The secret problem of BYOD

Bring Your Own Device or BYOD first became as reality in 2009 when of Intel recognized an increasing tendency among its employees to bring their own devices to work and connect them to the corporate network. It took another two years (2011) for BYOD to gain significant real prominence arguably with the growing popularity of mobile devices and mobile apps.

Ovum research suggests that while BYOD adoption in the enterprise is global, the pace varies according to market maturity. In particular, “high-growth” markets like Brazil, Russia, India, UAE and Malaysia, show a much higher propensity (75% of respondents) to use their own devices at work, compared to 44 per cent in more mature markets .

Despite unresolved concerns about security breaches (see Figure 2) remaining unresolved, adoption continues to move forward. Gartner predicts that by 2016 two-thirds of the workforce will own their own smart phones, and 38% of companies will no longer offer company-supplied devices to employees.

An OVUM research revealed a very low proportion of BYODers who have signed corporate BYOD policies. And this is where there is greater potential for future problems particularly around enterprise mobility management. The research found that, globally, almost 60% of full-time employees partake in some form of BYOD, but only 20% of them have signed a BYOD policy. A separate piece of research recently found that 78% of firms whose employees BYOD do not have a policy at all.

The propensity to have too many devices of different configurations, including make and model, implies a very challenging scenario for any IT administrator to manage – including how to ensure consistent, quality connection and sustainable support to all users regardless of device and platform.

It can be argued that part of the difficulty for any organization to have a global BYOD policy is the difficulty to validate and on-board legitimate devices, and ensuring health check and compliance throughout the organization. It’s also not difficult to imagine how hard it is for IT to have visibility into user behavior, including access and usage.

A March 2012 SANS Mobility/BYOD Security Survey highlights the result of lack of enforceable BYOD policy. It also speaks of a need for more advanced vendor tools to manage mobility/BYOD risk management needs. The largest percentage of respondents—many of them BES users—are dissatisfied with levels of malware protection, endpoint integrity checking and integration into other endpoint management systems.

As mobile devices continue to proliferate in the enterprise, it introduces unwanted complexity. Policy and management are only as good as the organization’s level of awareness for this diverse computing resource. So organizations should start by evaluating their employee device and app usage, and then developing a policy that can be supported through traditional and new management techniques.
What is required is a unified BYOD approach that covers three major areas: identity-aware access, unified network support, and application monitor and control.

Identity-aware access must include the ability to define user credentials and device-based identity. It needs to remain simple to use to encourage user applicable and basic user self-management while ensuring a secure on-boarding process. It should also offer authentication, authorization, and accounting (AAA) support for IPv6 in compliance with RFC 3162.

The provision of Unified Network Support needs to provide seamless wired and wireless policy. It must anticipate increased wireless client density support. It should also provide for higher wired aggregation bandwidth.

The last element essential to ensuring unified BYOD management is having a solid application monitor and control policy and system in place. This includes device level application visibility and reporting, having the ability to push, block and/or remove applications. It is also critical to provide enhanced security for sensitive applications.

As BYOD continues to take root, IT departments will face challenging issues including preserving network integrity, securing user access, and controlling wired and wireless networks. Enterprises should take seriously the challenge of resolving the problems that can arise from BYOD to ensure that their enterprise networks operate smoothly.

Enterprises looking to have an enforceable BYOD policy can look to a single management platform with centralized security, visibility, and control. There are solutions available that are built around modular design that offers businesses the flexibility to customize solutions based on their needs.

The issue of an unmanageable BYOD environment should not be treated as veiled threats. As BYOD continues its uncontrolled expansion and encroachment into the enterprise, it will place tremendous strain on IT and Finance organizations. Enterprise policies around employee-owned hardware usage need to be thoroughly reviewed, updated and extended. Organizations must set policies to define clear expectations around what they can and can’t do. Enterprises must balance flexibility with confidentiality and privacy requirements, while ensuring that systems and processes remain secure from external and internal threats.

Gao Peng is Product Director at H3C