BYOD Responsibly

“Bring Your Own Device” (BYOD) is gradually gaining acceptance. And why shouldn’t it? It’s a win-win situation for both the company and employees.

There is undoubtedly a lot to gain from BYOD. Most importantly, the cost of capital expenditure for procuring devices for employees can be shifted to the employees themselves and the company can pay the employee for the consumption of the resource. The employee also has a choice to buy the device of his choice based on a set of minimum specifications provided by the organisation. This pans out much better economically and procurement-wise as compared to investing in devices that become obsolete rapidly. This is an imminent change that is going to place as organisations, after all, cannot handle that kind of rapid renewal capability arising from technology, design and trend upgrades to devices.

It is very important that security risks arising out of BYOD should be addressed at the outset. Flexibility of work processes should be balanced with due considerations of corporate responsibility, protecting customer interests and regulatory requirements.

More from Biztech

Future Group - Reliance Retail Deal approved by CCI RBI ban on cryptocurrencies takes effect; prohibition could force investors to tap the black market

We, at Reliance Capital, do not want to deny any employee from buying any device, but when the employee wants to use the same for his/her office work, we ensure that there are certain security measures we have in place. I would advise the following guidelines that CIOs can follow for a more secure operating environment for BYOD in their respective organisations.

Firstly, one needs to ensure that the tablet or mobile phone is hardened. This essentially means ensuring that when the employee is working off company systems from his own device, there is nothing that can impact the secure status of data, settings and applications on the device that are also used when the employee is accessing corporate systems.

Secondly, putting in place an encrypted VPN tunnel will ensure a secure connection to company systems. Moreover, if the employee is going to download any data to work on, no company data should remain on the mobile device after the work is finished. This is done to ensure that user cannot store any data on the device, which can land in wrong hands in the event of the theft of the device or the possibility of company information being transmitted from the mobile device through other communication options.

When an employee is working on his own device, the company’s security measures should ensure that he/she works in a secure window. At that time, the employee should not be able to do anything else on his/her personal device. At this juncture, it is felt that this will be the most secure mode of access and operation on company systems.

For instance, if an employee is going to download any company data for some reason, there should be a process for that. Ideally, we should not even allow the download to happen and everything should be done off the remote servers. But, if downloading is unavoidable, then the data should be wiped off once the work session is over. Once office work is over, the employee can go back to his or her personal activities on the mobile device.

We should not forget that enterprises have to align their IT evolution with the employee evolution. And, if BYOD is the natural progression in the employee evolution, IT has to find a way to make that possible with the due incorporation of all security considerations. Here, the onus lies on the CIO to strategise and implement the most efficient solution to address the requirements and facilitate the natural progression of IT within their organisation.

The author is President and CTO, Reliance Capital.