Bring your Own?
A relatively new concept, the Bring Your Own Device model has "jumped the chasm" from early adoption phase to Main Street in a remarkably short time.
The chart below from Google Insights shows the rise of the search term "Bring Your Own Device" - the rate of increase of the search term surpasses "iPad" or "iPhone", and the number of searches in the past 90 days is only just behind "sex" and "Angry Birds".
With 75% of organisations having a Bring Your Own Device policy (according to Aberdeen data published on ZDdnet and our own customer survey) the debate has (rapidly) shifted from "should I do it" to "how do I manage it".
Here's a few things to consider from recent articles, and our our experience with customers like GPT Group:
- It's not just about technology. It's about culture and managing change: in transforming their workplace, GPT ran a massive change program alongside the technical work to embed a culture change in staff. While many staff may already be using a tablet or smart-phone, how these are used to access corporate data needs and the potential risks needs to be explained and backed by policy. After all, with apps like Dropbox (allowing easy sychronisation of data across devices) and Gmail (probably offering more space than the corporate mailbox), it's highly likely that your corporate data is already leaving the controlled IT environment.
- Review policies. According to our recent survey, over half (55.6% to be precise) don't have a mobility policy. Nemertes Research surveyed organisations about their approach to securing mobile devices and laptops, noting that there was a very different approach to the two types of devices. Laptop security was about anti-malware and firewalls; mobile devices around "wipe and lock capabilities and GPS tracking. As the devices and technologies converge, review the difference between security controls on different types of end-user devices on the basis of: "Is this difference based on valid reasons or a result of legacy thinking?"
- Ready for the enterprise App Store? The availability of apps was a significant driver in the rapid take-up of Apple's iPad; many corporate applications or processes are not easily accessible from mobile devices. Organisations that have integrated tablets or smartphones into their processes have developed their own apps, or created an enterprise app store to consolidate relevant work apps. In 2009, US company Genentech developed over 30 in-house apps for the iPhone for employee use. Its CIO, Todd Pierce, stated in an interview: "I spent $10M making my purchasing system usable on SAP. I spent $10,000 making it usable on my iPhone. You do the math" (iPad in the Enterprise: Developing and Business Applications).
So, how ready are you to address the challenges of IT consumerisation? Do your policies reflect the "Post PC" world?
‘If you don’t define your BYOD objectives and supporting policies and processes, your end users will do it for you – but not with your company’s security, data loss prevention and compliance requirements in mind.’ - Joe McKendrick, ZDNet