‘Bring Your Own Device’, popularly known as BYOD, is gaining popularity within enterprises. Nicolai Solling from Help AG discusses the key issues of the technology like tackling data leakages, ownership vs controls and Desktop Virtualization with Arabian Gazette.
Is BYOD truly a win-win situation for both employees as well as the employers ?
Many companies embrace BYOD because it is a necessity. This is simply because employees are an important resource to any company and if an employee wishes to use a device it is important that the company enables this in a secure and flexible way. I sometimes draw a parallel to the concept of home office workspaces and remote workers, where companies who gave their employees a flexible workspace actually found that they got more efficiency from the employee while being able to cut down on the office space.
BYOD is a bit of the same thing, especially when you consider that the employer does not need to buy expensive smart phones for the employee.
However, there are similar security concerns as in the ‘remote worker scenario’ in the sense that flexibility needs to be supported by a strong security policy and more important enforcement of security.
In one of the Forbes articles, David Merrill said BYOD is no longer the future – it’s here now. How well do you think are companies here in the region equipped with a platform to support a variety (Apple, BlackBerry, Android) of available devices?
This highly depends on the specific platform. A platform like Blackberry was build for office use, and even if the device is a BYOD, there are built in security and management features which can be utilised to control content on the device. On other smartphones it is more problematic though. The problems mostly relate to two major areas – how secure is the device itself and how to manage the security on the device.
When evaluating which platforms are acceptable, the employer always needs to ask the question: How do I secure corporate data on that device – And how do I remove it. It is of course nice to just sync e-mails to any device, but if there is no way this data can be removed again easily, for example when the employee leaves the organisation, then it becomes a big issue.
Also any employer needs to ensure that a device which is owned by the employee conforms to an acceptable use policy, although it is very difficult to enforce. For example, it may not be acceptable to limit which application the user installs or whether the device is password protected.
There may also be platforms that are simply not strong enough from a security perspective. If the platform does not offer encryption of data on the device then it may not be suitable for business applications.
Getting back to the original statement, BYOD is definitely here and I think all companies are faced with tackling the issue. According to my personal observation, some companies are probably turning a blind eye to the issue while others are taking it very seriously.
Is there a single platform available that customers can choose to meet this requirement ? (Managing all devices through a single platform)
There are technical solutions in the market that are trying to tackle this issue but then again it is not easy to roll out or manage such a solution. Besides, any solution requires relatively high integration on the device platform. The issue here being that an employee may run a version of the device software that is not supported, plus any new software release may not be supported by the mobile security solution. In general, security gets difficult when you do not have a homogenous implementation across all platforms, and the same goes for smartphones.
Blackberry maker Research in Motion is said to be touting a platform which will support any device. While we all know the robust security of the RIM platform, some critics have always questioned the reliability of the platform due to the outages which have caused big problems for the company. What is your take on this?
I have been a Blackberry user since 2004 and since then there have been only a few instances wherein I faced problems with the services and the worst by far was during early summer of 2011, when the outage lasted for days. Taking my time as a Blackberry user into consideration, I must insist that the track record is pretty good. However, it is true that the service is dependent on one company which may be of concern to some.
BYOD raises an interesting question. If the device is under the ownership of the employee, what possible legal issues can arise with regards to controls that a company may impose on the device ? (For example applications that can run on the device, etc.)
This is actually one of the key points as it is difficult to get acceptance of imposing limitations on a privately held system because you want to achieve a higher level of security. A good example is something like a phonebook – many companies allow users to synchronise telephone books to their smartphones, but when the user installs Facebook or other similar applications, it may result in the company’s entire directory being uploaded to the Facebook servers. Furthermore, malicious content from app stores can easily cause leakage of sensitive information.
Companies may also have to deal with the legal ramifications of data ownership when it gets installed on a private device – in this region it may not seem to be a big concern – but in other places of the world, legislation is such that if the company gives access to data on a private system they might lose the right to take legal action in case data is leaked by the company.
Desktop virtualization is touted as one of the key technologies for enabling BYOD initiatives. Though server virtualization appears to be gaining momentum in this region too following the footsteps of global growth, what is the trend that you see of companies adopting Desktop virtualization?
I am definitely of the opinion that desktop virtualization can assist in mitigating many of the issues with BYOD, simply because once the user logs out of virtual desktop, data is removed from the device as if it was never there, but only in the VDI environment. Many of our clients are currently evaluating how to handle VDI environments and one of the main reason for this is that they want to ensure security regardless of the endpoint – be it PC, tablet or smartphone.
Nicolai Solling has been in the IT and networking industry for over 16 years. He joined help AG Middle East in 2008 as the Director of Technology Services and is responsible for overseeing help AG’s ME professional services, support services and technical vendor management. Prior to joining help AG Middle East, Nicolai was the Systems Engineering Manager at Juniper Networks, Northern Europe. He can be contacted at [email protected]