Should staff bring their own devices to work?

devices_sml1

Devices

The boom in consumer technology means that the devices your staff already own could be more powerful and flexible than those they’re issued at work. If they feel their workplace technology is impeding their productivity then they’re likely to push for a Bring Your Own Device (BYOD) policy – allowing them to use their own smartphones, tablets and notebooks for work purposes.

While a BYOD policy presents specific challenges, many businesses find it easier to approach BYOD as simply one part of a wider mobility strategy. The aim is to offer secure remote access to appropriate resources via a range of devices – regardless of where they are and who owns them.

So how do you manage a mobility policy which sees sensitive business information walk out the front door? One approach is to tightly manage the end device, and this could suffice for many organisations. But for businesses which deal with particularly sensitive data, or offer staff secure access to sensitive resources, the focus is moving away from managing the end device to simply managing secure access.

The rise of BYOD has spawned a range of new Mobile Device Management solutions, but RIM’s Blackberry and Microsoft’s Exchange with ActiveSync are still the major players. Beyond access to email, calendar, contacts and notes, both Microsoft and RIM offer the ability to enforce security policies on end devices as well as remotely lock and wipe lost devices.

The rise of Apple and Android wundergadets is shaking things up, but both RIM and Microsoft are moving with the times. These days you’ll find support for Microsoft Exchange and ActiveSync built into a wide range of consumer-grade smartphones and tablets. This makes it easy for organisations to manage a fleet of varied devices via a common platform. Even RIM has seen the writing on the wall and is adding ActiveSync support to PlayBook OS 2.0 as well as BlackBerry OS 10 for smartphones. But RIM hasn’t thrown in the towel just yet and is also introducing BlackBerry Mobile Fusion, which runs in conjunction with BlackBerry Enterprise Server to support Apple and Android devices.

At this point it’s important to appreciate that a successful BYOD program revolves around policies as well as technology. Your BYOD policy must clearly establish the limits of the business’ rights and responsibilities over devices belonging to staff. One controversial issue could be that BlackBerry and ActiveSync remote wipe options tend to wipe the entire device, which obviously presents issues when staff have personal data such as family photos stored on their gadgets.

An alternative to managing the end device is to only manage an encrypted container on the device. The secure container can be used to store data and to remotely access corporate resources. Key players in this area include Citrix Receiver, VMWare View, LWR Technologies’ Pinecone and Good Technology’s Good Dynamics. Along with enabling secure access to corporate email, documents and resources, they often offer Software Developer Kits for creating third-party apps which run within the secure environment.

One advantage of these container-based solutions is that they’re designed to be platform agnostic, in an effort to make the end device irrelevant. Managing the security of the end device becomes the owner’s problem rather than the business’ problem, as the corporate data is safely locked away in a secure environment. Another advantage of the container-based approach is that it’s easy for the business to remotely wipe that secure container without the need to wipe the entire device.

A container-based approach to mobile security is more flexible than a basic Mobile Device Management solution, but it’s also generally more expensive. It’s important to realistically assess your security needs, and the impact of a security breach, before you take the plunge into mobility and let staff bring their own devices to work.

Adam Turner – Freelance Technology Journalist