A recent report from ISACA found that while there are still challenges and risks associated with bring your own...
device, IT administrators are increasingly embracing the trend.
"It's difficult to say 'no' to BYOD [bring your own device]. It's easier to say 'yes' and then you educate," said Ramsés Gallego, international vice president of ISACA and Dell Software's security strategist.
In a survey of 2,013 ISACA members, 41% of respondents believe that BYOD's benefits outweigh its risks for enterprises, while an additional 30% found those risks and benefits "are appropriately balanced." Almost all respondents said they believe the BYOD trend poses a governance issue for organizations.
Not every IT pro is convinced about the BYOD trend, however. About 29% reported that there are more risks than benefits for organizations when workers access a company network with their own equipment, the report said.
"We just created another arena, another platform, that we need to control. We just need to ask the right questions of the right people at the right time. We just need to understand what happens [next]," said Gallego, who noted that BYOD offers workers better productivity by allowing them to use the devices they're most comfortable with while at work.
The report calls on organizations to adopt strategies to address concerns about regulatory compliance, identity and access management, how information is controlled on mobile devices and which third parties should have access to that data, and issues surrounding staff training and costs for maintaining networks and storage systems.
"Set expectations. Talk to people; let them know why it's important," he said.
Administrators can look at ways that limit or otherwise control how and what kinds of data can be accessed with an employee's device -- and these kinds of steps are similar to other IT rules that organizations use for more traditional PC setups.
"In the very same way that companies have policies for laptops and PCs and printers and you have to tag everything... you have to have the right policy set [for mobile devices] and educate users in the very same way," he said.
But Gallego said it's more than just a rulebook -- organizations need to work with their people so management and workers understand how corporate data can be used and managed on privately owned devices.
"If you establish cultural security, you will get them to understand that this is the platform ... there is corporate sensitive [and] critical data on your device, and you have to understand as an employee you have to protect it," he said.