Sean Wainer, CitrixSean Wainer, Citrix

While it is an exciting technological evolution, the trend of bring your own device (BYOD) is causing headaches for companies’ IT security systems.

Companies implementing BYOD face the challenge of allowing employees freedom to work anywhere, but still keeping sensitive corporate data safe.

“Imagine the scene: a plethora of devices, all of them private, each with their own configuration, accessing a corporate network with potentially sensitive data. Without controls, you get a massive nightmare,” says -Young" rel=tag>Simon Campbell-Young, CEO of Phoenix Distribution.

, country manager for Citrix southern Africa, says: “Compliance, data protection and privacy concerns are the top considerations in any BYO decision. Primarily, these issues have arisen as a result of the transfer of power away from the IT department.”

He says in previous decades, the IT department had end-to-end control of everything in the enterprise. “Not so much anymore. The practice of ‘secure everything equally and hope for the best’ just doesn’t cut it when dealing with BYO and cloud,” says Wainer. “Clinging to the comforts of ’s past leads to fear for ’s future.”

According to , NetApp SA country manager, the biggest threat companies face is not being prepared. “You have to be a lot more aware,” he says.

An influx of various tablets and smartphones to the company’s network means has to make provisions for all the various operating systems, he says. Many have managed some control over viruses, but Trojans are still a big risk. Employees downloading and running un-trusted programs leads to the possibility of allowing spyware or to penetrate the network.

So, how can companies combat these threats?

Wainer says the first step to securing BYO is “implementing a sound BYO policy, which ensures that data is available when and where it is needed, while remaining secure”.

Campbell-Young echoes this sentiment: “BYOD policies need to be transparent. Having parts hidden from employees can cause the policies to backfire. Such openness requires a rethinking of corporate communications with its traditional need-to-know basis. The trust that this change can foster will in turn fuel the productivity increases that enterprises are hoping to get from BYOD,” he says.

Styer says without proper policies and procedures, as well as appropriate infrastructure and protection against , mayhem will ensue.

According to Wainer, “businesses need to create an IT environment where IT retains the overall governance in the face of a plethora of devices. For example, adopting ‘follow me’ data solutions that provide IT departments with complete control over employee data and apps is an integral step to take, as it becomes the norm for employees to access the network anywhere, on any device.”

He adds: “Virtualisation is also a key component of providing for BYO – centralising data, increasing , reducing costs and enhancing productivity. This evolution is driving slow incremental changes to existing applications and processes, while enabling wild innovation for those who start anew – especially for those who transform through virtualisation. Effective virtualisation protects mobility, collaboration and social computing through isolation of sensitive resources. A BYO programme cannot be effective without virtualisation.”

“Security of data during its transmission between the mobile device and the organisation’s data centre is an important element. In addition, the of remote access to the organisation’s information must be ensured,” says Campbell-Young.

“Any BYOD strategy has to include the use of device management and controls to enforce the policy. This means installing device management clients on smartphones and tablets. It also means installing VPN clients. Employee devices can be configured by the organisation over-the-air, and they can be erased remotely if they are lost or stolen. All devices will be monitored for compliance in real-time, to detect out-of-date device operating systems and unapproved apps, and to provide jail-broken and rooted detection,” he says.

For Styer, one thing is clear for companies considering BYOD – they are behind the wave, and must catch up.

“With BYOD, you don’t have a choice,” he says. “Be prepared for it. Don’t try to block it. If you’re Draconian, you won’t get the benefits one gets when people are allowed to work how they want.”

There is a lot of research that suggests that when people are allowed to work with the tools they choose, productivity increases, he notes. Wainer’s advice to companies implementing BYOD is to “be flexible with your BYOD programme – and most importantly, accept that this isn’t just an IT problem”.

He concludes: “Engage stakeholders across the business, from HR to legal, to ensure that all aspects of a BYO programme have been considered – from policy to infrastructure. BYOD doesn’t have to be an all-or-nothing proposition. You have the liberty to control the specific services you want to make available on devices, and whether this will differ for specific work groups, user types, device types and network utilised.”