How to integrate BYOD into a small business

BYOD offers substantial benefits, but also security worries

BYOD

The BYOD or Bring Your Own Device phenomenon has been gaining pace, especially after Apple's iPad was released. As a small business owner BYOD can be something of a double-edged sword in that the benefits can be great, but security concerns can be worrying.

According to Ovum, BYOD is being used by all businesses, but often without any clear security policy in place. Adrian Drury, consulting director at Ovum, said: "The big consumerisation challenge for IT is that you are in a competitive market now; people had to use what you gave them because there wasn't any other choice. That, of course, has all changed. If you're not being given the tools you need to get your job done, you'll go and find a way around that."

What's more, research from TrackVia reveals that the millennial generation that make up a large proportion of small business employees have little regard for business security, with 70 per cent of those polled admitting they brought applications that were not authorised by their employers into the business to help with their work. And half use their own apps because those supplied by their businesses don't meet their needs.

Changing attitudes

There is, however, a change in attitude towards the use of BYOD that IDC has identified. Research director Chris Chute said: "Small businesses have seen the most growth in BYOD device uptake and have responded by implementing policies that govern how those devices are used.

This is a marked change from only a year ago when close to half of small firms cited having a zero-access BYOD stance. Now, with the availability of hosted software and easy-to-implement mobile solutions, SMB IT managers feel much more comfortable allowing personal devices access to internal IT resources."

Clearly few small businesses can avoid using BYOD across their organisations, as their employees may already be adopting a BYOD approach to their work. Your business can't ignore BYOD. Taking the time to develop a detailed implementation plan that includes how security will be managed is how small business owners can fully leverage what BYOD has to offer.

BYOD management

Integrating BYOD into your business will require a clear understanding of what you want BYOD to bring to your enterprise. Follow these steps to develop your business' BYOD policy and securely integrate BYOD across your company:

Take a BYOD audit

Before any integration or policy making can take place, your business needs to know how widespread BYOD already is. Assess which devices are in use, and which apps. More importantly, ask what motivates your employees to use BYOD over business-supplied devices.

Data storage and access

Your business already knows its responsibilities to comply with the Data Protection Act (DPA). BYOD also needs to be considered in this context. The Information Commissioner's Office (ICO) has published guidance that your business should follow to ensure it fully complies with the Act when rolling out BYOD policies.

The core advice from the ICO is: "BYOD raises a number of data protection concerns due to the fact that the device is owned by the user rather than the data controller. However, it is crucial that as data controller you ensure that all processing for personal data which is under your control remains in compliance with the DPA. Particularly in the event of a security breach, you must be able to demonstrate that you have secured, controlled or deleted all personal data on a particular device."

Risk assessment

Just as your business carries out risk assessments for health and safety reasons, a risk assessment for BYOD is vital before these devices are integrated into your enterprise.

Inside and out

BYOD blurs the lines between the use of business technology and the personal devices that employees own. It is critical to assess where personal and business operations lie to develop a BYOD policy that will be accepted by all. Assess the data silos your business uses, and ask how much access a BYOD device should have?

Tags