MDM – Handling BYOD

Security

Mobile devices have been steadily infiltrating businesses for years which has created a major security headache for IT departments and put several businesses at risk of losing data. Mobile Device Management isn’t a new concept but it has only recently been taken seriously by those companies which rely on mobiles for part of their communications. For the Channel this presents an interesting opportunity to not only supply devices, but also take care of the management thereafter. David Dungay investigates.

Research recently undertaken by Ovum on behalf of telecommunications specialists TeleWare shows that increasing numbers of employees are now following the trend for BYOD and CYOD. This presents a number of compliance risks for businesses, and it is one of the reasons that an estimated 25,000 mobile devices are still not compliant.

Lee sutchSteve Haworth, CEO of TeleWare commented “The growing popularity of this BYOD culture isn’t surprising given that workers are not only time poor, but also tech hungry, leading to them not wanting to compromise on speed or ease of use whilst enjoying the very best devices on the market.”

Natalie Banks, Brand Marketing Executive at Varlink said “With businesses now encouraging workers to use mobile devices more than ever, the need for implemented Mobile Device Management (MDM) is ever more essential. The primary challenge companies are met with when choosing to employ mobile devices in the workplace is the added concern of security and how important company data can, and will be protected, creating security risks such as a lost or stolen device, the unofficial use of a cloud solution and malware threats.”

Banks continued “Companies are now storing more information than ever on corporate owned mobile devices, including emails, customer data, partner contact details, confidential notes and internal login details. A successful Mobile Device Management solution can, and should be put in place to ensure risks are eliminated from the offset.”

Ojas Rege, Vice President of Strategy at MobileIron commented “In the last 18 months I have seen some substantial market changes. Applications are becoming more important to companies. There is a natural maturity happening, when we had all the different platforms coming in over mobile devices the first thing the IT department focused on was security and email. Until they got that right it is very difficult for them to get into applications, from 2009 to about 2013 companies were still at a basic level of getting comfortable with these devices being in the workplace and making sure email worked. Essentially they were getting to grips with a post Blackberry landscape. In the last 18 months applications have become a lot more relevant.”

Risky Business vs Benefit

Andrew Wilford, Commercial Director for Daisy Wholesale says having a Bring-your-own-device (BYOD) policy can provide many benefits to businesses, such as reduced hardware costs, flexibility, improved productivity and employee satisfaction; and as wearable technology gains popularity, interest is only going to increase. However, Wilford commented “There are a number of potential threats relating to employees using their personal devices in the workplace.  These are not to be ignored, but implementing a bespoke security strategy can help in significantly managing and minimising risk.”

Lee Sutch, Head of Channel Sales at True Telecom added “There are a number of challenges facing employees that adopt BYOD. Although it has numerous benefits such as increased productivity and employee satisfaction, employees should consider how work data is accessed and potentially shared along with other personal data. Additionally how business sensitive data is managed and should the employee leave employment and the sensitive information is potentially put at risk. Additionally employers lose control over content, non-work related messages and end point visuals such as wallpaper which in some cases could allow offensive or sensitive pictures displayed on what is outwardly perceived as a work device. It’s important that businesses develop a key number of practices that are built into their BYOD policy that protect content and still provide freedom of choice without suffocating the benefits behind BYOD. Some device providers come to the forefront in this arena by offering a number of different profiles for work and personal, allowing the two environments to be kept and managed totally separate. Our advice is to have in place a robust BYOD policy from day one and have a data plan for when people leave and should a device get lost or stolen.”

Andrew wilfordHaworth continued “There is a way to enjoy the benefits that the BYOD trend afford whilst remaining compliant. Replacing the employee’s SIM card and allowing IT to track and record calls, emails and SMS will ensure compliance with FCA regulations so your employees are free to enjoy the benefits that this flexible culture brings. Done this way, the BYOD trend is a manageable option for businesses and very much worth the effort.”

The BYOD Balancing Act

The BYOD trend has been well documented in the press and all signs indicate that the trend is likely to continue or even accelerate. Mark Curtis-Wood at Nimans has a different opinion around the trend and warns that IT departments may not be as clued up as they should be.

He says “I think the primary challenge is to manage the risks, as data can quite easily be copied and pasted onto different devices. I think BYOD hasn’t taken off as quickly as people expected because there are a lot more elements around BYOD to make it work. One of the limiting factors has been only having one number such as when people go on holiday they don’t want to be fielding work-based calls. Call tagging would help to show what is a personal call and a business call.  What are the implications of working on a personal mobile to the wider business? This is another consideration along with what happens to key information when a member of staff leaves a company? In the US there have been some high profile lawsuits around this issue.

One of the bigger dangers relate to tablets more than mobiles because they are easier to segment. More people are starting to find solutions to enable them to work more efficiently outside the corporate environment. Some employees are even happy to buy their own software if it makes them more efficient, gives them more time back and helps them get promoted. But one of the main problems is that IT departments may not even be aware of this to control and protect the flow of information.”

Andrew Wilford says it’s all about balance. He commented “Getting the right level of mobility, while maintaining compliance can be a struggle. Employees don’t want to be restricted by what they can and can’t do on their device, and while certain applications and sites need to be prohibited for obvious reasons, it is still vital that the chosen policies do not prevent employees from doing their job.

Wilford continued “A good mobile device management platform balances these two fundamental requirements perfectly. MDM empowers IT administrators to determine and restrict available apps, enforce access restrictions and monitor web usage. Different solutions offer different benefits, but most will include GPS tracking, the ability to remotely wipe data from lost or stolen devices and the capability to restrict the user from sending data outside of the device.”

When it comes to companies devising MDM policy Ojas Rege advocates a different approach. He commented “Companies need to rethink their policies and think about privacy more now. Previously policy was decided over six months and then was put in place for the next five years. These days in the six months it takes to come up with policy it is already out of date! IT departments need to become more comfortable with ambiguity and they need a much more iterative security and policy framework otherwise they can’t succeed in mobile.”

Data Protection

Ojas RegeThe world of the modern Mobile is still a relatively new concept for a lot of businesses around the world. It comes as no surprise that well established businesses can sometimes be oblivious to the risks associated with company data on personal devices.

Lee Sutch, Head of Channel Sales at True Telecom shared his opinions. “Businesses don’t necessary realise the data protection implications when staff use their own devices or indeed the representation outside of the business work place and risks associated with staff leaving – popular web services like Linkedin can make staff taking their client list a thing of the past, however businesses do need to look way beyond this and into the implications on ease of transfer and continuity of service to their customers should a member staff leave.

As an industry we need to do more to educate our customers to the dangers inherit with moving toward the BYOD trend and not having the right or indeed any policies in place. The situation rarely gets addressed and really only arises when businesses are looking to implement a service that requires unified solutions across various devices. BOYD is here to stay and it’s only going to increase and become more common, businesses need to understand where the pitfalls are and build around a management plan this area. Working with customers to understand their areas of threat and working with them to implement an MDM platform is a good place to start.”

Mark Curtis-Wood says resellers being as active in this market as they could be. he said “Traditional voice resellers tend to only get involved if they are asked by customers, many of whom are unaware of the risks. It’s a bit like life assurance, everyone understands the benefits but think it will never happen to them. It’s still a reactive sale rather than a proactive one.”

Ojas Rege commented he is seeing a new breed of mobile specialist popping up in the Channel. He says “We are seeing these new mobility specialists in the market now which weren’t around three or four years ago. The problem for resellers that don’t currently have the necessary skills in mobile is that their customers will look elsewhere for that technical help. It’s a danger because once those mobile guys get hold of customers it’s easy for them to start supplying traditional telecoms services on top. Resellers that don’t adapt may find it tough to retain their customers in the long term.”

Ed Says…

When you look at the importance of mobile to businesses today there is no denying that mobile is playing a bigger part than ever. This trend is only likely to increase which will throw up many questions around security and privacy. As end users become more aware of the risks associated with mobile they will start asking their trusted advisors for help in supporting their new working habits. As Ojas Rege says, it’s important to invest in those skills now before your customers start talking to others about their mobile strategy.

 

The following two tabs change content below.

David Dungay

Editor - Comms Business Magazine