By far the biggest risk is not having any sort of BYOD policy in place. "Businesses need to recognise the importance of taking action," says Smith. "After all, by ignoring the problem they may unwittingly expose themselves to attack and, as a result, legislative or reputational threats."
Planning a BYOD policy
The advent of BYOD is forcing IT departments and IT managers to develop and implement policies that govern the management of unsupported devices. Network security is paramount. Beyond passcode-protecting employee devices, these policies might involve encrypting sensitive data, preventing local storage of corporate documents and/or limiting corporate access to non-sensitive areas.
"The first step for IT managers is to truly understand the problem they are trying to solve," suggests Coates. "And find the solution that matches. In addition to addressing immediate needs, the right solution will be scalable and manageable, and can grow with an organisation as its mobility strategy evolves and changes."
Coates outlines three stages for implementing a BYOD policy, starting with secure device management. "This is the basic functionality of managing devices, both those employee-bought or company-supplied. Let employees work on mobile devices and make sure nothing catastrophic happens. This leads to great improvements in productivity and loyalty.
"However, it's at stages two and three where true mobile productivity and insight comes in, as the focus shifts to mobile applications and data. First by tracking and deploying mobile applications and then establishing mobile collaboration through secure app-to-app workflows, where mobility can be a true catalyst for change."
Implementing a BYOD policy
There are already several key players providing BYOD solutions, ranging from complete sandboxed access through to more lightweight (but user-friendly) solutions, which are policy-driven. The key issue is to guard against data loss or leakage.
Smith has some practical advice for anyone trying to develop a BYOD policy: "Where any device accesses or stores corporate data, a full risk assessment should be carried out against a variety of threats, and appropriate mitigations put in place. This could include anti-malware, encryption, passcodes, remote wipe, preventing jailbreaking, and sandboxing.
"Invest in a solution such as Good for Enterprise that offers BES (Blackberry Enterprise System)-like functionality to Apple and Android devices, partition all corporate applications and data on devices to restrict the ability to 'cut and copy', enforce eight digit alpha-numeric passwords with a special character and install VMware or Citrix virtual clients on tablets."
An effective BYOD solution will enable you to secure the data, not just the device. With this approach, IT departments need not worry about compromising security in the name of usability.
"All in all, [BYOD] is about being innovative and helping your employees to work better," says Coates. "Employees want to use the devices that they are comfortable with in the workplace. They want to have the same experience at work that they have at home. People are used to using applications now, rather than browser-based solutions. By giving employees what they want, companies will ultimately benefit."