"Employees with critical company information on a personal device take that device with them everywhere. That means that, if it is lost or stolen or even misused by a family member, financial applications or important data can easily be swiped or stolen. This risk doesn't only apply to handheld devices, but also personal laptops where certain security policies may not be in place, such as the latest anti-virus, patches, or personal firewall, which can easily put a network at risk," he says.
So how can companies get around the worries over data loss while also providing their employees with what they want? According to Ian Lowe, Senior Product Marketing Manager, Identity Assurance, HID Global, there are three key factors to a successful BYOD programme: policy, security and education.
"It's important that you have a clear policy around your BYOD strategy. It's not just about control; it's about enabling secure, trusted and convenient access. Be sure to implement security that has minimal impact on the employee's experience, whilst maintaining the levels of security that your organisation is happy with. Provide clear guidance on best practices for use of personal phones and tablets in the workplace. Ensure employees know how to act responsibly when using their personal devices for professional purposes," he says.
Some organisations, however, opt for a semi-BYOD policy — they'll allow their employees to use their own devices so long as they comply to a list of company-approved devices, taking any mystery out of what smartphones and tablets the network will have to accommodate. Wallin believes that this — or at least offering a list of supported platforms — is a good way to go about things.
"iOS is a natural platform to include," he says. "Windows Phone 8 and BB10 are also meeting most enterprise requirements. Android requires a more thoughtful approach as securability and manageability varies greatly between the versions of Android as well as between vendors."
However, Nicolai Solling, Director of Technology Services, Help AG, says that, while it would be ideal for companies to be able to dictate which devices their employees buy, it wouldn't really amount to BYOD. He says that BYOD is an employee-driven phenomenon, so companies need to find out how to support every operating system.
"An organisation that has taken the leap of faith and decided to support BYOD should invest in technologies which ensure that it is implemented in the most secure way possible. This should include support for the major mobile operating systems such as iOS, Android and Blackberry," he explains.
Whichever devices the company decides to support, though, it's a given that it should have some degree of control over the employee's device. However, this presents a dilemma because, at the end of the day, the employee owns the device, meaning he or she may not be happy with the company having access to everything on it. On the flip side, the company will own much of the data on the device, meaning the employee should relinquish some control. According to Wallin, just how much control a company should have over the device is still a delicate area.
Sign up for Computerworld eNewsletters.