50% of enterprises will mandate BYOD by 2017

While BYOD is occurring in companies and governments of all sizes, Gartner found that is most prevalent in midsize and large organizations
While BYOD is occurring in companies and governments of all sizes, Gartner found that is most prevalent in midsize and large organizations

BYOD, of course, increases risks and changes expectations for CIOs. Unsurprisingly, security is the top concern for BYOD. Gartner found that, in general, IT is catching up to the BYOD phenomenon.

More than half of organizations rate themselves high in security of corporate data for enterprise-owned mobile devices. This new confidence in the security posture to support BYOD is a reflection of more-mature tools and processes that address myriad needs in the security area, the firm said.

"More than 90% of office workers have an email-enabled phone,” said Huw Owen, vice president and EMEA general manager at mobile security provider Good Technology, when commenting on the research to Infosecurity. “We can infer that most of these people will have, at some point, used their device for work data. So although only a few companies have BYOD policies, many of them need one."

The risk of data leakage on mobile platforms is particularly acute, the report found. Some mobile devices are designed to share data in the cloud and have no general-purpose file system for applications to share, increasing the potential for data to be easily duplicated between applications and moved between applications and the cloud.

"We're finally reaching the point where IT officially recognizes what has always been going on: People use their business device for non-work purposes," said David Willis, vice president and analyst at Gartner, in a statement. "They often use a personal device in business. Once you realize that, you'll understand you need to protect data in another way besides locking down the full device. It is essential that IT specify which platforms will be supported and how; what service levels a user should expect; what the user's own responsibilities and risks are; who qualifies; and that IT provides guidelines for employees purchasing a personal device for use at work, such as minimum requirements for operating systems."

It’s also a question of how to avoid locking down the whole device, which probably includes photos and other personal content that shouldn’t be subject to, say, remote wipe should an employee leave the company. "You should look at how that security is rolled out,” Owen said. “How can employees securely use their devices in a way that’s still effective? The answer lies in separating business use out into a secure container. That way, the device remains the user’s, but the business remains secure."

BYOD drives innovation for CIOs and the business by increasing the number of mobile application users in the workforce. Rolling out applications throughout the workforce presents new opportunities beyond traditional mobile email and communications. Applications such as time sheets, punch lists, site check-in/check-out, and employee self-service HR applications are just a few examples. Expanding access and driving innovation will ultimately be the legacy of the BYOD phenomenon.

"However, the business case for BYOD needs to be better evaluated," said Willis. "Most leaders do not understand the benefits, and only 22% believe they have made a strong business case. Like other elements of the Nexus of Forces (cloud, mobile, social and information), mobile initiatives are often exploratory and may not have a clearly defined and quantifiable goal, making IT planners uncomfortable. If you are offering BYOD, take advantage of the opportunity to show the rest of the organization the benefits it will bring to them and to the business."

While BYOD is occurring in companies and governments of all sizes, Gartner found that is most prevalent in midsize and large organizations ($500 million to $5 billion in revenue, with 2,500 to 5,000 employees). BYOD also permits smaller companies to go mobile without a huge device and service investment.

Also, adoption varies widely across the globe, companies in the US are twice as likely to allow BYOD as those in Europe, where BYOD has the lowest adoption rate of all the regions. However, BYOD schemes will be the norm for UK professionals by 2020, with one in two using their personal device for work. In contrast, employees in India, China and Brazil are most likely to be using a personal device, typically a standard mobile phone, at work.

Regardless of enterprise size or geography, "BYOD strategies are the most radical change to the economics and the culture of client computing in business in decades," said Willis. "The benefits of BYOD include creating new mobile workforce opportunities, increasing employee satisfaction, and reducing or avoiding costs."

What’s hot on Infosecurity Magazine?