Why should you be careful with BYOD!
- Security Problems
- Legal Problems
- Expensive to build
- Complex and hard to realise
Before it ends in: Bring Your Own Disaster
- There is no absolute BYOD strategy to set for every Employee in the company
- Complex and individual security statements (Global Activities)
- Hard to manage and coordinate (Global activities)
- Different Set of IT Sector needs to be installed (BYOD Managment)
- Separation between private and business
- Employee need to follow security guidelines (accept deactivation of functions – services – applications)
- BYOD Employee Training
Looking at BYOD and data security from the perspective of an enterprise there are a lot of issues a company has to face. According to Frank Fischer, a Mobile Solution Developer at Telekom Deutschland GmbH, “there is no absolute strategy to set for every employee in a company. In most cases where BYOD would become profitable we reached already a number of 1000 employees in an enterprise architecture. And at this level of employees there are so complex und individual security levels to build or we have to limit down the complete free use of the employees device. Deny access to specific software and services.”
From an enterprise perspective clear security statements need to be made and clear guidelines have to be followed otherwise there will be breaches in our system, because users intend to do things “knowing or not knowing” about it, what they normally should not do.
Also the globalization needs to be taken into account. Employees in different countries might face different security standards or government issues that would not fit into the BYOD system. A businessman in china can be sure that his mobile phone or laptop will be somehow monitored but later wonders that his “Evernote” account was hacked.
To bring and keep BYOD in synchronisation with the security levels of an enterprise we need to install a specific BYOD Management that keeps track and control of the whole BYOD system. Security Standards need to be rewritten and employee awareness and training has to take place.
- Employees need to sign and accept security guidelines
- Clear statements how to separate private and business
- Control of legal activity
- Training / Up to date Policy Renewals – Law Consulting company
With BYOD there are a lot of legal issues that comes with it and also some of them are currently fought in front of courts. Already a private mobile phone, that is used for business activity would be a legal activity. To do so a company need to sign contracts with their employees, that define exactly, how and under which conditions a private device can be used.
- How and which connection has to be used to connect to the companies network
- Agree to deactivation/reglementation of specific software, services
- The use of third party software needs to fulfil the data security guidelines
- Lost, Break, Maintenance reglementations are detailed listed
- Agreement to oversee family activity on BYOD
BYOD is Expensive and Complex
- Enterprise Architecture and BYOD
- Company should think about:
- How much and from where (global – China/America) access to information
- How important is information
- How secure has the connection to be
- What legal guidelines / IT guidelines need to be set
- Device Management need to be installed
- New set of IT Experts
On an overall perspective that a company has to face, it is a very complex and expensive decision, to make the step into BYOD.
A company has to think about how far they want to integrate “privatness” into their enterprise RISK / PROFIT before it ends in:
Bring your own disaster
On an overall perspective that a company has to face, it is a very complex and expensive decision, to make the step into BYOD. A company has really to be sure that their benefit is bigger than the risks and the costs BYOD brings. As Dr. Raoul-Thomas Herborg CEO of Virtual Solutions München and Armin Kruple CEO of AMAGO GmbH stated: “If you want BYOD you need a good security and good security guidelines and you need to do it the right and proper way. And doing it the right and proper way is complex and expensive! BYOD Management needs to be integrated in the enterprise architecture and has to be managed as a separate field, otherwise you end in Bring Your Own Disaster.”
- Expert Discussion BYOD CeBIT 2013 – https://www.youtube.com/watch?v=VLIa83gey5Q
- Raoul-Thomas Herborg CEO – Virtual Solutions München
- Armin Kruple CEO – Amago Gmbh
- Frank Fischer Mobile Solution Developer -Deutsche Telekom
- Harald Herrmann – Keynote Systems GmbH
- Axel Stett Certgate Gmbh
- Klaus Düll – Consultant – Pretioso GmbH