The ‘bring your own device’ culture is making big waves in the local workplace
A recent BYOD report from Gartner predicts that by 2017, half of employers will require employees to supply their own device for work purposes. Analyst David Willis explains how a BYOD programme that subsidises the use of a personal device is critical, “and can dramatically change the economics”.According to Michael Fletcher, sales director for Ruckus Wireless sub-Saharan Africa: “Since the big marketing hype of Y2K, nothing seems to have caused a bigger commotion in computer networking than BYOD. BYOD is scary, and scary sells products. However, the reality is that BYOD has become a bit like Y2K. It’s a big problem that isn’t really that big. Mobile is surging, but product distributors have blown it way out of proportion as users are making enterprises reassess their wireless strategies.”Daniel Hall, VP of sales and marketing at Magic Software SA, believes: “BYOD is an engulfing wave that is rushing through all enterprises in all countries across the world. It is true that first world countries have taken to BYOD more rapidly than developing economies, but this is in part a function of individual affluence and culture, more than a deliberate business strategy.”He says in SA, BYOD has seen explosive growth in the last two years. “Some organisations have standardised on a specific device, with BlackBerry leading the way locally. Many organisations realise that they cannot avoid BYOD’s popularity and are embracing technologies that facilitate a BYOD approach,” he explains.According to Grant Vine, technical director of Cybervine IT Solutions: “With SA having been a BlackBerry-loving nation, the concept of BYOD (although viewed in a slightly different context) has been alive and well long before BYOD was assigned as the applicable acronym.”He states that in terms of staff bringing their own personal devices and requesting access to the traditional e-mail, and possibly corporate WiFi infrastructure, this too is alive and well.Paul Fick, divisional MD of Jasco Enterprise, believes the uptake of BYOD in SA is significant. “Consumers are realising the benefits of using personal devices in a work environment, and this has resulted in the phenomenon of BYOD. The price of these devices is further reducing, which will result in an even greater uptake of BYOD over the next few years.”Riaan Badenhorst, head of operations for sub-Saharan Africa at Kaspersky Lab, states that in his experience, the uptake of BYOD in SA has been phenomenal. “It seems that companies all over the country are implementing BYOD into their organisations, as they understand the benefits that can be derived. As technology continues to evolve, so we believe that the concept of BYOD will remain one that businesses invest in.”UPS AND DOWNS
Although significant uptake numbers are evident locally, some believe this marked increase has only been seen recently, indicating a general lag in BYOD uptake when compared to developed regions. Johani Marais, channel manager: Africa for Epicor, states: “Companies in SA are only now starting to realise what the benefits are of mobile device applications.
“According to recent Dimension Data and Ovum research, in emerging markets such as SA, more than 70% of employees who own a smartphone or tablet confirm using it for work, but less than 30% of enterprises say they support any employee-owned smartphones or tablets,” she points out.She believes many South African businesses are yet to embrace the concept and the benefits of a BYOD strategy. “The reality is that most companies who are implementing a BYOD strategy are doing so for fieldworkers, such as sales representatives and executives who travel for business,” she explains.Christelle Hicklin, customer experience director at Mimecast SA, states: “SA continues to lag slightly behind the more developed regions in the BYOD uptake for a number of reasons, including bandwidth limitations and limited local access to relevant devices.”However, she defines BYOD (fed by an increasingly technology-hungry workforce) as “a wave that will sweep away organisations that resist the change”.“BYOD will be driven by improved infrastructure, advances in mobile technology and a proliferation of devices,” she says. “Organisations that do not recognise and surf the BYOD wave are at risk. Technologically, they will become irrelevant as an increasing number of tech-literate people enter the workplace and bring a new set of demands and expectations that corporate IT departments have to deliver on.”According to Wayne Speechly, executive: communication services at Internet Solutions, in its simplest form – enabling basic business-use functionality like e-mail on consumer-owned smartphones and tablets – BYOD has seen massive uptake. “In the broader sense – where companies enable secure access to mission-critical business applications and data on personal devices – the uptake in the country is definitely growing. In fact, according to recent studies looking at Internet trends for 2013, SA is ranked 24th in the world in terms of mobile uptake in the workplace in relation to overall smartphone penetration.”However, Speechly continues, many organisations are still coming to terms with end-user policies, mobile security needs, interoperability, control, governance, cost management and compliance, as well as network and device management and integration. “One of the greatest hindrances to BYOD uptake is a lack of knowledge around how to change user behaviour, as this fundamentally changes a company’s expectations and demands in terms of a connectivity costing model.”
According to a survey published by PWC (in conjunction with InfoSecurity Europe and BIS) last year, as much as 75% of large businesses allow staff to use smartphones and tablets to connect to their systems, yet only 39% ensure that data on these smartphones and tablets is encrypted. According to the report, 34% of small businesses allow smartphones and tablets to connect to their systems, but haven’t done anything to mitigate the security risks.
“Concern about Internet data security, whether founded or unfounded, is the main reason why the whole concept of BYOD may take quite some time to take off in SA,” explains Marais. She stresses devices should only be allowed to connect when they provide sufficient levels of antivirus and malware protection. “A major problem is that mobile devices are highly prone to loss, so controls that enable the remote wiping of corporate data should be considered, and any such data should be held in encrypted partitions. Then, interactions with corporate data should be logged and controlled with a clear understanding among data security and governance staff of what data is being made available and where it is made available,” she says.According to Hall, there are a variety of security issues that must be considered when contemplating BYOD. “The decision should be based on the level of trust within the user base, and the perceived sensitivity of the data. The security concerns hinge on the decision to secure the app or to secure the device.“Special credential checks can be built into the app to ensure it can only be opened or used by the correct user,” he explainsFletcher states there are a few easyto- use features that have been around before the BYOD bell started ringing, which will help most organisations overcome the BYOD security blues. “BYOD shouldn’t be a scary concept, nor should it deter organisations and employees that want to reap the benefit that such flexibility has to offer.”Vine says, on a physical mobile device front, the concept of separating out personal from business into independent profiles on the device is currently the most effective way of controlling security and access requirements. “On a company level, very little should differ in comparison to their existing security measures. Applying the same methodology that you would for externally exposing an application to internally exposing it would facilitate all of the security requirements necessary.Assume that your data centre is a unique entity for which any access to it is considered ‘external’, and then apply security in terms of this guideline.”According to Speechly, the adoption of cloud-based IT architectures, both as a platform and a way to provision business applications, has made mobile security considerations more attainable. “Modern devices are also more robust and ubiquitous from an operating system and hardware point of view. Earlier devices were more restrictive and prescriptive, but we have reached the point where just about every consumer-owned device can easily connect over any network and can easily access any application,” he says.He also believes application developers are more aware of the demands these devices place on the applications they create, and are therefore designing robust business applications that can meet these demands. “MDM solutions have also played a key role in improving security as it controls what information gets accessed and how it can be used on specific devices,” he says.From a Mimecast perspective, explains Hicklin, the ability to run all data through a single platform means employees no longer need to operate outside of the company’s protected data environment. “Simply put, this means that company IP is protected, and governance and compliance, which remains extremely important for listed, financial and legal organisations especially, remain intact in all of the transactions through the own devices of employees,” she says. “With the security of data in place, whether it be coming in or leaving the company, there is a high level of trust allowing accessibility and ability to communicate effectively and productively without placing company information at risk.”According to Kaspersky Lab’s Badenhorst, a number of IT security companies have been implementing security measures for BYOD. “Through one platform, one console, and at one cost, IT administrators can see, control and protect all systems and endpoints in the network,” he notes.“BYOD is never going to be as straightforward as today’s IT service model, where approved and known equipment is provided and data carefully managed in a controlled environment,” Marais explains. She believes it requires a more complex IT backbone with greater management demands for network managers.“It’s just about cutting through the myths and the hype, and really understanding the benefits, impact and necessary processes that need to be implemented. Quick set-up. Easy access. Productive users – how BYOD is meant to be,” concludes Fletcher.
Click for the Online versionClick for the Hard Copy version