Almost overnight, it seems, permitting employees to bring their own devices to the workplace and use them to remotely access data and process controls has moved from a marginal activity to a mainstream practice.
Nearly two-thirds of manufacturing companies now permit bring-your-own-device (BYOD) interactivity. But the trend has happened so quickly that only a fraction of firms actually have policies in place to manage usage effectively and securely.
The gap between exploiting the advantages of BYOD while failing to batten down the security and control hatches has serious implications for all organizations.
But the benefits make closing that gap a goal worth pursuing.
Benefits of BYOD access
Real-time access and interaction can
- increase operational efficiency through instant control adjustment.
- anticipate, isolate, and prevent production bottlenecks and failures.
- improve communication via multiple platforms and languages.
- efficiently share and distribute data.
- improve customer relations through speedier and better informed responses.
- enable more effective monitoring of multiple processes across supply and value chains.
However, BYOD creates risks: notably, potential loss of data and, perhaps even worse, loss of process control.
Both of these risks are elevated through BYOD because of the danger of loss or theft of individual devices once they’re outside the workplace. According to TechTarget’s SearchSecurity.com article “BYOD security strategies: Balancing BYOD risks and rewards,” the Security for Business Innovation Council (SBIC) has cited this threat as its top concern.
Furthermore, in the event of a data breach, organizations may struggle to actually gauge the extent of exposure on unmanaged personal devices or to clearly identify the threat to process controls.
Despite the clear need to ameliorate these risks, as of 2013, only 17% of industrial organizations had a formal BYOD policy to ensure security of operations, according to Industrial IP Advantage.
Creating a policy
A policy doesn’t have to be overly complex or time-consuming if its purpose is carefully thought through at the outset.
One approach is to start by identifying user segments and needs — identifying the level of access and security for each employee group. This might range from an outright exclusion from BYOD usage for certain groups to total access for others.
For instance, according to the SearchSecurity.com article, the SBIC recommends the following checklist of rules for inclusion in a BYOD policy:
- End users should be responsible for backing up personal data.
- Lines of responsibility for maintenance, support, and costs should be clear.
- Employees can be required to remove apps at the request of the organization.
- Network access can be disabled if a user has a blacklisted app or if the device has been jailbroken.
- Consequences for any violations of policy should be clearly spelled out.
Other rules might include the right of IT departments to wipe lost or stolen devices, the mandatory use of PINs and passcodes, and tracking of activity and downloads.
BYOD is already a part of corporate culture across every type of business. For industrial organizations, balancing benefits with security and compliance is critical.
That means working with your process design team to integrate device security and create a policy that benefits your business and your users.