Get the latest tech news How to check Is Temu legit? How to delete trackers
TECH

Security for personal mobile devices for work tightens

Byron Acohido, USA TODAY
Darin Adcock oversees and maintains the technology for more than 50 attorneys at Dowling Aaron, a law firm in Fresno.
  • 'Bring Your Own Device' — BYOD — is on the rise
  • Companies worry about security
  • Some company IT practices can invade employee privacy

SEATTLE — So you don't mind paying for the latest, greatest mobile device and dedicating it to both home and work tasks. Join the crowd.

BYOD — Bring Your Own Device to work — is a trend that's been on the rise for a few years. Companies save costs, employees enjoy greater flexibility, and both reap productivity gains.

Companies in 2012 generally conceded that BYOD is unstoppable. That said, workers who opt to join the BYOD craze this year won't have the same free-wheeling experiences that characterized the trend in its earlier stages.

This year, BYOD participants can expect to relinquish control of their devices — and forgo a level of privacy — as companies impose much tighter security constraints, mobile industry analysts say.

"If workers want more BYOD, they will need to give up something in return," says Jack Gold, researcher at J. Gold Associates. "That's the ability for enterprises to enact policies and control their access and actions."

As the BYOD craze heated up in 2012, tensions mounted. Information-technology departments used to micromanaging the use of company-supplied equipment discovered that locking down employee-owned devices — without stifling new-found productivity gains — was anything but simple.

In response, a new category of tech systems, referred to as mobile-device management, or MDM, tools and services, took root. "Organizations will continue to grapple with BYOD security and usage issues in 2013," predicts Christian Kane, enterprise-mobility analyst at research firm Forrester.

Mixed tasking

The beginnings of BYOD trace back a few years, when consumers first began gobbling up cool new social-networking, gaming and mapping apps delivered via state-of-the-art mobile devices.

Initially, workers looking for an edge began to tap hot new consumer apps for work-related networking and collaborating on iPads, iPhones and Android smartphones. Then, app-happy senior executives began to demand access to company e-mail and databases via their new smartphones and touch tablets.

"Employees sought the ability to mix work during personal time and personal activities during work hours," says Chad Bacher, chief product officer at Webroot, a supplier of mobile-security services.

Corporate information technology departments couldn't resist the consumer-driven BYOD tide. Forrester estimates 37% of organizations today allow employees to connect personally owned smartphones to company networks, and 34% allow hook-ups for personally owned touch tablets. That's up from 34% and 30%, respectively, in 2011.

The impetus for more companies to jump on the BYOD bandwagon seems certain to intensify this year as Microsoft continues a major push to bring Windows 8 smartphones on par, in consumers' eyes, with iPhone and Android handsets.

"Technology devices are now a form of self-expression," says Bim Parmar, vice president of marketing at networking software firm Faronics. "Why settle for a corporate black brick when your mobile device can become an extension of your personal image?"

Smaller organizations continue to lead the way. Dowling Aaron, a midsize law firm in Fresno, Calif., fully embraced BYOD three years ago. Today, its 50 attorneys use an array of iPhones, iPads and Android smartphones as personal communicators that also double as tools to access corporate e-mail, client files and work apps.

Recently, after leaving his iPhone 5 in his Lexus to attend a funeral, one of the law firm's attorney returned to find his vehicle window smashed and his new smartphone missing. He reported the theft to Dowling Aaron's IT director Darin Adcock.

Using a mobile device management (MDM) service from AirWatch, Adcock was able to quickly locate the missing phone and zap its memory card clean. "We have the ability to ensure that our data is not out in the wild and out of our care," Adcock says. "I was able to do a remote wipe as soon as the attorney told me about the incident."

Dowling Aaron is among early-adopter organizations that have grown comfortable leveraging the full smorgasbord of BYOD tie-ins and security services, while also winning the cooperation and enthusiasm of its employees.

"Companies that actively support BYOD create a more flexible, agile workplace, lower employee-related costs and increase employee satisfaction," says Kurt Roemer, chief security strategist at virtualization firm Citrix. "BYOD allows workers to better manage their complex lives by interspersing work and home activities."

Resolving strategies

Even so, the vast majority of large companies have only dipped their toes into BYOD. Some 83% of 350 large companies recently surveyed by security firm Blue Coat permitted access to e-mail from employee-owned devices. Yet, only 24% allowed access to sales force automation programs and 19% to supply chain management apps.

"This really shows that organizations are in the process of trying to understand and resolve what their strategy should be for engaging mobile users," says Sasi Murthy, Blue Coat's senior director of product marketing.

One challenge companies face is distilling marketing pitches from a suddenly burgeoning field of tech vendors offering powerful tools and services designed to help companies take more intricate control of employee-owned devices.

Dozens of MDM start-ups such as AirWatch, MobileIron and Zenprise have entered the field. Tech stalwarts such as Microsoft, Cisco, IBM and SAP are jumping on board to help companies implement and enforce new mobile device usage policies.

Sales of MDM systems rose to $790 million in 2012, up from $445 million in 2011. MDM sales are on a hockey stick curve, projected to climb 36% annually for the next few years — to $1.8 billion by 2016, according to tech research firm IDC.

Security is the big driver. "There are tons of security concerns," says Tom Kemp, CEO of Centrify. "Phones getting lost or stolen can lead to someone outside the company accessing corporate information. Or malware installed on a phone brought into the corporate network can begin spreading throughout the network. These are just a few of the concerns folks have."

New MDM systems enable companies to implement and enforce policies that restrict access to company business apps and data bases. If the employer chooses, MDM can be used to monitor which apps and games an employee has downloaded to his device, as well as how much time the worker is spending on games and social apps.

The employer can even block access to apps stores, disable phone cameras or use the device's GPS function to monitor where an employee spends work and personal hours, says Giri Sreenivas, mobile manager at security firm Rapid7.

"Just because you bought your device and bring it into work doesn't mean you can do everything you want with it," Sreenivas says.

Balancing act

During the coming year, many companies will be faced with pulling off a balancing act between protecting company data and ensuring BYOD users' privacy isn't trampled.

The early pattern has been to require employees to permit the company to control any functions that could affect company data, as well as reserving the right to track the phone, and wipe it clean, should it become lost or stolen.

"Companies are holding on to control right now because they're uncertain how to make this work," says Forrester analyst Kane. "But this is not as much about controls as it is putting up guardrails."

Mobile industry analysts anticipate rising employee backlash in 2013 — and big companies gradually relaxing their historical need to control everything.

Employees, after all, have leverage, too. They can continue using the latest consumer apps on their personally owned devices for work chores, without signing any company usage policies, as many currently do.

"Organizations have to fundamentally change the way that they think about security," says Rapid7's Sreenivas. "They have to think about what makes up an acceptable use policy, one that employees can believe in and agree to."

As this development plays out, employees who use their personally owned smartphones or touch tablets for work should take the time to read and understand company BYOD policies. And back up any stored data, including contacts, messages and favorite apps, you care to preserve.

Featured Weekly Ad