© The Financial Times Ltd 2014 FT and 'Financial Times' are trademarks of The Financial Times Ltd.
February 25, 2013 6:58 am
Consumerisation and the bring-your-own-device (BYOD) trend have changed the way smartphones and tablets are selected and used in business. Ten years ago, it was standard practice for companies and other large organisations to issue executive teams and key travelling staff with smartphones, typically a BlackBerry designed primarily for mobile email and messaging.
Employees loved the devices while corporate IT departments, many of which installed BlackBerry Enterprise Server (BES) software, appreciated the reliability, security and manageability of the BlackBerry system.
But as Research In Motion, the Canadian maker of the BlackBerry, and its rivals including Nokia and Motorola were to discover, the consumerisation of corporate IT, led by the launch of the iPhone and the iOS operating system in 2007 and the subsequent launch of Apple’s App store a year later, changed the picture.
Touch-based devices such as the iPhone, iPad and Android-based handsets and tablets, provided consumers with a window into a mobile connected world where information and entertainment were a finger swipe away. Inevitably, these devices began to find their way into work places.
“It was clear employees were using iPhones and Android smartphones in their personal lives and did not want to carry two devices – one for work and one for everything else,” says Nelson Saenz, director of IT for Active Interest Media, a California-based media group that used company Good Technology to provide the software it needed to manage the growing portfolio of devices its staff used at work.
Similarly in the UK, the Civil Aviation Authority is rolling out Good for Enterprise software that lets mobile workers securely access emails, contacts and calendars using personal or corporate-owned Android smartphones, iPads and iPhones.
“At the start of this process, our aim was to satisfy employees demand for use of newer devices by moving away from BlackBerry, reduce our overall cost of ownership and increase functionality while not compromising security,” says Darryl Sampson, CAA’s head of infrastructure.
Companies such as Good Technology have enabled IT departments to embrace the BYOD trend while maintaining security and manageability. Handset makers including Samsung, the Korean smartphone market leader, are providing mobile security and enterprise management tools as part of their efforts to win more corporate customers.
BlackBerry, recognising it must accommodate other brands if it is to retain its still sizeable market share among corporate customers, has built the ability to manage a diverse range of devices into the latest versions of its BES software. It has introduced a feature with its BlackBerry 10 operating system that will allow users to toggle between work and home modes on Z10 and Q10 handsets.
Although some companies have resisted introducing personal devices into the corporate IT infrastructure, most recognised it makes more sense to embrace and manage the BYOD trend. Some 70 per cent of corporate respondents in a Gartner survey published in December said they already have, or are planning to have, BYOD policies in place within the next 12 months that allow employees to use personal devices to connect to corporate applications. Thirty-three per cent of all organisations surveyed have BYOD policies in place for mobile devices.
Dionisio Zumerle, principal research analyst at Gartner, says BYOD has a huge effect on mobile security. “Policies and tools initially put in place to deal with mobile devices offering consumer-grade security must be revised to deal with these devices being under the ultimate control of a private user, rather than the organisation.”
In particular, Gartner says organisations must consider action in several areas when moving to a BYOD policy:
First, recognise that the right of users to employ the capabilities of their personal devices conflicts with enterprise mobile security policies and increases the risk of data leakage and the exploiting of vulnerabilities.
“Using mobile device management (MDM) software is one way to enforce policy on mobile devices,” said the Gartner report. “Users should obtain access to [corporate] information only after having accepted an MDM agent on their personal devices, and possibly a URL filtering tool, such as a cloud-based secure web gateway (SWG) service, to safeguard and enforce [company] policy on internet traffic. Businesses should consider using application white listing, blacklisting and containerisation, as well as setting up an enterprise app store ... for apps that are supported.”
Second, user freedom of choice of device and the proliferation of devices with inadequate security make it difficult to properly secure certain devices and keep track of vulnerabilities and updates. “Allowing users, rather than the IT department, to select operating systems and versions of mobile devices opens the door to devices that are inadequate from a security standpoint,” said the report. “An essential security baseline should require enhanced password controls, lock timeout period enforcement, lock a device after password retry limit, data encryption, remote lock and/or wipe.”
The report warned that “excessively limiting the types of allowed devices eliminates the benefits of BYOD for users. There should be no compromise of security for the sake of device variety, but where it is possible to manage and secure a new device model, it should be done. The policies that are enforced will depend on the risk appetite of the organisation and the sensitivity of data allowed to reside on the device.”
Copyright The Financial Times Limited 2014. You may share using our article tools.
Please don't cut articles from FT.com and redistribute by email or post to the web.