Today, the benefits of allowing employees to use personal devices at work are well known, and many companies are benefiting from the reduced overheads and improved employee productivity it can provide. However, there are still concerns about the security risks associated with Bring Your Own Device (BYOD) policies, and many businesses are opting for a Choose Your Own Device (CYOD) approach instead.
CYOD allows users to select devices from a range of approved models that are known to be able to connect to the company’s infrastructure and run the appropriate anti-virus and management software. The added security control this provides is beneficial, but the way it limits the choice available to employees inevitably subverts one of the main reasons for adopting it in the first place.
As a result, organisations often feel like they are forced into a straight choice between flexibility and security. This does not have to be the case. When adopting CYOD, companies should look to provide as wide a range of options as possible within the constraints of management required. Equally BYOD can be perfectly secure if the right precautions are taken. Below follows the three key steps to make it work:
- Create the infrastructure – this includes creating an architecture that gives employees secured access only to relevant systems without reducing security towards external parties. This can be achieved via a virtual desktop solution or more currently by utilising apps that are specifically tailored to give employees access to the data and processes that they require to perform daily tasks.
- Access security – decide exactly how people will connect and develop identity aware applications to ensure a secure connection is established. It is paramount to put in place a network access control (NAC) solution that identifies the connecting device and protects the data accordingly. These systems are automated so that when employees connect the device, the software detects whether it is corporate or personal and ensures the level of access matches its trustworthiness and location.
- Digital rights management – putting the right software protection in place helps businesses to control corporate and often confidential data that is accessed from personal devices. Setting up a secure DRM environment can involve significant costs and may not be suitable for every business. However, these costs could be balanced by savings if your business has high numbers of contracting staff with short tenure that could be asked to use their own IT equipment. IT costs may also be reduced with BYOD policies requiring employees to take maintenance responsibility for their devices. It should be noted that DRM solutions often require significant process changes on behalf of employees and security is often reduced through human error.
Of course, much of the work this involves can be reduced by opting for a CYOD solution. Asking employees to choose from a pre-selected number of devices ensures the necessary security software is installed at all times, rather than trying to keep up with the ever-changing pool of devices that BYOD would create. That said, as every device requires pre-approval, this could create a culture of legacy technologies as businesses avoid the time and costs associated with renewing CYOD policies for each device upgrade. Businesses opting for CYOD policies as the safest option should look to set out criteria that acceptable devices should meet rather than defining the specific devices directly. In this way employees feel they have a wider choice but management and security controls can be effective.
Ultimately, the choice between BYOD and CYOD should depend on whether an organisation is able to support the technology effectively, how central security is to the business, and how important it is that the workforce has the choice that BYOD provides. As with any important business decision, organisations must take the time to fully assess requirements and the compatibility of solutions under consideration.