Five minutes with: GCI's Head of Product, Jon Seddon
BYOD: why organisations are only just waking up to the issues
2 August 2017
We’re now a few years into the ‘BYOD’ phenomenon. To what extent do you think organisations are on top of it?
Organisations are only just waking up to the issues. For many years companies either ignored it completely or tried to prevent users from using their own devices. The primary assumption was that employees were using their phones for ‘fun’ only and they couldn’t foresee how work and leisure could co-exist on the same device. But, of course, this has now changed given that personal laptops, tablets, and smartphones are often more powerful than the aging devices supplied by their employer. And who wants to carry around multiple devices?
How should firms get a grip on their data?
Being able to communicate effectively on any device has enabled modern organisations to increase productivity, which is welcomed by all, but the spread of corporate data across multiple devices is now what’s keeping the CIO up at night. This doesn’t have to be the case though. Products such as Microsoft Intune enable users to get the benefits of mobile first, but it segregates and secures the corporate data on that device.
Are we going to see the end of company-issued devices? Isn’t it just easier for employers to help with employees’ mobile bills instead of sourcing the hardware?
We’ll probably never see the end of it completely, but certainly some organisations are questioning whether it’s desirable to spend a fortune on devices and the mobile contracts that come with them. But there will always be those bosses that see the corporate supplied and managed device to be more secure and / or cost effective because they believe they have more control in this model. Modern mobile device management technology means that this is a perception, rather than reality.
What are the advantages and disadvantages of going ‘full BYOD’?
Enabling users to do their work on their chosen device in a secure way must be seen as the ultimate win/win situation. It’s about empowering employees to use the devices they want to use. This can even be seen as being a people retentive strategy in our knowledge economy, where the millennial workforce can change employer based on these seemingly trivial types of decisions. But actually, none of us want to use an ageing device, heavy in the pocket, light on features with a battery that will invariably be on its last legs. For those employers that are willing to implement the right systems and processes to secure their data, you cannot find any disadvantages to BYOD.
How does GDPR impact on BYOD?
The ICO will be enforcing GDPR in the UK and it has been on top of the BYOD issue for a number of years. There is one basic principle that is has issued specifically in terms of BYOD: It is important to remember that the data controller must remain in control of the personal data for which he is responsible, regardless of the ownership of the device used to carry out the processing.
Everything works back from this principle so it means the right systems and processes must be in place to stay in control of the data – this means being in control of data and being able to wipe data should a device get lost or the employee leave a business. This is a great example how Enterprise Mobility + Security will help.
So segregating data is key?
Absolutely! Services such as Enterprise Mobility + Security from Microsoft allows businesses to segregate corporate data on personal devices, but above and beyond that, they control what users can do with the documents that hold that personal data. For example, regardless of the device, the copying of credit card data can be prevented because the document and its associated ecosystem understands that the data is personal and prevents that operation every time. Managed services providers can assist with an organisation’s overall approach to GDPR by helping them understand where personal data exists, who has access and alerting them if they are at risk of breach – regardless of the vector.
TFL reported that in one year nearly 33,000 mobiles were lost on its services. That’s just London Transport alone. So, what should firms do in the inevitability that employees will lose their devices?
It gets back to the crucial ICO principle. The first thing here is that, regardless of whether an organisation is supplying the devices are supporting BYOD, they have the mechanism to secure the data and if necessary wipe the data from that device as soon as it’s reported as lost or stolen. Services such as Microsoft Intune enable this in both cases. Secondary, it would be wise to determine whether insuring against physical loss is cost effective – in a world of BYOD, this cost is carried by the employee who is happy to do this because they have a personal investment in the device.
What’s the balance between education and stipulation when putting an IT policy in place for employees?
You need a robust and easily understood data protection or IT usage policy in place, but this shouldn’t prevent employees from effectively doing their job. This is where modern services fit – they provide provable protection of customer data with auditability, thus guiding users to good data husbandry and preventing blatant abuse of company policies.
Want to know more about how GCI can help you enable a secure BYOD policy? Get in touch at firstname.lastname@example.org.
Head of Product