The BYOD Troubleshoot: Security and Cost-Savings
Bring-your-own-device, or BYOD, programs in the enterprise can liberate employees and trim the bottom line. But it also brings hidden costs and security risks to a corporate network. Here's what enterprise IT is doing to secure personal devices and maximize the ROI potential of the BYOD movement.
Fri, March 30, 2012
CIO — A few months ago, a Hungarian man got a hold of a business executive's personal mobile device containing corporate customer data. The man called up the company asking for $50,000 to not expose the information. What did the company do? It called Websense, an enterprise security company.
"We were so impressed, we offered him a nice paying job," says CSO Jason Clark at Websense. But that job offer was a ruse to catch a thief. "Then we helped track down the guy, and he got arrested."
Clark related this story to me during a broader discussion about security risks and costs related to the latest wave crashing on the enterprise: Bring-your-own-device, or BYOD, whereby employees want personally-owned tech gadgets hooking up to the corporate network and trafficking in confidential data.
Companies with BYOD policies see some upsides. For starters, BYOD makes employees happy because they can now use technology of their choosing, blending personal and work lives in a single device—and happy employees are productive employees.
BYOD also takes companies out of the hardware purchasing game, or at least offsets it, because employees now use their hard-earned dollars to pay for work-related computers and mobile devices.
The downside is the risk of receiving a call from a Hungarian man trying to extort $50,000. There are other issues, too, such as management headaches and hidden costs to support BYOD employees. In other words, BYOD is not a free lunch.
BYOD Security: A Moving Target
Without question, BYOD is spreading quickly in the enterprise. Mozy, an online backup service provider, and Compass Partners recently completed a survey that found a growing number of professionals working remotely and relying on personal devices. Cisco Systems has seen its BYOD program grow 52 percent in 12 months, with employees collectively carrying 8,144 iPads and 20,581 iPhones.
Nevertheless, Cisco is a behemoth company that lives on the bleeding edge of technology; most companies are in the early throes of BYOD, which usually begins life in the enterprise as part of a larger mobile strategy. Giant pharmaceutical company AmerisourceBergen, for instance, recently kicked off its BYOD program for employees in its corporate and drug business units.
"It's really a combination of technology and policy," says John DeMartino, vice president of IT infrastructure and technology at AmerisourceBergen.
For CIOs, BYOD can be a nightmare. Avanade, a business technology services firm, which surveyed more than 600 IT decision makers late last year, discovered something rather alarming: More than half of companies reported experiencing a security breach as a result of consumer gadgets.