01/10/2012

By Patrice Perche, International Vice President of International Sales & Support for Fortinet

There can be few businesses that are not aware of the concept of ‘Bring Your Own Device’, otherwise known as BYOD. And if you are not aware of the term itself, you will almost certainly be familiar with its effect and the growing practice of employees using their own IT devices in the workplace or for work purposes.

The explosion in smartphones, tablets and laptops in recent years has been breathtaking, and the temptation for people to take them into work and to use them for work purposes is overpowering. For employers this seems on the face of it to be a win-win situation. Employees are happier and more comfortable using their own devices, and the business is saved the capital expenditure of having to buy devices for employees. There is even a wealth of research which suggests that employees are more productive if they are allowed to use their own devices. What could possibly go wrong?

Unfortunately, there is a very serious darker side to BYOD if it is not properly managed by the business. There are two main threats that need to be considered. One is the use of the business network by employees to access recreational applications such as social media; the other is the very real security risk posed by devices which have not been adequately secured.

Devices which hold sensitive business critical information can be lost or stolen outside of work. Eqequally, unsecured devices can be vulnerable to cybercrime, especially if the owner (the employee) is lax with regards to security.

Earlier in 2012, Fortinet conducted a global survey to gauge attitudes to security by younger employees engaged in BYOD. The findings serve as a warning to any business which is thinking of allowing employee-owned devices in the workplace or on the business network.

Half of the 20-something graduate employees surveyed actually believe it to be their right to use their own devices in the workplace. The other half consider it a privilege. This statistic suggests that businesses face a degree of resistance if they are considering banning own-use device. Indeed, there is also evidence to suggest that jobseekers now view a friendly BYOD policy as a high consideration when researching companies, and some employees might even be driven away by draconian policies which blanket-ban own device use.

Businesses unfortunately cannot rely on employees to be trustworthy or responsible when it comes to security on their own devices. As well as revealing the extent to which security is given a low priority by younger employees, the survey also discovered that 1-in-3 of them would actually contravene company policy banning the use of own devices in the workplace.

So how easy is it to take control of the situation and to enforce security on the BYOD environment? From the point of view of interference with employees’ devices, it’s surprisingly difficult and many employees will resist any attempt to alter settings or install security measures, or will simply withdraw their device from the equation altogether.

With a culture of reluctance and resistance from the workforce, the most effective way for a business to implement a security policy and regain control over IT infrastructure is by securing inbound and outbound access to the corporate network and not just implementing Mobile Device Management.

But there is no one-size-fits-all solution to addressing security in the BYOD environment. As well as a firm policy governing own-device use, businesses need to look towards network-based solutions and not just wireless and agent-based solutions that claim to solve the BYOD challenge, as these will defend against the subversive nature of many employees.

In short, a holistic, network-based approach to BYOD can deliver a cost-effective, unified solution to allow businesses to embrace and take advantage of BYOD, but in a safe and responsible way.