There is a growing trend to BYOD (Bring Your Own Device) at the workplace. Businesses can justify “sharing” the costs of those devices with employees because phones are used personally as well, and employees love more choice over the devices they can use.
But the issue is not cost or convenience. The real issue is MYOD (Mind Your Own Data): the ownership and control of confidential information.
Proformative, a blog aimed at accountants, refers to “Shadow IT” as a big problem. Shadow IT is the trend to share data through “the cloud” and not through company servers. For instance, employees will save data to Dropbox and be able to access, edit and share it right from any personal device. But how secure is that data? That depends on how secure the employee’s device is, and how secure whatever online (and usually free) service they use (hint: both are outside the company firewall and usually not very secure).
This can mean that company policies are being violated, and if the company is publically traded can mean trouble with laws like Sarbanes-Oxley. That spells liability for the company and a career-killing risk for IT and senior managers.
GIGOAM, a tech blog, suggests that the “consumerization of IT” (their term for Shadow IT) can be addressed by a proper mobile device strategy and policy: which devices, apps or online services can be used (and how they can be used) should be outlined in the policy.
A policy should also include the rights of the company over the data on that device/in the cloud. What happens if the employee quits or the device is lost? Many times the company can “wipe” that phone remotely. Where there is a BYOD policy, that right is not so clear…who would replace any lost apps? Who would pay to recover the device?
In all cases, this spells risk for your company, your information and your career. Some reasonable first steps for the not-so-technically-inclined:
– Don’t save confidential information to online services. It can spell the end of your career if it turns out you accidentally published it to the world-wide-web.
– Companies should manage the cloud services – their own, or secure cloud services like Dropbox for Business (https://www.dropbox.com/business/features)
– Use strong passwords (see HERE for our article on Passwords)
– Connect your device to work services only if you need to, not just because you can.
Devices or not, in the end what we do with company data (like saving it to Dropbox) becomes a problem for the company. Once it is in the cloud, it is outside the firewall and less secure. And accessing data stored in the cloud from a mobile device just means that it is that much less secure.
Today’s employee is expects and demands instant access from a mobile device. Business has to adapt. Fortunately, business is usually very good at doing just that!
For further reading:
Business in the Cloud Issues