Remember the days when the IT department simply handed out computers and phones and told you what you could put on them? Then came BYOD, and now knowledge workers are adopting the latest and greatest personal devices—like smartphones and tablets—for both business and personal use. The next BYO phenomenon is already upon us: mobile and cloud apps. But as consumer app adoption in the workplace rises, so, too, do the security concerns of IT departments everywhere.
The Rise of the App
The impact of the “bring your own app” (BYOA) continues to snowball, as empowered employees increasingly seek new opportunities for mobile and cloud-based communication, collaboration, and creativity. Recently, my organization set out to examine the state of BYOA through a study of more than 1,200 IT professionals in small and medium-sized businesses. Our study found that 69 percent of businesses are using at least one employee-introduced app, including social and collaboration tools (like join.me and Basecamp), productivity apps (like Evernote and Google Docs), and cloud services (like Dropbox, Google Drive). Adoption of these applications is flipping the workplace technology procurement process on its head.
The survey also found that ease of use and individual work preference are key drivers of BYOA, particularly for productivity and social apps. Thirty-nine percent of productivity apps (Evernote, Google Docs, QuickOffice) were originally introduced by employees prior to being endorsed by the company. Likewise, 44 percent of collaboration apps (Skype, join.me, GoToMeeting) were first introduced by employees.
By and large, survey respondents believe that BYOA is here to stay, and that it can offer significant benefits to their organizations, including:
Discovery and adoption of new technologies. Instead of the IT department being solely responsible for researching the products on the market, companies can rely on a network of early adopters to discover useful apps. In fact, 47 percent of survey respondents felt that BYOA increased flexibility, while 37 percent believed it helped fill gaps in their organization’s technology portfolio.
Productivity. Among survey respondents, 49 percent believe BYOA makes employees more productive. If employees are using tools they choose themselves, they’ll be more comfortable with those choices and more productive as a result.
Cost savings. Instead of investing capital in one-size-fits-all solutions for the entire enterprise, companies can purchase single-purpose apps on an as-needed basis. What’s more, employees who purchase these apps for both personal and business use often do so at their own expense. As a result, 35 percent of survey respondents felt that BYOA lowered costs.
The survey also emphasized the fresh set of challenges IT is facing. Only seven percent of respondents feel they’re fully prepared, while 43 percent are concerned about lack of control over employee-introduced apps. But in spite of inherent security concerns, the BYOA trend is expected to continue unabated. While some steps have been taken, there’s not yet consensus when it comes to managing both the influx of these apps into the workplace and the sensitive data created by and shared within them.
What’s an IT Professional to Do?
As employees continue to introduce more and more new applications into the workplace—from cloud services and software to devices and mobile apps—IT struggles to strike a balance between maintaining control and relaxing its grip on the reins.
The popularity of apps is increasingly motivating IT to evolve its strategy. According to Forrester, IT management of BYOA varies greatly. Twenty-six percent of IT teams surveyed manage apps through an honor system, while 23 percent aren’t managing BYOA at all. Another 21 percent block certain apps. And while many IT departments may be tempted to center their policies on the concept of “prohibition,” the new paradigm is to give employees the knowledge and tools to protect data no matter how they access it. By implementing a common-sense policy that encourages appropriate use, organizations can maximize the benefits while minimizing risk.
When creating a BYOA policy, IT needs to make security and asset management its primary consideration. Some basic items that should be written into a BYOA policy include:
Password-protection for devices.
Identity management. Identity management is rapidly moving to the cloud, making data accessible in numerous ways without compromising security or user convenience.
Backup solutions. Users should be provided with an easy way to back up their device-based data so that it can be accessed in case of loss or damage. Similarly, they should be able to deauthorize and/or wipe lost devices remotely.
Education. Basically, think of IT as less of a gatekeeper and more of a facilitator. That means helping users understand new applications, informing them about the risks and how to mitigate them, and guiding them toward secure solutions.
Embrace the Cloud
The IT departments that will succeed at both of these goals are the ones that approach BYOA head-on and even embrace it.
It’s inevitable, after all. According to Gartner, the public cloud services market is forecasted to total $131 billion worldwide in 2013, up from $111 billion in 2012. What’s more, Nielsen reported in 2012 that US smartphone users have installed an average of forty-one apps on their devices. These aren’t just numbers; they’re the story of your life. Every day, people in your office are discovering and adopting applications to get their jobs done. Employees’ decisions are fueled by the desire to be more productive, and if there’s a cloud-based application that’s purpose-built for their needs, they’re going to find it and use it.
With that in mind, it’s important for IT to educate knowledge workers and open up a dialogue. They must also standardize their cloud tools, plug security holes in chat and file-transfer applications, and impose storage restrictions to control costs. And they should be open to adopting employee-introduced apps.
To stay relevant in this new mobile, cloud-centered world, IT departments have to champion the business. BYOA is part of that. Accept that it’s here and it’s growing, and get on board.
David Blair is a product VP for management cloud applications at LogMeIn, Inc. In this role, he’s responsible for the strategy, engineering, and delivery of a portfolio of SaaS software for remotely accessing and managing connected devices, solutions for cloud application management/BYOA/BYOD, and mobile access. Prior to joining LogMeIn, David directed PTC’s “social product development” strategy, which uses a combined social and mobile strategy to enable on-the-go product development.