The struggle between IT policy and user ability is a major pain for any IT manager. With 85 percent of users in Asia expecting to use their mobile device in the office and 71 percent already using them, according to Blue Coat, IT managers have to accept that BYOD is no longer a buzzword.
"To IT executives, the biggest threat to their network are their own users," said Jon Andresen, vice president of marketing for Asia Pacific at Blue Coat Systems.
Andresen reiterated the issues that IT managers face; data security, malware, spyware, phishing programs, data leakage and performance.
But with all these concerns sending IT staff over the edge, wouldn't it be easier to just say no to BYOD completely? No says Andresen, the productivity value of users bringing in their devices will result in any company ultimately looking at some form of mobility solution.
"It's hugely productive, lowers cost for the company and this is ultimately good for the company," Andresen said.
Embrace it, says Andresen, accept that BYOD is here and learn to be flexible by implementing two different phases of security.
Phase 1: Secure the network based on user or user groups
"The first step is to protect your network from the negative effects of BYOD," Andresen said.
Andresen notes that it's not about locking down the network and disallowing a long list of actions but controlling the network while adding unified Web security into the mix.
Once a device comes onto the network, it should be detected and the IT policy sent and made active on the user's gadget, he explained.
"What you need is more specific app control, so that it's more granular, for example IT can allow a user to read a blog feed but not post a blog," Andresen said, adding that this way, the network is safer and the users still get their functionality.
Andresen also noted that most companies are now realising it's much easier to control the users' accessibility depending on who they are, be it the finance department, the marketing department or C-level executives.
"This way you can make sure they're not surfing bad stuff," he added.
What happens when the device leaves the corporate network and onto non-secure public wi-fi networks locally or internationally?
Phase 2: Cloud based security for out of office control
When the device leaves the network, the user immediately gains full control over which apps they choose to deploy and download. To prevent malware and spyware getting onto the device and subsequently onto the corporate network, Andresen advises the use of a minimal level of cloud-based security.
"People use these devices because they are always connected, and since they're always on some kind of network, technically, they're connected to the cloud. So when the user is off the controllable corporate network, a certain level of IT policy can be sent to the device via cloud," Andresen explained.
Sign up for CIO Asia eNewsletters.