Bring-Your-Own-App (BYOA) at Workplace: Trends and Risks

May 20, 2015 1:17 PM

Over the last few years, the mass adoption of mobile devices yielded a business trend popularly referred to as BYOD (Bring Your Own Device), which became commonplace in companies all over the world. The primary reasons for introducing BYOD in the first place are its ability to significantly cut IT costs and provide a greater flexibility to employees.

However, complexities related to managing all these devices grew parallel to the rise of BYOD. More specifically, secure transfer of sensitive data became highly difficult to manage, especially after employees started using a greater number of personal apps for work. Thus, as a natural consequence of BYOD, there merged an issue dubbed BYOA (Bring Your Own App), bringing a set of new challenges for CIOs and CTOs.

What is BYOA?

BYOA is a concept that increasingly replaces BYOD discussions in organizations of different sizes. Namely, it suggests an increasing lack of control over what employees install and use on their mobile devices, regardless of whether they are personally or company owned. Such a great variety of platforms and applications contributes to creating “shadow IT,” an infrastructure within infrastructure that is almost impossible to manage.

The common tendency to use personal apps for work is suggested in a 2014 Stratecast and McAfee study, which revealed that more than 80% of survey respondents say they have used SaaS not approved by their companies. This is why many security experts and business analysts believe that BYOA is yet to become a global challenge for both organizations that have previously introduced BYOD and those that are yet to start following such trends.


Why BYOA is important?

One reason why BYOA is an increasingly talked-about business trend is the fact that it can greatly affect corporate data security. With so many different platforms, user accounts and devices going in and out of the company, it can be truly challenging to maintain the necessary level of control over who uses what and when. With mobile devices already seen as the weakest link of enterprise security due to the fact they are likely to get broken or stolen, business settings are evidently exposed to greatest risks.

Managing BYOA at workplace

Of course, with a trend as aggressive as BYOA, it is virtually impossible to ignore it. This is why managers need to develop a strategic plan for managing their workplace, depending on the size of their teams and the amount of information generated daily. With respect to this, some of the critical steps that need to be taken are:

  1. IT infrastructure analysis. For large teams, a detailed analysis is necessary in order to understand how mobile apps are used. Based on this, managers can better assess what measures need to be taken to secure corporate data transfer.
  2. Employee education on risks and security practices. Even with the advanced security systems, employees often find ways to circumvent IT security policies. This is why it is important to help them realize what risks they are exposing the company to by reckless usage of third-party apps.
  3. Create a clear policy about the app usage. Too aggressive measures regarding the use of mobile applications can be counterproductive, which is why it is important to develop a plan that allows employees to use tools that help them work more efficiently and prohibits the use of those that are not essential for work.
  4. Ensure mobile devices are properly managed. By encouraging employees to download apps only from official app stores, use strong credentials and get devices from reputable mobile shops, managers can greatly improve both employee efficiency and device security.

The truth about BYOA is that it represents a trend tightly related to the global consumerization of IT, which is intended to create workplaces where productivity and collaboration tools are available at any point. Therefore, BYOA is only natural phase after BYOD and should be approached as another business trend of the modern age. Of course, some rules and regulations must be introduced in order to prevent undesired side effects of this transition, but these regulations need to be in line with employee’s expectations.