How to balance employee demands for the latest IT with business security

By Lorrin White, pictured, MD, Bamboo Technology Group

For years, IT had control over its domain. If you wanted a new piece of software or a new phone, you asked IT for it. This worked well because if anything went wrong, IT could fix it quickly because it knew the environment so well.

The so-called ‘consumerisation of IT’ (where major technology innovations are largely fielded to consumers first before making their way into businesses) has slowly eroded IT’s control. Employees can now buy the best and most innovative technology for their personal needs and download an app in seconds, so they are baffled when IT expects them to jump through hoops just to update Office 365.

One reaction to employees’ higher expectations has been the trend towards Bring-Your-Own-Device (BYOD), where employees are actively encouraged to use their own devices at work. Employees often love BYOD because they can use the technology they want to use. Businesses love it too, because employees are more productive and they often spend less on new hardware. But this change in ownership has also eroded the control, and with it the protection, that IT once provided. With cyber security attacks on the rise (such as WannaCry, Petya etc.), is it time for IT to take back control?

Unintended consequences

The most popular device that employees want to use at work is their smartphone. At the very least, a smartphone will have access to the company’s email system, but it could also have VPN access into the network and run a apps with direct access into the company’s ERP system.

Smartphones are potentially as powerful as any PC. Yet their nature of being mobile means they probably pose the biggest risks to information security in any business. Imagine someone picking up their workstation and walking out the door with it every evening. This is effectively what employees are doing with their smartphones. However, due to BYOD, a large proportion of these devices aren’t managed by IT because they didn’t provide them.

SME Publications/ SME XPO 2024

A third way: Enterprise Mobility Management

When it comes to BYOD, organisations must balance user freedom with the control necessary for security. This is essential.  A totally unmanaged device with full corporate access is a significant security risk every time it enters or leaves the office, but most employees do not want their employer loading up their new iPhone 7 with onerous security applications and restrictive policies. As a result, they ‘go rogue’ and don’t tell IT about their new device, undermining the organisation’s security in an instant.

Businesses cannot turn the clock back on BYOD. They must find a way to manage devices that maximises security while minimising interference. Many businesses are turning to Enterprise Mobility Management (EMM) to do this because it provides a single dashboard for monitoring, managing and securing an employee’s mobile devices. EMM can set controls for applications, data, apps, email and pretty much anything else within the device and, much to the user’s delight, it doesn’t bloat their phone with visible corporate controls.

You cannot undo technological innovation. You can only embrace and work with it. I believe EMM is as essential as antivirus software, firewalls and VPN. It is especially critical for BYOD environments, allowing businesses to keep employees happy while giving enough control back to IT to keep the business safe.

Who knew being in control could be so freeing?

SME Publications/ SME XPO 2024