Monday, April 22, 2013
Lack of BYOD policy will not stop BYOD practices
Without a doubt, bring your own device (BYOD) is one of the hottest IT trends currently affecting businesses of all kinds. All around the world, organizations and employees are coming to realize the potential benefits to be gained by adopting this strategy, in which workers utilize their personal devices to perform job functions. With BYOD, an organization can become more flexible and, on the whole, more productive.
Yet not every company has fully embraced BYOD. Some, worried about the security concerns which inevitably affect such deployments, have resisted authorizing the application of BYOD within their organizations. The reasoning for most of these firms is that while avoiding BYOD may reduce efficiency to some degree, it will improve corporate data security, which is more important.
While this may seem like a reasonable approach, in reality refusing to adopt BYOD can actually put a company at risk of a data breach. This is due to the unavoidable reality that a lack of BYOD policies does not necessarily stop BYOD practices.
Bending the rules
A large part of the success of BYOD programs is predicated on the simple fact that employees generally prefer to use their own smartphones and tablets, rather than company-issued devices. After all, individuals will have devoted a significant amount of thought into which device to purchase, choosing one which best meets their personal needs and preferences. A company-issued device is extremely unlikely to be the ideal choice for any given individual, even if it is the best option for the organization as a whole.
Notably, it is much easier for a business to ensure the security of those devices it issues than employee-owned devices, as the IT team has greater access to and oversight of the former. This is why many firms believe avoiding BYOD policies is the safer choice.
The flaw in this thinking, however, is that many workers will inevitably utilize whatever they perceive to be the best resources available to them to perform their jobs. The possibility that a particular resource is not authorized by the company will be a strong consideration for many workers, but not enough to discourage them from what is seen as significant advantage. As numerous industry experts have noted, workers will usually choose a convenient resource over a secure one.
The outcome of this state of affairs is that a company which decides to ignore BYOD policies will likely not stop its employees from adopting the practice. While BYOD may not be as widespread, it will still likely be present. And because the organization did not develop a comprehensive BYOD policy, security measures will be lacking.
It is therefore in almost every company's best interest to pursue BYOD sooner than later. This will allow the firm to invest in appropriate secure file sharing technology which can be implemented on every relevant device, radically reducing the likelihood that a data breach will occur.