Guest Column | March 14, 2014

Education And Security Are Key To Monetizing BYOD

Luke Walling, VP Sales & Operations North America, AVG Technologies

By Luke Walling, VP Sales & Operations North America, AVG Technologies

Practically everyone has been taking their mobile phones to work since they infiltrated our lives a few decades ago. Initially they stayed in our coat pockets or bags, or rested quietly on our desks, but they’ve since evolved beyond a means for simple voice or text conversations. Back then our mobile phones were personal and not for work. But as the devices themselves have changed, times have changed as well.

With people now carrying not just one, but often multiple Internet-enabled devices, mobile now has serious implications for business — both for managed services providers (MSPs) and their small business customers. Often it can be more convenient to work on a tablet or smartphone than a laptop; I myself spend far more time on my smartphone than I do my laptop. And the amount of data these mobile devices holds is substantial; it is, after all, a high-powered computer in a small form factor. The rapid adoption of personal devices at work, known as Bring Your Own Device (BYOD), has blurred the line between home and work use.

Companies are increasingly adopting BYOD policies to respond to this trend. Gartner even goes so far as to say that by 2017, half of employers may impose a mandatory BYOD policy — encouraging staff to bring their own laptop, tablet, and smartphone to work.

Even though the majority of smaller companies still use on-premise solutions, the business benefits made possible by using mobile devices to connect to cloud applications are becoming harder to ignore, offering employees more flexibility, work-life balance and lessening the impact of downtime for the employer. Not to mention, this also saves small businesses money and resources that they can invest elsewhere.

While the business benefits are clear, BYOD is certainly not without risk. Data and devices can be lost, stolen and exploited. If the device has access to the small business network, the risks introduced are often very similar to that of a PC. An exploited Android device can do nearly the same damage as a PC can, both in theft and propagation of threats inside a network. Email, cloud applications, credentials, and so much more are all often stored on a mobile device in the same manner as a PC — a juicy target for hackers. All of this opens a tremendous opportunity for the savvy solution provider.

According to a recent Spiceworks study, some 37 percent of SMBs were either managing or planning to manage mobile devices using a mobile device management (MDM) solution, but the remainder had no plans to do so, citing that the security threats were not big enough to justify the expense or that they did not know how to implement the solution. I’d bet that many those who had no plan to implement MDM need to be educated on the risks. A smartphone is not an appliance without risks, and that is often the perception. They are dynamic; their behavior changing with every new application installed.

As a MSP, you’re in a unique position to capitalize on this emerging risk. Your customers don’t understand what’s happening, and they don’t understand the risks of granting access to their treasured corporate data. It’s your job (and your opportunity) to address the mobile security concerns of your small business customers. Educating your clients on the true costs of protection and the deliverable ROI offered by MDM solutions is essential to not only monetize this trend, but to provide value to your customers in an area where they need desperately your help. MSPs must educate their customers about the dangers and work benefits of mobile devices. It’s not unlike the “good old days” of educating customers about the importance of backup and disaster recovery in my view — the benefits are plentiful and common sense. You can talk to them about real-world threats, including hacks and data loss, and a good MDM vendor should be able to help you with the conversation.

While there is no secret formula for protecting data or devices from theft, corruption or loss, education, a solid plan (including a BYOD policy), coupled with leveraging the right technology to automate tracking and security of the devices in use, all go a long way toward simplifying the process.

One thing’s for sure, underestimating the risks to your or to your end user’s devices and data is a potentially disastrous strategy. I’ve outlined some basic steps that both MSPs and their customers can follow:

  • Plan ahead and get buy-in upfront: Draft a solid BYOD policy and ensure it’s part of your solution for customers. Help facilitate employee buy-in of the policy, explaining their rights and responsibilities as a good corporate citizen. A good BYOD policy will document and define what you can do, and it’s critical that you’re able to remotely wipe and monitor devices, if needed.
  • Be practical: Find a good MDM solution to help manage the data and devices. The tools in your toolkit can make or break a good BYOD solution’s delivery to your customers.
  • Build a secure network: If a network is secure to begin with, it becomes much harder to hack. An exploited mobile device inside your network using your wireless network can do a great deal of damage and often leads to theft.
  • Limit remote access to resources: Only allow access to those who absolutely need it. Is email necessary, or does the employee only need access to a cloud app that you can more easily secure? The less data you store on the device, the easier your job is.
  • Passwords: This one hasn’t changed in years. Implement secure passwords that are hard to be challenged by brute-force attacks, and change them regularly. I’m sure that in the next few years we’ll see some advancement in credential management technologies that will simplify this point.
  • Encrypt data: Use cloud-based services to store data, so if the device is lost the data isn’t. Backup, backup, backup…

End users need to understand that BYOD is here today — it’s happening inside of their environment right now. I bet nearly every device your customers’ employees are carrying has been granted internal wireless access to the business network. It’s a huge risk and it’s far more affordable to manage than any similar risk of the past or today. Even the smallest of companies need support here and it’s a ripe opportunity for MSPs to implement it for them. I firmly believe that the task of securely managing small businesses networks, applications and mobile connectivity is best when left in the hands of locally-based, trusted MSPs.

Check out AVG’s BYOD eBook, packed with facts and advice, it explains the benefits, risks and legal issues of BYOD and offers protection tips for those concerned about what this trend might mean for their business.

Luke Walling is the Vice President of Sales and Operations at AVG North America, overseeing all aspects of channel engagement from sales to technical support. He joined AVG in June 2010 through an acquisition of his business, Walling Data, which focused on value-added distribution of products and services to the Channel and to non-competitive end user segments, as well as a locally-focused MSP and Break/Fix business. Since Walling has been both a channel reseller as well as vendor, he has unique insights into the needs of the customers he serves. Walling believes that providing top-notch customer and technical support is the key to successful partnerships.