems must do more than simply capture and export data to the relevant business applications. Data must be efficiently managed through each step of the relevant business process to improve transaction automation and minimise the use of human intervention.”

He further says that with BYOD, it becomes even more difficult for organisations to distinguish between personal and corporate data and make relevant use. Security and privacy concerns are other key issues in capturing data when it comes to BYOD. Compartmentalisation of personal and professional data by a single, secure, end-to-end management console is the solution to all the issues related to data management and BYOD.

Dr. Pandurang Kamat, Chief Architect, CTO, Persistent Systems), says, “BYOD data capture is done with the help of Mobile Device Management (MDM) and Mobile Application Management (MAM) application suites. The issue in capturing data is that CIO has to balance the organisation’s right to control and monitor its data with the employee privacy.”
He stresses that organisations should ensure that they are monitoring only business data and minimal add itional metadata on the phone and the apps on it, and not any personal employee photos, videos or data within non-corporate apps.

BYOD definitely enables employees to operate freely from their preferred devices while simultaneously giving enterprises the chance to save on various operating and maintaining costs without any loss of work productivity. However, since the data lies at the end points of the personal devices, there is a very high risk to data security and leakage that needs to be addressed.
According to a Forrester report, failure to implement a BYOT (bring your own technology) policy increases information security risks. A majority of enterprises in India are avoiding the necessity to formalise and implement a BYOT policy. This will only push employees to explore and use new consumer-oriented applications and web services to manage their work, putting I&O professionals under tremendous pressure to ensure information security.

According to Nilesh Goradia, Head PreSales – India Sub continent – Citrix, “Organisations have increasingly started focusing on data consolidation policies as their primary focus is to collate, manage and secure data. NAS piler is one such example that uses file servers to effectively achieve this target.” He adds that organisations constantly face the issue of managing employee devices, and hence the need to define policies to prevent data leakage and have a contingency plan for unforeseen circumstances. In a situation like this, desktop virtualization can help both employees and employers, by decoupling data from a central location such as server, which ensures that the employees have secure access to corporate data from any device. At the same time, the IT team has complete control over it.”

Frame it right
The BYOD phenomenon calls for a balancing act between the needs of the employee, the organisation and the available resources. The most challenging adjustment for CIOs adapting to the BYOD trend is the need for better systems to authenticate network users, essentially all who access corporate systems with their own personal mobile devices. The IT infrastructure to support BYOD has developed, but there are a few kinks to iron out in terms of policies and guidelines.

According to Khilnani of BlackBerry, “Organisations deploying BYOD policies are exploring new grounds in the consumerisation of IT. They look to improve the productivity of the staff and also believe that costs will reduce drastically as employees will require less technical training if they use the same machines at home and at work.”

Also, for organisations dealing with BYOD, the ability to manage and secure devices running on different operating systems is critical. With BYOD it is very important that users are allowed to work on the device of their choice. In any workplace, there is a clear need to accommodate a diverse inventory of mobile devices and operating systems.

According to Kamat of Persistent Systems, “Clarity of the purpose and scope of the BYOD policy in the mind of the CIO/CISOs is important. It is important to identify supported devices, approved and blocked applications and also to define the level of enterprise IT support available to the supported devices.”

He goes on to say that there needs to be a strong security policy for the devices. It is important to establish the data monitoring and ownership policy. It is also helpful to define a clear employee exit policy and procedure to ensure enterprise data and access is removed from the employee device.

Sunny of Federal Bank is of the opinion that data access and usage policy will be the pivot of a BYOD policy. “It will define what, who and how of the data that is being accessed. The usage policy will help to define how to use the information received. However, defining such policies by itself will not provide the envisaged benefits. Sufficient measures should be taken to enforce the policy and its adherence,” he says.

According to Goradia of Citrix, as organisations redefine strategic approaches and the consumerisation of IT continues, a complete BYOD policy will need to encompass both policy and technology. “By shifting device ownership to employees, the burden of device management is eased while control of the device is retained,” he adds. Few key considerations that need to be accounted for before developing a BYOD policy should include long term cost saving benefits of the implementation, a measure to identify if it has a positive impact on productivity of the employee, and a visibility into types of devices that will need to be supported.

As per Arun Shetty, Director of Collaboration Solutions – India, Avaya, the starting point for any enterprise wishing to embrace BYOD is defining IT compliance policy. “Ask yourself some important question such as — do you have a network access solution that allows you to enforce the IT compliance policy? Can your IT managers quickly and easily add, remove and change devices on the network and limit level of access”

He goes on to say that BYOD devices will leverage the enterprise wireless network when users are on-campus. Organisations need to ask whether wireless network is up to the challenge. Can it scale to accommodate the explosion in mobile traffic. Can it enforce the network bandwidth allocated to devices and users

There are several other points of introspection like what are the critical business applications that the enterprise relies on. Can you deliver these applications across all devices while providing a consistent end user experience. Do you have tools to set traffic rules and prioritise network flow to ensure optimal QoS on mobile devices. Do you have the ability to assign devices to specific service classes to assure that high-priority users and applications receive high-quality service? Does your solution provide for both active and passive guest management. Can you ensure that guest devices coming onto the network have the freedom to access the resources required while protecting sensitive enterprise data. If an emergency call is made from a mobile device within the enterprise, can the user be accurately located

Shetty suggests ‘one step at a time’ can be hailed as a mantra while devising a BYOD policy. Organisations should always start with simple objectives like securing emails or monitoring framework of operations for the network. Once established, this tactical approach can slowly evolve into a more strategic function, which involves analysing the versatile user requirements of the various employees and devising deployment strategies, accordingly.

The BYOD phenomenon is undoubtedly helping enterprises deliver smarter and faster collaboration solutions. Indian organisations cannot afford to ignore BYOD and its surrounding components.

Goradia of Citrix says, “I don’t believe India is lagging behind in comparison to APJ countries. We have the technology in place to effectively deploy a mobility solution at any point of time. In fact, a large proportion of organisations today are at some stage of a mobility strategy: inception, discussion, assessment or deployment.” He agrees that the biggest challenge lies in the lack of a well defined mobile strategy.

Comments (0)
Add Comment