"At BT, we have made a point of sharing the details of our BYOD strategy with our workforce so it's clear what we can support and what areas we have to tread carefully due to business risk," says Jason Cook, chief architect & CTO, U.S. & Canada and CPG, BT Global Services. This allows workers to know upfront what is permitted and mitigates the risk of unapproved apps and devices being used, as well as security risks.
4. Offer alternatives. "Today's workers expect to be able to find, view and use their data across locations and devices," says White. "If enterprises don't provide a secure solution for access to corporate data remotely, employees will find their own ways to manage information to work efficiently by using consumer products that can put the organization at risk," he says.
"By providing employees with secure, IT-controlled anywhere, anytime access to information on-the-go, they can reduce the risk of employees deploying outside products that are beyond the awareness, discovery and control of IT," White says.
"Your employees are using iOS and Android-based devices to access their work content remotely," says Jeetu Patel, general manager, EMC Syncplicity. "So make sure that you give users mobile alternatives that either work with your existing mobile management platform or provide extensive security and policy controls to protect data on lost or stolen devices."
"IT organizations shouldn't ignore BYOD, but should address this up-front with a solution that enables these employees to do all of their work securely on personal devices," says Tyler Lessard, chief marketing and product officer, Fixmo, a mobile device software company.
"If they don't, they expose themselves to the risk of users working around policy and finding other ways to forward corporate documents, etc. to their mobile devices," Lessard warns. "Address [Shadow IT] head-on, in a strategic way, saying 'yes' to BYOD and giving employees a proper way to securely do work, rather than forcing them to find workarounds."
5. Restrict access to third-party apps."Restrict your users' access to applications such as Dropbox, SharePoint and SkyDrive among others," says Christophe Boudet, managing director, Akita IT Services. "Most IT policies will prevent individual users from choosing the applications they are able to install anyway," he says. "Further, clearly state in your IT policy that these services are not permitted, and provide your staff sufficient training so that the message is clear to them."
However, "blocking is not always the best approach," argues Gupta. "Sometimes it can be more effective to identify the users, help them understand the risks and suggest a low-risk alternative with equivalent functionality. People tend to find ways to get to sites and services they feel unjustly blocked from."
Sign up for CIO Asia eNewsletters.