BYOD – Bring Your Own Devices – is indisputably one the leading IT trend of the 21st century. Coming straight from the USA where over three companies out of four have allowed it, the BYOD phenomenon is today reaching Europe (less than two companies on four are concerned) with more or less success and drastically reshaping the way IT is purchased.
Why is Europe so late exploiting this trend? Historically, the old continent has proven to be reluctant with IT innovations. However, the situation is a bit more complicated in this specific case. Indeed, many IT professionals are questioning the real security hidden behind it. Many of them are pointing out the risks linked with data security and data protection.
In such a context, can the BYOD phenomenon be anything else than an IT disaster?
At the beginning of the year (2015), the French national commission for data protection and civil liberties (CNIL) released a full report concerning this trend (english translation available here). It underlines the fact that using personal devices at work is going to give powerful headache to IT managers. Today, the BYOD trend is closer to IT failure than success.
If 95% of US companies allowing BYOD at work have started an adequate IT security process, this number drops to 59% in Europe. However this massive adoption is not being followed by a mature IT management policy that should already be conducted by organizations.
Does it mean that we should definitely abandon the BYOD to privilege other solutions? Not necessarily as the whole picture is not as dark as it seems…
The major issue linked to the BYOD trend is to find adequate solutions that would easily protect professional data on a side without compromising the private sphere of each user on the other side (as the device serves for both personal and professional use). As a recent study released by Kaspersky Lab highlighted, 68% of French users are not protecting their devices at all. In such a context, the role of IT managers is to bring innovating solutions on the table if they want to protect sensitive data belonging to their companies.
It is thus mandatory to create and release IT charts respecting all the boundaries between the organization’s data and user private data. Knowing that several millions of devices (smartphones, laptops, tablets) are stolen each year in the world, protecting mobile devices is today inevitable. An organization that won’t grant any importance to mobile devices security would clearly increase the risks of data leakage.
Finally, it is important to keep in mind that protecting new technologies is not enough. Once again, collaborators, partners and employees need to be concerned and familiar with the ongoing process. Consequently, specific trainings have to be granted each year in order to accumulate IT knowledge about the best practices to have. To conduct such a policy, Chief Security Officers, Chief Data Officers and IT managers absolutely need the help of all collaborators on a daily basis. Without awareness and concerns, any IT policy as good as it could be could secure your data.
Please don’t hesitate to contact our team of experts if you have any questions, remarks or comments.
« IT security and risk management among Gartner Top 10 IT trends for 2015