On the surface, the case for Bring Your Own Device (BYOD) seems incredibly compelling: happy users, corporate savings and more. No wonder that as of 2014, 57 per cent of employees worldwide access corporate data in some form on personal mobile devices.
Here’s the thing about that. The fact that everyone’s adopting BYOD doesn’t automatically make it the right choice for your business – or your industry, for that matter. Contrary to popular belief, there’s really no such thing as a perfect, one-size-fits- all mobile management strategy. While BYOD might work quite well for a business involved in marketing or retail, its viability in regulated industries such as finance and healthcare is suspect at best.
“BYOD presents the most vulnerabilities and an increased likelihood that these will enable threats to materialize,” found a Mobility Risk Tolerance survey conducted for BlackBerry in late 2014. “Employees treat a device they own differently from one that their employers own. An employee-owned device is far more likely to be lost, shared, taken to unsafe places, and be left with old versions of operating software and out of date security patches in place. There can be resistance to putting security controls on an employee-owned device.”
It gets worse. If employees are unable to gain access to the content they need due to a lack of device support, they’re simply going to make use of an unapproved workaround such as an unsecured app or a public cloud or simply email content to their personal email address to work on it on their personal smartphones and tablets. Unfortunately, given that many regulated industries are stuck with legacy IT systems and incredibly obtuse application infrastructure, it often ends up being easier to go with a third party app, as it’s the only solution that offers employees the flexibility and ease of use that they desire.
Control of content isn’t the only concern, either. Since 2010, 68 per cent of all healthcare data breaches have been the result of device theft or loss, compared to only 23 per cent of successful attacks being linked to direct security compromises. The issue here is that up to this point, the prevailing opinion has always been that the company is responsible for monitoring, managing, and replacing any mobile devices, a policy that doesn’t function especially well when BYOD enters the picture.
In short, a pure BYOD approach – while certainly an excellent choice for many institutions – is far from the best option for everyone. For some organizations, it simply isn’t workable. But what alternatives exist to BYOD? And how can businesses in regulated industries still foster productivity and collaboration? There are four potential routes one can take:
- Restricted BYOD: For highly-regulated industries, a restricted BYOD strategy may still be possible – but only if it’s very carefully managed. Devices would need to have monitoring, compliance and security features loaded in and IT would need the capacity to remotely lock, monitor, and wipe any corporate data that resides on the device. Employees further would be required to sign a waiver regarding the extent to which their employer can monitor their voice and data communications.
- COPE/CYOD: Another alternative to BYOD is Corporately Owned, Personally Enabled (COPE). Under this device management strategy, employees are provided with a company device which, while a work tool, can also be used for personal activities like personal email and apps. COPE often goes hand in hand with Choose Your Own Device (CYOD), which provides employees with a number of different company-mandated devices to choose from. Not only does this strategy help a business better control its mobile infrastructure, it’s also looked upon very favorably by most employees – 8 per cent see company-provided personal devices as a perk.
- COBO: The traditional means of mobile device management is Corporate Owned, Business Only. This strategy is still dominant in government, healthcare, finance, and other similar public sector industries. In such fields, it’s often easier to deal with compliance/regulatory concerns, and legislation by divorcing the personal lives of employees entirely from their work devices.
- All of the above: As noted earlier, no two organizations are wholly the same where MDM and EMM requirements are concerned. For that reason, relatively few businesses will likely devote themselves wholly to a single strategy. Instead, they may adopt different MDM/EMM policies at different organizational levels based on user roles and requirements.
Regardless of which MDM/EMM strategies your organization ultimately settles on, BlackBerry has you covered. BES12, BlackBerry’s multi-OS EMM platform, is hardened specifically for regulated industries, and offers support for all tiers of ownership and deployment; from BYOD to COPE to COBO to everything in between. Designed from ground up for a seamless cross-platform experience, it allows administrators to easily control content, devices, applications and servers from a single management portal, while employees are equipped with the ability to independently troubleshoot any issues they may encounter through a self-service portal.
BYOD is a compelling option for many organizations. There can be no argument about that. For highly regulated industries, however, it may not be the best choice – other models, such as COPE or COBO, are likely a more fitting option for businesses that must navigate a complicated web of regulatory compliance.