BYOD: the practice of allowing the employees of an organization to use their own computers, smartphones, or other devices for work purposes.
By Vikas Bhonsle, CEO, Crayon Software Experts India
May 22 2021: BYOD or Bring Your Own Device has been in discussions in recent times. It is also considered one of the most innovative concepts in the business world. Sometimes also referred to as Bring Your Own Phone (BYOP), Bring Your Own Technology (BYOT) and Bring Your Own PC (BYOPC). As per the policy, organisation permits or asks the employees to bring their devices, that includes smartphones, laptops and mobile tablets, into the workplace - and also use these devices to access company applications and information, even sensitive and privileged information.
But why BYOD?
Investment in computer and connectivity devices and their maintenance can be a huge IT expense for companies. Also, these devices require enterprise-level software installation, regular updating, and subscription to newer technologies. The company also must replace each device once it becomes obsolete or damaged. Thus, by introducing a BYOD policy, small or medium businesses can bring down their IT Capex (capital expenditure) and OpEx (operational expenditure) costs and increase productivity. With a growing number of employees, BYOD is gaining momentum, so it is important to have a comprehensive, secure program that can maximize user productivity and satisfaction, while cutting costs and allowing for Business Continuity.
The Biggest Challenge with BYOD
By 2022, the BYOD market is expected to be worth $366.95 billion. That's an impressive figure compared to a little over $186 billion in 2019. But BYOD did not grab attention because of its market growth or economic benefit for organisations, but because of the security threats that the policy brings with itself.
When a company sponsors its device, it also invests in security and firewall protections for its data and the network. But when it comes to BYOD, the data and network access are not secured, as employees will not be having the same protection on their own devices. Also, if an employee decides to leave their job, there is a significant risk to the company's data as the outgoing employee may always have access to classified files. Even employees can come at risk and have their data at risk by being linked to company systems. In terms of a data breach, both the employer and employee might be in danger of losing their data.
Implementing a successful BYOD model
The growth statistics mentioned above tell that BYOD policy is here to stay. Companies seem to be keen to leverage the productivity benefits despite all the security loopholes that BYOD brings in. Hence, it is critically important that companies take certain measures to implement a successful BYOD policy and minimize the damage.
A comprehensive BYOD policy: Companies must draft and circulate a comprehensive BYOD policy internally and clarify the company's position in this policy. Security must be the foremost objective.
Education of Internal Stakeholders: In-house training of employees is an important step when the company decides to employ the BYOD policy. It also helps the team to stay updated with potential risks in BYOD and the measures to avoid them.
Security Layers: The use of anti-malware, anti-spyware and full anti-virus scanning is a minimum step that companies must take when they let employee devices access the network. A separate 'guests' network isolating the BYOD access from the main network, can be provided to the employees.
VPN: If employees are prone to use public Wi-Fi on their devices, then companies need to invest in good VPN (Virtual Private Network) connectivity for their staff. A VPN connection ensures that data transmission between the device and the connected network is encrypted and secure. Even if the connection is made with an unknown public Wi-Fi, instead of utilizing the provided internet server, a completely secure gateway allows the user to access business systems.
If a business can afford, it is in the best of the company's security interest to avoid the BYOD policy. After the overnight change of work mode in 2020, many companies who were not prepared with secure laptops and other devices for their employees were forced to accept the BYOD policy, or in this case, the 'Use-Your-Own-Device' policy. However, with the coming times, more and more applications accessed on the devices will be through the SaaS or PaaS model. And the security level of these cloud-based services is usually strong, and there is less room for anyone to misuse data access. Otherwise, an organisation must have a complete suite of protection layers ensuring that data is protected at all times.