September 30, 2013
Information workers in India are increasingly using their personal devices, applications, and web services to accomplish both personal and work-related activities. Results from Forrester’s Forrsights Workforce Employee Survey, Q4 2012 indicate that at least 85% of employees use phone/tablet applications and web-based services for both purposes which is putting corporate information security under serious threat.
My interactions with numerous infrastructure and operations (I&O) professionals from large enterprises in India over the past six months have revealed that there is a high degree of awareness of the need to develop a bring-your-own-technology (BYOT) policy. However, actual implementations aren’t yet common, as I&O professionals are unable to address management’s three key concerns. These are, in order of priority:
- How can we ensure that information on employee-owned hardware and software is secure?
- What will be the return on investment (ROI)?
- What is the current business need for BYOT?
To answer these questions, I am wrapping up a report that will outline three best practices that early adopters of BYOT in India have used. For this report, I recently conducted in-depth interviews with CIOs and senior IT-decision makers at nine organizations in India that have formally implemented BYOT policies. Based on my conversations, I recommend three best practices for I&O professionals to address management’s key concerns:
- Enforce security on four levels: device, application, data, and network. Security at the device level can be managed through a mobile device management (MDM) solution. For securing data and applications, a containerization solution with built-in data loss prevention (DLP) is best suited. This ensures that there is an encrypted storage space on the mobile device to securely store business applications and data. Finally, on the network layer, implement network access control so that role-based access can be administered. For instance, the head of infrastructure services for one of India’s largest integrated telecom companies told us that they use DLP and secure application connections through an SSL VPN in addition to MDM.
- Focus on business benefits and reducing upfront investments. Position BYOT as a security project, but one that has significant upside. The benefits include cost savings; improved efficiency, productivity, and collaboration; and shorter response time. In addition, leverage existing IT infrastructure and extend it to the mobile environment to save on upfront costs. Finally, develop a multiyear phased road map with business benefits.
- Change your approach. Rather than directly approaching management, first sell the solutions and approach to internal business leaders. Then, together with these internal business stakeholders, approach management for approvals and budgets.
My upcoming report provides more detailed answers to the top three management concerns, along with actionable advice. It also includes excerpts of the conversations I had with companies.
Have you faced similar management-related challenges for BYOT? How did you tackle those challenges? I’d love to hear from organizations out there who have implemented a BYOT program.