The evolution of the BYOD trend is moving fast, showing clearly that the boundaries between your personal and professional life have become increasingly blurred. Working 45 hours at the office has become an archaic model – more and more people work overtime and work from different locations, including the time it takes to commute to and from work.

Much of this BYOD development is reflected in the ability to access corporate networks from anywhere, anytime. The range of tools that allows this constant connectivity has become more powerful, with laptops, tablets and smartphones that provide access to a range of business applications and communications, while cloud computing effectively extends the desktop beyond office walls.

BlackBerry is not the only smartphone now to incorporate BYOD capabilities, which made a name for itself at the turn of the century with its highly secure email encryption system. Apple and Google are threatening to take over RIM’s market as companies look into alternative platforms for the iPhone, Android devices and tablets.

Some of those companies adopting BYOD programs are well known.  Most recently Yahoo!’s new CEO, Marissa Mayer, announced a new program to allow employees to get a new smartphone of their liking including iPhone 5, Galaxy SIII, HTC One X, HTC EVO 4G LTE, or even the Nokia Lumia 920, leaving BlackBerry behind as the only smartphone allowed for company use. Cisco, IBM and Dell have also invested towards their support for consumerization in the workplace.

“Mobile employees are productive employees, but the growing number of device types means that enterprises now need to support multiple operating systems. Before the rise of consumerization and BYOD, it was a straight-forward decision to only support BlackBerry, and limit the number employees who were given a mobile device to employee groups like sales and executives,” says Chris Fleck, vice president of mobility solutions at Citrix.

Best practices to secure the devices

We hear the most about the advantage of BYOD is greater productivity. However, recent research has indicated that this could in fact be the great myth of BYOD; the reality is that BYOD practices pose new challenges to security that may outweigh the benefits, if security measures are not properly taken into account by the organization.

Data loss is of course one of the main risks faced by mobile professionals using their personal smartphones (BlackBerry, iPhone, Android, tablets) for work.

To minimize this risk, it may be useful in the business of disseminating a document educating employees several best practices:

• Systematize the activation password (PIN protection) and other processes limiting access to the smartphone
• Proceed to update the OS when a new version is available
• Install applications to geotag the smartphone or erase data remotely in case of theft /loss (e.g. Find My iPhone on iOS, BlackBerry Protect, Androidtheft)
• Synchronize its address book with cloud services, or other terminal (e.g. iCloud for iPhone, BlackBerry Desktop Software) for data backup contacts.
• Avoid installing applications offered by unknown developers on the app stores (e.g. like Google Play)
• To connect to the Internet via Wi-Fi, and in case of transfer of sensitive data, be wary of unsecured public access password (e.g. at airports), and focus on encrypted networks.

“With the explosion of new smartphones and tablets that have captured the interest of employees who want to use these devices at work, companies need to develop an enterprise mobility strategy that includes the ability to “bring your own device” and also supports the plethora of OSs that come with it. Enterprises have to consider how they will deploy applications to these devices while keeping data secure,” Fleck said.

Select mobile applications

In addition to awareness-raising list mentioned above, it may be useful for organizations to compile a list of authorized applications, and also a list of not recommended or banned applications.

As part of the BYOD process, the variety of applications for smartphones and tablets can raise important questions about access to existing applications.

There’s a few different possible solutions: Web access mode, remote display, native application development or integrated via a MEAP (Mobile Enterprise Application Platform). But in all these cases, Software Remote Management plays a vital role in enabling IT to automatically update users’ devices with the latest patches to prevent any existing vulnerabilities to be exploited in the context of mobile attacks.

A few tips:

• Focus on applications developed by recognized publishers
• Focus on cross-platform application compatible with most mobile devices and OS (developed applications for iOS, Android OS, WP8, and Nokia). Some cloud services (Salesforce and Google Docs) are optimized for mobile platforms.
• Prioritize mobile applications to meet the most common needs such as email, calendar and contacts, Social networks, CRM, Time management and expenditure and ERP
• What applications are required, and which should be not allowed?
• What are the employees allowed to use these devices?
• Who has access to the network according to who, what, where and when?

“There are decisions about deploying native apps versus web apps or likely some combination. While web apps provide a generic cross platform alternative, access to legacy Windows apps, security limitations and user experience prevent web apps from being the silver bullet answer,” said Fleck.

“Hosted virtualized apps can provide access to Windows apps with the highest security however a good network connection is required, and apps may need to be modified to provide a good user experience. Native mobile apps provide the best user experience but also require limiting platforms and specific knowledge for custom development. With all of this app chaos, enterprises will need to look beyond simple mobile device management to holistic solutions that allow for the delivery of all applications (Windows, SaaS, native mobile apps) to all device platforms in the most secure way possible,” Fleck explains.

Enterprise-wide policies and tools

The implementation of a BYOD strategy will be a key influence in the creation of corporate policies and procedures moving forward. Organizations must understand that to effectively protect their networks and business data from potential threats to mobile devices, they must address the issue of security at the network level, not only at the terminal level.

Consequently, the only effective solution is to ensure that the heart of the network is protected and that the company can control both inbound and outbound access to the corporate network from external devices. IT organizations can detect and control the use of applications on their networks and terminals based on the classification of applications, and behavioral analysis and association with the user.

A company like Good Technology has made a specialty of this, with an offer that combines the functions of email, calendar, document storage and browser.

It is clear that organizations must invest heavily to adapt and change to a new way of supporting their employees in their technology choices, because consumerization has taken hold of our mobile world and there’s no turning back.