BYOD is here to stay: why enterprises should embrace the buzzing trend

The bring your own device (BYOD) trend has been making its way into Australian enterprises, with personal smartphones and tablets being used more frequently by employees for professional purposes. The business benefits of BYOD are recognisable - rather than issuing company devices to workers frequently on the go, often through a formal and central procurement process, companies can permit employees to simply bring their own.

According to a recent IDC End Users BYOD Survey, which surveyed 1800 professionals across the Asia-Pacific from all sized businesses, IT departments can now report savings due to a reduction in the cost of managing devices, let alone purchasing them. While BYOD enables mobility and increases productivity, it also drastically changes the way IT departments plan, manage and secure devices and data. For communication, cloud storage and other work-related tasks, employees tend to choose the application that provides the best user experience on a device with which they are familiar, even if it is not the most secure option. This in turn facilitates an increasing number of security issues - according to Juniper Research, mobile malware has significantly grown in the past years, increasing by 155% across all platforms.

Stressing the importance of having security measures in place, some of Australia’s largest organisations have started deploying BYOD programs based on the premise of significant business benefits. The National Rugby League has recently announced it will implement a BYOD strategy to cover the business’s entire staff of 800 and, according to the NRL’s IT manager Maurice Veliz, they foresee significant cost savings to ensue. The league’s BYOD strategy is, however, hybrid at this stage, whereby 400 corporate-owned devices are under a mobile device management program, with hope of slowly being phased out.

Another example of BYOD experimentation is seen in one of Australia’s big four banks, the National Australian Bank (NAB). In a recent statement made at the Committee for Economic Development of Australia by NAB executive manager of enterprise transformation Adam Bennett, NAB is trialling a BYOD program among its top 200 executives, allowing them to access company data including confidential papers on mobile devices through the use of encrypted passwords.

In any instance where company data is becoming more widely accessible, an advanced security infrastructure needs to be in place. Be it on a desktop PC or iPad, malicious malware does not discriminate, using familiar tactics such as Trojans, phishing and spoofing for identity theft and unauthorised access to confidential data. This necessitates the implementation of a holistic BYOD policy and mobile device management program that ensures all devices are secure and that data will not be compromised or lost in the instance of a security breach. Despite Australian businesses feeling the pressure to deploy a BYOD program to manage and secure employee devices, most are experimenting with a hybrid model, or some not at all. The same survey by IDC has stated that 55% of those surveyed have no formal BYOD policy in place for smartphones and 41% for laptops.

There are, however, effective and simple measures that can be deployed to stay on top of BYOD security. NAB’s use of password encryption is one such example as it provides a two-factor (or multifactor) authentication process. With this type of process, a one-time password (OTP) is sent to the user via text message, thereby providing stronger authentication and security. An even more effective option is to use an OTP application which turns a mobile phone into an OTP token, allowing quick deployment of a two-factor authentication (2FA) solution. Using token authentication adds another layer of security and dramatically increases the level of identity protection. Securing network access with an OTP increases the security of the login process by ensuring that the person accessing the network possesses two factors of identity verification - what you know (password) and what you have (OTP token).

An increasing number of data breaches exposing user credentials have raised the need for stronger authentication solutions. Secure elements like SIM/UICC cards, MicroSD cards or embedded secure elements in next-generation mobile devices are key security features. These generate and store information cryptographically and perform the associated algorithms needed for strong authentication. They can sign documents and emails digitally and encrypt data on mobile devices, providing protection against data loss and a high level of security.

The trend for employee mobility will only gain momentum and, as businesses start to phase out company-owned and managed devices, we will also see an increase in the adoption rate of BYOD programs across Australian enterprises and SMBs. Businesses must embrace this trend in a holistic way, meaning they not only deploy an integrated BYOD security program but consider all security and identity threats involved.