For Iftekhar Khan, the growing trend of “bring your own device” isn’t changing his mind when it comes to IT strategy. Maybe down the road, but not in the immediate future.
While Khan, the IT director at Chelsea Hotel in Toronto concedes that there is an inherent appeal to BYOD — in which employees use personal mobile devices for business purposes — many industries, including his own hospitality sector, still adhere to the standard approach of locking down devices within the enterprise, ensuring a clear demarcation between “church and state” when it comes to corporate mobility, he says.
“Anything that’s accessing the corporate network, we give them the corporate device —be it tablet, laptop or smartphone – that has just been the [method of] control,” he says. “We do have sensitive information that they just can’t carry out anytime and anyplace…(and) data remains with us if an employee leaves the organization.”
BYOD isn’t ubiquitous — yet
According to IDC Canada research analyst Sanjay Khanna, while about 41 per cent of Canadian organizations allow BYOD, the approach to BYOD isn’t comprehensive at the moment.
“The challenge isn’t just mobile device management when it comes to BYOD. It’s also about content management, application management, and containerization, and laying a foundation for the other things organizations need to do,” he says. “For example, having a mobile enterprise app platform to support the development of mobile apps, as well as to ensure that mobile analytics are part of a comprehensive approach to enterprise mobility.”
In general, because it means the devices no longer touch network endpoints, the rise of cloud and enterprise mobility could help justify employee and contractor BYOD use, Bharath Rangarajan, a vice-president of mobile endpoint security for firm Lookout and says.
A strong BYOD policy enables freedom of choice, he says, rather than restricting users to specific devices, apps or network providers.
“Every company is unique when it comes to developing an effective mobile security policy,” he admits. “It is important for companies to have a good understanding of their own industry security threats and the larger regulatory environments when building out their security and data access policy. For many companies, data sovereignty requests might also play a part in how an effective policy is developed as certain mobile applications store data across multiple countries.”
Khan would say that need to acknowledge each company’s uniqueness only supports his view, however.
“I think employees have greater flexibility and (we) could possibly save money with BYOD. But at the end of day, it’s all about productivity,” Khan says. “We do have sensitive information that they just can’t carry out anytime and anyplace…If there is a personal cell phone, they might have personal calls coming in. And what happens if the person loses their personal device or if malware is infected?”
He added that with corporate devices, there’s a lower chance of employees placing personal information on the device.
Mobile security best practices
Even if there is a BYOD strategy, Khan still has to maintain security best practices: “If I want a BYOD strategy, I still have to develop a mobile device management (MDM) policy. So what are the benefits? What is the business case?”
Any potential BYOD solution is collaborative, so that administrators and employees alike are educated on cybersecurity issues, and are actively involved in threat management or remediation where possible, says Lookout’s Rangarajan.
“It’s all about risk management, so it really should come down to economics and probability. Companies need to ensure that they have protected themselves, to the appropriate levels, against the most likely and most costly breaches,” Rangarajan says.
While Khan does not believe that BYOD is in his immediate purview, he’s willing to weigh the pros and cons and kick the tires on a BYOD approach — including reviewing BYOD best practices — during IT infrastructure review time.
Every IT rollout has its change management issues, he says, adding that while it’s not an option at the moment, he fully understands that BYOD isn’t going away anytime soon.
This article originally appeared in the March 2016 issue of CSO Digital.