The BYO- Dilemma

Should more be done to ensure that employees can work effectively and safely using their personal devices?

Tags: Emirates Integrated Telecommunications Company Gartner IncorporationHID global ( Technologies CompanyIDC Middle East and Africa
  • E-Mail
The BYO- Dilemma 30% of companies had no rules to govern company data on personal devices
By  Tom Paye Published  June 24, 2014

According to an Arabian Computer News IT Security Behaviour Survey, just 16% of GCC organisations have coherent and flexible bring-your-own-device (BYOD) policies. The survey also revealed that 30% of companies had no rules to govern company data on personal devices.

The survey results were at odds to industry predictions from the past year. In 2013, the enterprise technology world was up in arms about the need to allow employees to use their own devices for work purposes. However, the organisations advocating BYOD also implored CIOs to think about the security ramifications of the trend. They proposed all manner of mobile device management solutions, which could containerise company data, monitor traffic or even remotely wipe personal devices. BYOD was the next big thing, they said, and enterprises had better prepare for it.

However, a year later, there have been precious few official BYOD implementations taking place, at least in the Middle East. And despite all the furore over BYOD that last year saw, talk about the trend seems to have died down. That said, while enterprises have failed to commit to BYOD officially, it seems that, unofficially, employees are relatively free to use their own devices for work purposes.

“We find BYOD implemented in a lot of organisations across the Gulf region. Sometimes the IT organisation decides to just shut their eyes and the BYOD activities happen under the radar. Sometimes it is a conscious decision where mobile e-mail is compared to providing access to e-mail via Outlook Web Access (OWA) and there is no perceived difference from a security perspective,” says Leif-Olof Wallin, research vice president at Gartner.

“The main driver is that we don’t see a lot of organisations that have moved beyond mobile e-mail in their B2E mobilisation. We expect this will change as other mobile apps starts to become popular.”

This presents a number of issues, not least for the network manager. With the growing proliferation of devices running the Android operating system — now infamous for the amount of malware present in the ecosystem — network managers worry that users could be putting company data at risk by using potentially infected devices. As Wallin says, many opt to simply provide e-mail to personal devices, but others have few controls in place to dictate what employees can access and from which device.

It would seem, then, that trade-offs need to be made when it comes to BYOD. On the one hand, there are claims that allowing users to use their own devices for work purposes will hugely boost productivity. On the other, there are serious concerns over security, particularly if the enterprise in question creates plenty of confidential data. Fahad Al Hassawi, CCO at du, explains the choice that enterprises need to make.

“A survey carried out for an anti-virus security company shows that up to 40% of companies polled say BYOD helps them to reduce their IT costs. As well as cutting costs, surveyed businesses are finding that BYOD provides many different benefits; it seems that when allowed to use their own devices, employees enjoy increased mobility, higher job satisfaction, and improvements in efficiency and productivity,” he says.

“While we have seen a lot of interest in BYOD as a concept, in general, very few companies in the Middle East have a documented BYOD policy due to either lack of awareness or their apprehension of such a policy. Companies and their IT departments need to evaluate the benefits and trade-offs before arriving at a conclusion.”

Worth the effort?
To guarantee security while allowing employees to use their own devices, the consensus is that enterprises need to explore various solutions that provide network and device management capabilities. Many solutions are packaged as mobile device management (MDM) products, but sometimes it isn’t quite as simple as installing a new product.

“With BYOD, it is not just allowing employee devices, but also a lot of group work on access rights, what kind of corporate data can be accessed and who can access it and it is needs to be standardised across the board,” explains Megha Kumar, software research manager at IDC MEA.

“While letting users use their own device allows for improved productivity and comfort levels; the whole aspect of device management, data access and security are cumbersome for the organisation.”

In light of this, the question then becomes, “Is implementing a proper management solution worth it, particularly if you can compromise by simply allowing access to e-mails?”

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code