BYOD and Shadow IT back in the limelight

BYOD and Shadow IT back

Putting millions of employees into teleworking in a matter of days is no small task. This is even less so for firms hitherto reluctant to work remotely.
Not all employees have a computer provided by their company. Non-equipped employees must then use their personal Pcs to connect to their company’s cloud or internal applications (via VPN). Clearly, the recourse to the BYOD could have been imposed during the crisis and continues in a phase of deconfinement.

Equipment, a major challenge but constrained by finances

Equipment «is one of the big issues today», stresses Olivier Rafal, Vice-president Digital Business Innovations for PAC. This is particularly true in the public sector. “Setting up telework in the public sphere has been extremely complicated”, precisely for equipment reasons.

“IT cannot meet the full demand. So yes, there is a need to review this personal equipment,” the analyst says. However, these expenditures are not a priority as an economic crisis looms. IT spending on terminals is expected to fall by 15.5% in 2020.

Although everyone is aware of the need to evolve this equipment, the budgetary constraints are very real. Choices will have to be made in the companies», confirms Olivier Rafal.

However, BYOD cannot be a permanent solution. If it had to be tolerated at the height of the crisis, it does ask questions about security. This is not a new debate. It even largely predates the Covid-19 crisis, says Wavestone’s security expert, Gérôme Billois.

The limits of securing the BYOD

There are obvious “limits” to balancing security and BYOD. For Pcs, either fixed or portable, it is very difficult to truly measure compliance before connecting to the company’s network.” This is one of the reasons why companies are planning or conducting safety audits. The aim is for them to ensure that teleworking and access terminals have not triggered the spread of threats.

On mobile, the cybersecurity consultant believes that the solutions on the market today provide better protection. Containerization technologies such as those proposed by Blackberry and Samsung help to significantly reduce risk. “This can be an acceptable solution,” says Gérôme Billois.

On the other hand, on PC, comparable VDI solutions do not offer equivalent protection. However, safety, such as equipment, is subject to budgetary constraints.

It’s time for cybersecurity officials to review their budget before the cutoff falls abruptly. They need to determine their priorities for next year now by anticipating a budget cut of at least 20-30%,' he says.

Shadow IT will always exist

However, the crisis does not only raise the question of terminals and their security. In companies with the least collaborative tools, especially in the cloud, employees have often improvised. The solution: the Shadow IT, or the use of applications outside the supervision of the ISD.

"There will always be Shadow IT," said Olivier Rafal. "Users must be given a number of tools. If not, they will look for them themselves, including in the general public and insecure domain,” he adds.

Nevertheless, crisis or not, business applications available or not, the Shadow IT remains a reality in business. “This is not serious if it does not jeopardize the integrity of certain services or sensitive data,” says PAC’s consultant, inviting us to opt for licensing.

However, the pandemic may have exacerbated the expectations of internal users by highlighting the limitations of the tools provided. They had to appropriate the remote communication tools. Some have probably become "power users". The level of waiting has increased, and it will weigh on Cios, but also on publishers,” he concludes.