I mentioned earlier that most BYOD discussions center on security. There’s a good reason for this. Managing non-corporate-owned devices is hard, and BYOD changes risks.
“When companies think about developing a BYOD strategy, some of the most complicated pieces of the equation are not technology issues but those that fall in the realms of liability, ownership and privacy,” said Phil Hochmuth, an analyst at IDC.
Businesses must think about new use cases that will emerge in the post-BYOD era and plan for them accordingly. Most businesses are already moving towards a risk-based security strategy (versus just defending perimeters), so the challenges posed by BYOD should feel different in degree, not in kind.
When Jerusalem-based Hadassah University Medical Center started investigating BYOD, they sought a solution that would offer better network visibility as the first step in the BYOD adoption process.
“[Gaining network visibility] allows us to understand what types of devices are connected to our network,” said Barak Shrefler, chief information security officer for Hadassah University Medical Center. “The second challenge was control, basically the ability to enforce our security policies based on the device’s type and behaviors.”
After evaluating solutions from Fiberlink, AirWatch and a few other MDM vendors, Hadassah UMC eventually selected the NAC (Network Access Control) solution, CounterACT, from ForeScout, rather than an MDM solution.
“As an IT network security manager in a hospital environment, you must be very creative, for example to accommodate medical devices such as CT Scanners and Blood Pressure Monitors, on your network. ForeScout’s agentless solution helps us to do that,” Shrefler said.
In essence, Hadassah UMC’s process involved recalibrating security risks, which meant shifting the focus more firmly towards protecting sensitive types of data rather than just worrying about devices. After all, connected devices in a hospital setting can be all over the map.
The sad fact is that most organizations are behind the eight ball with BYOD. Employees are already mobile. Nearly 50 percent of U.S. mobile subscribers own smartphones and 22 percent of U.S. adults already own tablets.
Your mobile employees are probably more likely to forget their wallets at home than their smartphones, and they will figure out ways to work on those phones (and tablets). Yet most organizations don’t have formal BYOD policies in place (I’ve talked to analysts and executives at MDM companies who put the number in the 15-20 percent range).
This is a good news-bad news scenario. First, the bad news, which is obvious: you’re opening yourself up to huge risks by not having BYOD policies in place.
The good news is, though, that once you catch up, your users will have already blazed trails and can provide you with guidance on how to get the most out of your newly mobilized workforce. They will know which apps fail, which need better interfaces, which ones just don’t function over mobile data networks, which need APIs developed to connect them to other relevant apps, etc. Your employees may have even thought through new use cases you couldn’t in a million years have planned for because they only emerge after employees gain mobile work experience.