We live in a world where flexible working has become mainstream. It is now the norm for people to use their own personal devices to make their working lives easier, stay on top of emails, deliver work and connect with colleagues.
The ‘consumerisation of IT’ is not a new term or a new trend. It has been around for more than a decade, which means that security managers have long been aware of the need to put plans in place to manage the increased security risks from the growing number of consumer technologies in the workplace.
But it seems that in this case, forewarned does not mean forearmed. Although mobile devices – from sophisticated smartphones to new tablet devices – have flooded the market, the security risks associated with the use of personal devices in the workplace are not being managed or met.
Our recent survey into the security risks of Bring Your Own Device (BYOD) schemes entitled ‘My dog ate my iPad – security risks of the consumerised workplace‘ looked at the issue.
We canvassed 100 IT managers in large UK enterprises (more than 1,000 employees) across the financial services, manufacturing, retail, distribution/transport and commercial sectors and found that some 69% of those surveyed use smartphones and tablet devices not supplied by the company to work remotely at home or whilst on the move (44% smartphones and 25% tablet devices).
The survey also found that although flexible working is a huge trend with 98% being allowed to work from home at least once a month, a large proportion (25%) of businesses don’t have a policy in place for employees to work remotely via their own personal mobile IT devices.
What’s more, 96% of IT managers fear security risks when implementing a policy for employees to work remotely via their own personal mobile device. But what does this mean for IT managers and chief information officers? And how can companies implement policies that protect the flow of data to these devices while allowing employees the flexibility they crave?
Essentially, while there are cost savings for the business through employees using their own devices this could lead to potential vulnerabilities as unregulated mobile devices are connected securely with the office network.
But regardless of the efficiency savings, failure to put a policy in place leaves a company open to security breaches, including the loss of highly sensitive company data.
As it will be impossible to stem employees’ desire to use their own devices and hardware for work purposes, businesses and IT managers therefore need to address security concerns, not ignore them.
At present, one popular approach being considered by many organisations is to draft HR rules that allow personal devices to be used for corporate activity, but in return for providing a support service that backs up the device, the company has the right to wipe all data should the employee leave the organisation.
However this is just one way of meeting the complex challenge posed by the growing need to support personal IT equipment at work.
Each company will eventually evolve and integrate their own appropriate policy and framework which will enable their employees to come to work with their own personal devices.
Having this kind of managed policy in place will enable rich mobile working, boost productivity, ensure compliance and the safety of business data and give employees the flexibility to work at work as they work at home.
Etienne Greeff, professional services director for SecureData Europe.