The BYOD phenomenon just reached a milestone of sorts: it’s now ten years since Intel coined the term BYOD, although the use of personal devices in business certainly predated the term.
According to Dell, 60% of workers use a BYOD smartphone for work purposes. And one study found that 85% of companies “allow not only employees, but even contractors, customers and suppliers to access enterprise data from their personal devices.”
As enterprises continue to adopt a BYOD strategy – and now a CYOD (choose your own device) strategy – for their employees, it’s fair to say that employees will continue to push back on employers, who inevitably require them to relinquish control over their mobile devices, not to mention the private data stored on them. The promise of working anytime, anywhere on any device comes at the cost of unfettered personal freedom.
As opposed to the “traditional” approach to securing the individual device, instituting app-level security mitigates the risk of a data breach – which increased 54% in the first half of 2019 – while enabling tighter vulnerability controls for the enterprise. At the same time, it ensures end-users maintain easy accessibility to the corporate data on those BYOD or CYOD devices, just as they already enjoy on their enterprise-sanctioned devices. Best of all, employees enjoy a degree of freedom to use the mobile device of their choice.
While accepting BYOD and CYOD as the means of giving employees the flexibility to work the way they work best, how can enterprises engineer solutions to make security and privacy non-issues? For one thing, enterprises will need a dedicated focus on addressing corporate security concerns much earlier in the development cycle, known as “shifting security left” – not as an add-on or an afterthought.
Development teams will need to investigate technology that provides granular controls for addressing both security and privacy; foremost among those concerns will be app-level security. What this means is that DevSecOps teams will need to build security integration into the development lifecycle. While stakeholders in that process have their own specialties – development, security or operations – now they must work like a well-oiled machine for a common purpose: protecting corporate data in the app.
On January 27, 2019, TechCrunch reported that cyber bootcamps were cropping up to address the “gigantic” cybersecurity skills shortage. It added that the bootcamps accept “non-programmers, train them in key skills and help them land jobs.” Still, with the mounting challenge of securing more apps on more devices, can traditional coding keep up? Perhaps the better question is whether there’s an alternative to manual coding. And there is.
Automating security integration by using a no-coding approach reduces development time substantially. Sure, coding security line-by-line worked in the past, but the ever-expanding legions of mobile workers, many with more than one “sanctioned” mobile device, are leading DevSecOps to adopt no-coding security integration as the norm.