"Improper use of personal devices can result in corporate assets getting mixed-up with personal data, or even place sensitive corporate data at risk when employees download unsafe and unauthorised applications on their personal devices. Personal devices could also potentially infect the company network with viruses, and private customer or company data can be compromised if the device is lost or stolen. Companies could risk being held responsible for the loss of corporate data without a watertight BYOD policy," William Ngoh, Chief Product Evangelist for Business Mobility of VMware, added.
Addressing security issues
CIOs determined to implement a BYOD programme must thus take extra efforts to protect the data on employees' personal devices.
For instance, CIOs could look at enterprise mobility solutions that will enable a productive workforce while securing corporate data, Miranda advised. "At Microsoft, our cloud-based enterprise mobility management service called Intune manages mobile devices used by employees to access company data, including managing mobile apps used by employees and protecting company information by control access and sharing. These devices and apps are also compliant with company security requirements," she said.
Similarly, Ngoh suggested implementing a BYOD programme that supports device diversity, while putting the proper safeguards in place. "This can be done by deploying solutions that links enterprise applications and personalised virtual desktops to user identities and not devices. End users are able to easily access their data via any qualified device and any OS from anywhere in the world, while IT continues to centrally control policies, security, delivery of content and corporate assets in a secure and auditable way. This also enables employees to better manage and maintain their personal applications and data as well."
William Ngoh, Chief Product Evangelist for Business Mobility of VMware.
CIOs might also consider the Choose Your Own Device (CYOD) approach to overcome the security challenges of BYOD. IDC predicts that 50 percent of unregulated organisations in APeJ will offer a CYOD programme to their eligible employees by 2019. "The rationale behind this trend is rather simple - this is the best option to balance between the organisation's need to secure its users and devices while catering to their employees' desire for having the device of their choice," explained Sundaram.
Regardless of the mobility approach taken (ie. BYOD or CYOD), organisations need to secure the data on the device instead of just the device. "Companies need to [now] move security into the application layer to ensure top-notch productivity from employees, combined with more robust security. It is no longer about securing the device and the edge of your network. Instead, it is now about securing the data and the app," asserted Burns.
Sign up for CIO Asia eNewsletters.