Even though the advantages are tempting, the adoption of BYOD is hindered by security concerns, especially data loss or leakage.
Based on Forrester's survey, 27 percent of the respondents in Asia Pacific used unauthorised Internet-based services for work. By accessing or sharing data via these unprotected services, there is a potential for that data to be leaked out to external parties. Besides, data loss or leakage can occur if an organisation does not remotely wipe the company-related data stored in the personal devices of employees when they leave the company.
The solution adopted by both Mondelēz International and Standard Chartered is to have their employees to sign legal agreements acknowledging their understanding and commitment to security before joining the BYOD programme.
At Mondelēz International, personal devices permitted for work are required to have basic programmes such as encryption, antivirus and minimum operating system standards. Employees who are unable to "self-support their hardware and software" will be denied from being part of the BYOD programme, said De Santis
Standard Chartered safeguards its data by having in place digital security measures. "We have installed digital security measures like certificates, password policies and VPN. [We are also] rolling out a mobile device management (MDM) tool that partitions personal data from work-related data," said Walker.
Building a secured BYOD programme
Having in place compliance policies and a multilayered security framework are vital in any BYOD programme, said Gupta.
A BYOD policy should contain guidelines for devices, applications and services; allow employees to opt in or out of the programme; and outline penalties for non-compliance. Gupta added that since BYOD is usually linked to productivity, KPIs must be attached to the mobility programme to track progress and be modified as needed.
However, it is not enough to simply rely on MDM technologies to completely secure enterprise data, added Gupta. He advised organisations to implement security checks at every point that personal technology and corporate data intersect. For instance, aside from deploying network access control to ensure that only authorised devices have access to corporate files, data on a device or sent outside the firewall should be encrypted. By integrating different layers of security measures into a cohesive network, security fears surrounding BYOD can be alleviated, he said.
Even with the right policies and security framework in place, BYOD programmes would not be able to run without employees with the right skills. To provision and manage mobility, organisations should hire professionals with the right skills such as mobile app developers and mobile security specialists, said Gupta.
Organisations should also equip their existing networking staff with advanced WLAN skills to support the myriad of devices, and with application optimisation know-how to ensure faster connectivity with centralised apps, especially from remote locations. If these are too much of a hassle, organisations can partner up with an outsourced mobile agency for their needs, said Gupta.
Sign up for CIO Asia eNewsletters.