Take Control of the Unsupervised BYOD Party

Thursday, May 28, 2015

Michael Kienzle


Is your company’s BYOD (Bring Your Own Device) policy leaving your IT team feeling a bit uneasy?  If so, perhaps it’s time for a CYOD or Choose Your Own Device policy. So, what is the difference? Simply put, CYOD can offer more security and more control, and you can think of it more as Chaperone Your Own Devices.

Many companies that have established BYOD policies are experiencing IT security and management issues.  BYOD security concerns often stem from a device being compromised in a way that could allow access to company data, or that could jeopardize data (via malware, for example). Whereas, IT management issues can range from simply struggling to keep track of multiple operating systems to protecting the integrity of your network from the dozens (or hundreds) of business applications employees use for work.  According to an IDG survey of 1,600 senior IT security and technology purchase decision-makers, more than half reported experiencing serious violations of personal mobile device use.  These issues could be resolved or minimized with a CYOD policy.

Moving away from the BYOD mentality may make employees nervous, initially. After all, the now familiar BYOD movement has freed employees from the confines of their desktop applications and untethered them from their desk phones.  It seems that organizations everywhere, large and small, have seen some level of BYOD filter into their businesses. Even the White House now has its own BYOD policy.

Flash forward a few short years and companies are now re-evaluating the pros and cons of BYOD.  The freedom, efficiency, and cost savings of a BYOD policy could eventually become counterproductive and negatively impact a company.  Security breaches can become a reality with something as simple as a misplaced phone or tablet; or when an employee shares a BYOD device with someone outside of work. This can quickly and inadvertently allow access to employee contacts and calendars and client databases.  Another risk: a back channel into your company may become exploited when an employee device connects to an unsecured third-party Wi-Fi connection, resulting in access to sensitive company documents, information, and programs.

Is there a better answer for your company than BYOD - while still keeping employee freedom and accessibility? This is where CYOD enters the picture.  Similar to a BYOD policy, CYOD needs to be thought out and organized as to which best practices need to be instituted for your organization. There are a couple of ways a company can institute a CYOD policy. First, employees can choose from a list of devices the organization supports - and the employees can still buy their own preferred device from the list. Another option is for the employees to choose from a list of devices the organization supports - but the company buys the device (obviously this option is more costly for the company).

Either way, the IT department knows what these devices are and which applications are compatible for the business.  Having a managed set of devices and applications can help to resolve many of the security and management issues that arise.  The benefits of IT mobility management capabilities range from security administration with remote lock and wipe capabilities, to the ability to update applications, as well as using service portals for ongoing device management.

The negative impacts of BYOD on a company that include security issues can be drastically reduced with CYOD. Deploying a CYOD policy would keep the freedom of users working in remote locations while allowing the company's IT professionals to maintain order over the influx of various mobile devices and applications. According to Aberdeen Group, 73 percent of organizations with a CYOD policy are able to control access to their company’s network. This is not only for security, it’s also great for workflow, collaboration and productivity. A win-win situation for both the IT department and the end-user.

In the long run, CYOD maintains the basic premise of what BYOD began: using mobile devices to help keep employees at remote locations productive. If you think it’s time to bring the "chaperone" into your BYOD party, there is one thing to remember, the age-old adage, that there is always a trade-off between security and liberty.

Michael Kienzle is a marketing specialist at Digium, a business communications company based in Huntsville, Ala., that delivers enterprise-class Unified Communications. 

Budgets Enterprise Security Policy Security Awareness Security Training
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.