The thought alone has security and IT managers quaking in their boots. An employee uses his personal smartphone to pull a customer report and inadvertently exposes the organization’s network to a malware attack.
It is that type of breach that organizations are increasingly forced to defend against as they implement bring-your-own-device (BYOD) programs, which enable employees to use their personal devices for work activities. Fueling the BYOD trend is the rapid adoption of smartphones and tablets, along with easily accessible apps and cloud-based services.
According to a recent study conducted by a group of Cisco partner firms, 90% of full-time workers in the United States use their personal smartphones for work purposes. Among other findings, 39% of employees who use personal smartphones for work don’t password protect the devices, and 52% access unsecured WiFi networks.
While the consumerization of mobile devices is giving today’s workforce newfound flexibility, organizations of all sizes are grappling with adopting written policies that stipulate what company data can be accessed with the personal devices, says Paul Boucherle, CPP, principal of Canfield, Ohio-based Matterhorn Consulting.
“IT departments are in the beginning phases or committee phases of putting together parameters around this animal because it is so big,” says Boucherle, who pens SSI’s “Convergence Channel” column. “It requires IT to do a ton of work.”
Systems integrators will be increasingly thrown into the BYOD fray as they seize opportunities to provide technologies and consultative services to end customers. For instance, Near-Field Communications (NFC)-enabled smartphones are projected to one day be used widely for mobile access control credentials in organizations and campus environments.
Those integrators that have invested in IT infrastructure skillsets will be ideally situated to win in the BYOD marketplace, says Julian Lovelock, vice president of product marketing, Identity Assurance, HID Global.
“It’s not going to happen overnight, but this transition to mobile-based credentials is going to be one of the areas where that investment over time pays off tremendously,” he says. “Because credentials you put onto the phone are by no means limited to physical access credentials. They can be credentials that are equally used to access IT infrastructure.”
Vector Resources, a physical security and IT systems integrator based in Torrance, Calif., is actively providing technologies and services for BYOD-driven projects. Illustrating the mushrooming use of mobile devices across the security and IT landscape, Vector is gaining traction with clients affected by requirements of the Health Insurance Portability and Accountability Act (HIPAA).
“A lot of agencies that deal with protected health information are moving toward electronic systems. A lot of them use contracted doctors and contracted health-care workers who don’t want to be told what mobile devices to use,” says Vector’s Patrick Luce, director of consultative services. “With that there is a huge demand in those spaces for appropriate BYOD policies and technologies to help them move forward with it.”
Luce explains that implementing BYOD entails four main components: establishing BYOD policies; having appropriate security technology in place to secure the network and mobile devices; adherence to software licensing; and training.
“All of those are all income opportunities for a technology company,” he says.
Integrators can look to manufacturing partners to receive training and education related to BYOD technologies, but that is only a part of the equation to developing a sound business application, according to Chuck Wilson, executive director of the National Systems Contractors Association (NSCA).
That’s where associations such as NSCA, Security Industry Association (SIA) and the Electronic Security Association (ESA), Wilson says, can play an important role in formulating BYOD best practices to inform the industry about the risk/reward on the business side as well.
“What everybody is racing to do is apply the same [consumer] technology to corporate settings without thinking through what are we really dealing with in terms of the risk potential,” he says. “It speaks to what our industry is all about today. You are both in the business of providing technology to these end points, but you are also in the business of helping your clients secure their organizations as well.”
Rodney Bosch is Managing Editor for SECURITY SALES & INTEGRATION. He can be reached at (310) 533-2426.