Identifying and Addressing BYOD Security Concerns
PERSONAL DEVICES IN COMPANIES
Today, the adoption of smartphones and tablets is rising at a rapid pace, along with growing number of employees who have to stay connected over long distances. Enterprises need to come with new mobility solution strategies to manage and organize these devices. A recent study by Gartner indicates that PC sales are in decline – the majority (87 percent) of devices shipping in 2015 will be mobile phones and tablets. As a result, 451 Research predicts, the $3.8 billion EMM (enterprise mobile management) market will double in size to $9.8 billion by 2018.
Various SMBs are jumping on the bandwagon of mobile solutions. SMB Group research indicates that 67 percent of small and medium sized firms now view mobile solutions and services as “critical” to their businesses, and 83 percent have already deployed mobile apps to help improve employee productivity. Of these, 55 percent are using mobile apps for specific business functions, such as CRM or order entry, and 49 percent of SMBs are building mobile-friendly websites, and/or deploying mobile apps to engage and transact with customers.
Due to the sudden surge of smartphones and personal devices in the companies, BYOD (Bring Your Own Device) is becoming an extension of the mobility trend across various industries. To create a robust BYOD atmosphere, enterprises need to leverage Employee Mobile Device Management (EMDM) and Enterprise Mobility Management (EMM). Without EMDM, the lost data cannot be retrieved, which could allow valuable information to fall into the wrong hands. Likewise, gadgets without EMDM have an expanded exposure to malware and different infections that could compromise the safety of private information and the brand value of an organization.
Recent encryption policies adopted by major device manufacturers have appeased security concerns, held back enterprises from adopting EMDM solutions, to a certain degree. It is safe to assume other manufacturers would follow a similar route. Tackling the security issue would mean striking a balance between the strategy, ease of use, and proper layout of EMDM policies. Several EMDM vendors have placed more focus on encryption techniques and are on a spree of acquiring technologies that could aid EMDM. Data containerization through app level encryption on the device, VPN for communications, lucid segregation of personal, and corporate data are essential for a robust security solution without compromising on the ease of use. In addition, options to automate backing up of data and a degree of control into the functioning of the enterprise app are likewise necessary. Choose your own device (CYOD) scheme ensures better policy enforcements while giving firms a say in choosing devices whose compatibility with the EMDM infrastructure can be ensured.
Application Development is another major hurdle that companies have to overcome. Companies choose to develop them in-house or outsource them depending on budget allocations. Several vendors provide ready to deploy enterprise mobile ecosystems and platforms for developing the same through development kits or Rapid Mobile App Development (RMAD) tools that minimizes heavy coding. According to Gartner Inc, by the end of 2017, market demand for mobile app development services will grow at least five times faster than internal IT organization's capacity to deliver them. Employees in today's digital workplace use up to three devices on average. The number is likely to go up with the advent of wearable tech and IoT. This would place huge pressure on IT firms to develop and maintain software that is at par with the enterprise standards.
DEVICES ALIGNING WITH THE COMPANY
Identification of assets and processes would be the first step towards implementing a robust mobile strategy. The various aspects of EMDM must be reviewed properly while defining your EMDM strategy to achieve precise alignment with the organization workflow. For example, it should be ensured that upgrades/new installations do not end up in obsolete legacy systems (such as printers, existing connected devices). The most crucial aspect of EMDM is the options it provides in terms of security management, augmenting to the default security alternatives. Users can be authenticated through one-time password (OTP), Active enterprise directory authentications or a combination of both i.e. a two factor authentication. Password policy enforcements include setting the login attempts, options to lock device after predefined time-lapse, and choosing whether to support emergency calls when device is locked.
THE ROAD AHEAD
The years ahead would witness the realm of EMDM expanding even further as Internet of Things (IoT) will make further inroads across variety of peripherals such as, watches, eyewear, and even vehicles. Thorough evaluation through research and long forecast is thus critical while planning to execute EMDM solutions within the enterprise to secure and manage the ‘BYOD’ devices. Augmented Reality (AR) accompanied with Intelligence Amplification (IA, if not Artificial Intelligence, considering the near future) would play a pivotal role in restructuring the EMDM landscape.
By Tom Farrah, CIO & SVP, Dr Pepper Snapple Group
By George Evans, CIO, Singing River Health System
By John Kamin, EVP and CIO, Old National Bancorp
By Phil Jordan, CIO, Telefonica
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
By Dennis Hodges, CIO, Inteva Products
By Bill Krivoshik, SVP & CIO, Time Warner Inc.
By Gregory Morrison, SVP & CIO, Cox Enterprises
By Alberto Ruocco, CIO, American Electric Power
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
By Sven Gerjets, SVP-IT, DIRECTV
By Marie Blake, EVP & CCO, BankUnited
By Lowell Gilvin, Chief Process Officer, Jabil
By Walter Carvalho, VP & Corporate CIO, Carnival Corporation
By Mary Alice Annecharico, SVP & CIO, Henry Ford Health System
By Bernd Schlotter, President of Services, Unify
By Bob Fecteau, CIO, SAIC
By Jason Alan Snyder, CTO, Momentum Worldwide
By Jim Whitehurst, CEO, Red Hat
By Marc Jones, Distinguished Engineer, IBM Cloud Infrastructure