Problem of using personal devices in corporate IT-infrastructure (BYOD)

Nowadays when new technologies and various mobile devices appear and user interfaces develop, efficient user workspace is constantly expanding. Present-day automated workplace contains a lot of tools and technologies being different in features and often in generation. If earlier employees were limited with an assigned workplace and strongly defined set of tools (work station and fixed phone) which did not always correspond to scale and functionality of the task being solved, then currently a lot of possibilities not only to select and use wide range of up-to-date devices but to select convenient workplace appear for employees of different levels and for organizations as a whole.

Tablet PCs and other mobile devices had appeared for the first time only several years ago but they had become widely used at ones not only by common users solving personal tasks but by organizations’ employees bringing mobile devices being convenient and familiar in everyday use to the office.

Organizations making advance for their employees let them decide what tools and devices they need to perform their job duties. In this way organizations stimulate the employees to bring their own devices that are familiar for them, handy and friendly in use to the workplaces.

According to the research of Magic Software company, in 2013 the proportion of companies having implemented BYOD (Bring Your Own Device) policy will amount to 57.1%. BYOD indeed has a lot of advantages and employees’ satisfaction of its implementation is high enough – in Russian area it is about 59%. However it should be kept in mind that BYOD is not only formal permission for employees to use their own PCs for their work. This is full-featured policy including changing IT-infrastructure and IT-security of the organization and requiring efficient planning and stepped implementation.

Among the most obvious steps of planning the following ones can be mentioned:

  • Providing anti-virus and anti-spam protection
  • Required data encryption on the device
  • Providing secure network connections to corporate resources and Internet
  • Centralizing device management
  • Permanent control over keeping IT-security policies (using strong passwords, digital certificates, etc.)

Unfortunately, world statistics in this respect is rather dismal yet:

  • 58% of companies do not monitor employees’ personal devices allowing them to store sensitive corporate information unprotected and to install riskware on their devices
  • 41% of companies have only formally implemented BYOD policy without keeping all required IT-security rules
  • 33% of companies only give access to internal resources for employees’ personal devices without implementing BYOD policy itself.
  • 39% of companies have implemented BYOD but do not use any protection tools due to budget deficit.

In case of such approach BYOD policy can cause more harm than good – it becomes IT-security breach in the company. But it does not nearly mean that implementing BYOD is a bad solution. One should thoroughly think over the strategy of BYOD implementation and possible implications concerning legal, financial and personnel issues and demands to meet requirements mentioned in service level agreement.