The nuts and bolts of making BYOD work.

• Author: Gatewood, Brent
• Position: Bring-your-own-device

Mobile technology is changing at an astonishing rate, and employees are increasingly using their personally owned devices for business purposes--sanctioned or not. Organizations, therefore, need to create bring-your-own-device (BYOD) policies that will help them mitigate the risks related to having their corporate information stored on employee-owned devices

[ILLUSTRATION OMITTED]

The days of employees using organization-supplied devices for company business are going the way of the Dodo. The bring-your-own-device (BYOD) trend is rapidly being adopted by organizations of all sizes and in all industries. This means that as business information makes its way to personal devices, information governance policies and practices need to be created or revised to ensure the organization's critical assets are properly managed.

BYOD Trend Drivers

For those organizations that had previously adopted standards for their mobile work force using company-owned devices, those standards typically involved a bench of tools (two or three devices) running a particular operating system (e.g., BlackBerry or Windows) that relied on a dedicated backend server environment. Individuals were given devices depending on their needs, and configuration was generally straightforward. Then, the smartphone market exploded.

The proliferation of Apple iOS and Android devices started to create headaches for the IT group. Individuals who didn't want to carry two different devices to access e-mail and information commonly asked, "Why can't I just use my personal device to access corporate e-mail?" Because they had already chosen and purchased the personal devices that best met their needs, those are the devices they preferred to use for their professional lives, too. The device, however, was not the main concern; there were still challenges back in the server room. How would these new devices interact with the approved and standard systems of the corporate environment? For a brief time, the answer to the request to use personal devices was easy. The infrastructure integrations were not strong enough; therefore, the answer was "no"; an organization's information and e-mail had to be accessed on a company device.

Then, device manufacturers and third-party vendors ascertained that the corporate market could be very lucrative; they quickly adapted their products to work in that environment. The expectation was that systems would work together better and many information services questions could be put at ease. But, as it turns out, connecting devices to information repositories was not the hard part. There were many other issues to be addressed. And, this is where the BYOD conundrum is today.

BYOD Security Challenges

Although the technologies are in place to facilitate a BYOD environment, organizations must now readdress their corporate policies to ensure that their greatest asset information - is being safeguarded on these mobile devices that are outside of their direct control. This requires them to understand the challenges, the players within (and outside of) the organization, and the tools that must be utilized.

Addressing Device Security

Protecting the organization's information becomes more difficult as it is allowed to become resident on an employee's personally owned smartphone or tablet. Smartphones, for...