As many IT departments struggle to keep up with yearly technology changes, company employees increasingly want to use their own devices to access corporate data.

BYOD encourages company employees to work on the device they choose - accessing corporate email on their iPhone 5 or using a Google Nexus 7 to view text documents. But BYOD also has a darker side. If not fully understood and regulated, it can threaten IT security and put a company's sensitive business systems at risk.


BYOD benefits

There are some key advantages to operating a BYOD strategy, which includes the following:

  • Increased employee satisfaction (they can work more flexibly)
  • Cost savings (reduced hardware spend, software licensing and device maintenance)
  • By enabling employees to securely and easily access corporate data on their own device, productivity levels will naturally increase.

BYOD Risks

While BYOD sounds attractive, businesses need to consider the full implications of allowing corporate data to be accessed on personal devices that they could have little or no control over. What data can employees have access to? What security measures are in place if an employee's device is lost, stolen or compromised?

Even though IT hardware spends can potentially be reduced with a BYOD approach, it may cost more for a company to integrate and support a diverse range of employee devices.

Planning a BYOD policy

The advent of BYOD is forcing IT departments and IT managers to develop and implement policies that govern the management of unsupported devices. Network security is paramount. Beyond passcode-protecting employee devices, these policies might involve encrypting sensitive data, preventing local storage of corporate documents and/or limiting corporate access to non-sensitive areas.

Implementing a BYOD policy

There are already several key players providing BYOD solutions, ranging from complete sandboxed access through to more lightweight (but user-friendly) solutions, which are policy-driven. The key issue is to guard against data loss or leakage.

Some practical advice for anyone trying to develop a BYOD policy is here below:

  • Any device accesses or stores corporate data must have examined with a full risk assessment against a variety of threats, and appropriate mitigations put in place. This could include anti-malware, encryption, passcodes, remote wipe, preventing jailbreaking, and sandboxing.
  • Invest in a solution that offers securely enabling enterprise of things-like functionality to Apple and Android devices, partition all corporate applications and data on devices to restrict the ability to 'cut and copy', enforce eight-digit alpha-numeric passwords with a special character and install VMware or Citrix virtual clients on tablets."

An effective BYOD solution will enable you to secure the data, not just the device. With this approach, IT departments need not worry about compromising security in the name of usability.


BYOD is about being innovative and helping your employees to work better. Employees want to use the devices that they are comfortable with in the workplace. They want to have the same experience at work that they have at home. People are used to using applications now, rather than browser-based solutions. By giving employees what they want, companies will ultimately benefit.