As the “Bring Your Own Device” phenomenon continues to grow in companies throughout the US, new concerns arise as these companies implement BYOD policies into their global operations.
For instance, the Wall Street Journal reports in a survey of 1,000 workers, more than 95 percent said they used public networks on their commute to and from work to connect with the company's servers and conduct business.
Companies with global BYOD implementations now must deal with how other countries address data security and privacy.
The Issue of Compliance
Employees are the first line of defence in protecting company resources being accessed by their personal smartphones and tablets.
Extensive training and familiarization with the BYOD policy is critical to its success, and in minimizing risk to the company.
Companies that do minimal training put themselves at a higher risk of an employee mistake.
However, training alone is not enough. The employee's willingness to conform to the BYOD policy is what makes it work.
Another survey by Coalfire, a US-based IT governance, risk and compliance firm, shows this lack of compliance by discovering that:
- Almost 50 percent of the employees did not password-protect their mobile devices
- Almost 33 percent used the same password for all of their devices
- Almost 50 percent said that the company had not had a discussion with them about mobile security
A BYOD policy must include training and enforcement measures to make it successful. This adds to the cost of implementing a BYOD environment which is why some businesses choose to do little in those areas.
With 50 percent not discussing mobile security with their staff, they are already setting up their BYOD programs to fail.
Global Data Privacy Concerns
A CIO Magazine article discusses Ingram Micro's decision to globally roll out their BYOD program.
Unlike their US version, the global policy proved to be more challenging. It involved working with company executives, human resources, finance and their legal team to evaluate the data privacy laws in each of the countries where they were represented.
Data privacy laws fall in the range of high concern and restrictions, (such as in many European countries) to almost no controls (such as in some Asian countries).
For instance, in the case where commuters used public networks on subways and trains to connect with the company, some countries actively monitor the data traffic while others have policies against it. Employees can use a VPN, but there are still some risks.
Where a VPN vendor maintains their servers is important. If the server is in one of the high data risk Asian countries, the authorities still have the right to monitor and log data and voice traffic.
The data privacy laws make managing a BYOD environment more challenging globally. A company that relies on a mobile device management (MDM) platform, such as the BlackBerry Enterprise service, has the capability to automatically wipe company data from a mobile device. This is seen as useful when a device is reported as lost or stolen. However, strict European data privacy laws again restrict the automatic and remote control of device data in this way.
Cultural Differences Add Complexity
Employees in different countries have access to different devices, carriers and voice/data plans. This is why BYOD implementation is slowing down in businesses with a large global component, says CSO Online. Businesses will have to know what devices are available in each country so they'll know what they will be asked to support.
They will no longer be dealing with a handful of carriers, such as in the US. They will be faced with many carriers and various prices and plan options in the various countries where they operate.
*Tommie Hawkins is an IT professional with an expertise in BYOD management.