BYOD - A holistic approach can help

The concept of Bring Your Own Device (BYOD) is now becoming a rule than exception in today's workplace. In a recent survey by Gartner, 70% respondents said they either already have or are planning to introduce BYOD policies in the next 12 months.

While there are several benefits associated with allowing users to bring in their own personal devices, there are some concerns as well. The topmost BYOD concern is security. Employees are not only bringing their own devices, but launching their own network services, a potentially severe threat. Other challenges include:

Uncontrolled Access to the network, both in terms of what information is accessed and retrieved, and what happens to that information if a device is lost or stolen.
Lack of Application Security controls resulting in potentially huge data losses.
Device Support: Managing large device stacks in terms of tracking and controlling access requires considerable effort.
Impact on Data Privacy: Both enterprise-sensitive information as well as confidential customer information can be compromised easily.
Malware infections or phishing scam scan lead to unauthorized access to the enterprise network.

Despite these security issues, almost 80% of today's BYOD activity remains inadequately managed. In fact, a Gartner study reports that only a small 33% of organizations surveyed have policies in place to address BYOD-related issues.

The answer lies not in abandoning the BYOD initiative as some have, but in setting up proper security measures. For an effective BYOD implementation, enterprises must follow a five-step process that comprehensively covers information security and privacy issues.

Identify the need:
- Use employee surveys to identify the type of mobile applications employees use
- Identify the need and type of devices that employees tend to use

Assess the security and risk issues:
- Identify data security and privacy issues through a detailed risk assessment on all identified categories of devices
- Review the current capability of dealing with the issues involved and adequacy of existing controls

Gap analysis:
- Assess and analyze gaps
- Analyze control requirements to determine risk mitigation strategies
- Do a cost/benefit analysis

Finalize the plan and develop BYOD policy and set up a process:
- Finalize on the coverage in terms of what is allowed/disallowed
- Develop a policy to promote only company-approved devices
- Set up "acceptable use" policy
- Create and maintain the repository of allowed devices tagged with unique IDs

Communicate and harden the devices:
- Communicate and promote the BYOD policy
- Harden the devices to ensure that unknown or third party applications are not used in an unauthorized manner

While nothing can completely protect enterprise data from a determined, deliberate attack, the above steps will help enhancing employees' productivity on their preferred devices, without compromising on security. Do you agree? I would love to hear from you on your experience with this trend.

About the Author

Yogesh Hinduja is an Associate Practice Partner with Wipro Consulting Services with over 13 years of extensive consulting experience in the domain of Information Security, Business Continuity Management, IT Risk Management, Project Management, Transition, Migration, Network, Client Relationship Management and operations management across various countries.

Service Offerings

Client Themes

Service Offerings

Client Themes

Our Global Presence Global Site

Our Global Presence Global Site

Our Showcase Pages Locations

BYOD - A holistic approach can

help

About the Author

Service Offerings

Industries

Digital

HOLMES

Innovation

Contact Us

About Wipro

Our Brand Story

Location

Leadership

Investors

News and Events

Blogs

Analyst Speak

Partner Ecosystem

Careers

Sustainability

Contact Wipro