Anytime, Anyplace: Security and Strategy for a BYOD Workforce

February 27, 2013

Author: Jason O’Dell, JODell@jackhenry.com

When the iPhone was released in June 2007, there was no doubt that it would be popular. Well, “popular” turned out to be an understatement. According to the research giant Gartner, within half a year of release the original iPhone captured 20 percent of the smartphone market. Fast forward to today and smartphones along with tablets continue to mesmerize users with ever increasing functionality and seemingly limitless possibilities. According to one of the most recent and comprehensive mobile device reports in existence, the Cisco “Visual Networking Index (VNI) Global Mobile Data Traffic Forecast Update”, the number of mobile devices will exceed the world’s population sometime in 2013. That’s right. We’ll soon have more mobile devices than people on the planet.

People want instant access to their worlds anyplace and anytime. When we need data, we assume “there is an app for that”. The rapid and rabid consumerization of IT means that personal mobile devices aren’t just personal anymore. That’s why the term BYOD, or “Bring your Own Mobile Device” has become a commonplace term in the IT department of financial institutions across the country. According to a recent 2012 Alcatel-Lucent study, BYOD is rapidly becoming less of a trend and more of a way of life. Over half of professional workers use personal devices to help them get their work done.

Although BYOD offers a range of benefits such as enhanced work/life balance and increased productivity, it brings a slew of challenges for IT departments. The very definition of mobility- the ability to take a device anywhere- provides abundant opportunities for human error. As devices become increasingly compact so does ease in which the devices can be misplaced or stolen. After all one of the great mobile device makers, Apple, has experienced their own embarrassing mobile device losses. You may recall two different occasions, one in 2010 and one in 2011, where Apple employees left phone prototypes at bars. These two incidents were simple mistakes and certainly Apple isn’t the only company with mobile device mishaps. In 2008 Credant Technologies did a survey and estimated in a six month period 32,544 mobile phones were left in taxis- in New York City alone!

Although the negative impact of losing a personal device is high, the impact of losing a device used for business becomes much worse. In 2012 the security company Symantec conducted the Smart Phone Honey Stick project. This project involved the “loss” of 50 mobile phones across five U.S. cities. These phones were preloaded with a combination of clearly labeled corporate data applications and data files. The study found that when a lost corporate-connected device is found there is an 83 percent chance that the person who found it will attempt to access corporate data or the corporate network. Sobering results at a time when corporations are allowing more mobile access than ever.

How can IT departments acquire the benefits of a BYOD workforce while mitigating risk? IT departments must begin by creating three layers of defense.

Create a BYOD policy – Employees need clear guidance on what is and what isn’t appropriate mobile device use in your organization. The rights and responsibilities of both the user and employer must be clearly defined.
Plan and maintain secure network – Although a well-crafted BYOD policy helps reduce many threats, you must be ready for the times when users push past the boundaries of your policy. Financial institutions must create a secure network. This means carefully examining how each threat, including threats from the mobile workforce, can exploit a potential vulnerability to lead to the exposure of a protected asset. A multiple layer of defense architecture must be used. This multi-layered approach should astutely and with consideration protect against potential threats and exposure based on where risk exists.
Implement mobile device management – With a mobile device management platform IT departments can approve or reject various applications or devices that could pose a threat to the organizations. In addition mobile device management platforms provide the ability to manage configurations, change security settings, and monitor devices.

As the workforce becomes more reliant on mobile technology financial institutions find themselves at a crossroads. Policy creation, maintaining a secure network, and implementing mobile device management are critical for a successful BYOD program. The organizations who support these technologies to address the needs of an increasingly fluid workforce will find themselves the beneficiaries of higher employee output and satisfaction with lower costs – a goal upon which both employers and employees can agree.

What’s your view on a BYOD workforce?