Securing your FM data in a BYOD world
David Cornish, Urgent Technology’s development manager, examines the risks, and rewards, of using personal mobile devices in an FM environment.
The facilities management (FM) industry is evolving at an ever-increasing pace, fueled by advancements in technology. Mobile phones and hand-held devices are now commonplace tools in the business world, and for none more so than the facilities or real estate professional who is more often out in the field than sat at a desk. Add mobile apps that integrate seamlessly with desktop FM systems into the mix, with the result that FM professionals are now able to communicate and update or access data on the move, all in real-time.
A corporate-issued mobile device strategy is one option for providing employees with today’s essential work tool. Alternatively, a bring-your-own-device (BYOD) policy allows employees to use their personal devices (smartphones, tablets or laptops) within the corporate environment. The theory is that people are more productive when using a device of their choice with an operating system they are familiar with. A BYOD policy can also mean lower upfront hardware costs. Most companies still prefer to issue a corporate laptop because they hold larger amounts of data, however smartphones and tablets are easier to manage, therefore many companies are willing to allow such devices on to their corporate network.
However, a BYOD policy that allows potentially sensitive corporate data to be accessed by a device that the business doesn’t control can pose a security risk. The policy should therefore include relevant clauses to ensure users take the necessary security precautions for their own devices – such as the use of an online password manager tool or fingerprint verification. The challenge to IT managers is that this cannot be mandated because the company doesn’t own the device. To safeguard against this, make sure the user can be removed remotely from any corporate system or application installed on the device and that corporate data can be wiped from the device if necessary.
Computer aided facilities management (CAFM) software providers have invested heavily in developing mobile application versions of their software, making their systems accessible to FM professionals on the move. In fact, the uptake of BYOD spearheaded the move to develop CAFM mobile apps, giving users greater flexibility over where they accessed FM data, along with the ability to respond to issues quickly.
To increase the uptake of the use of a mobile app – and for organisations to benefit from the associated time and cost efficiencies – the app should be familiar but easier to use than the mobile-enabled web version of the system. A good CAFM app offers the ability for users to work offline; updating tasks, adding documents and uploading photographs as if the system were live. Once a data connection is reestablished, the app pushes the data to the main server, with activity time stamp logged. In large ‘big box’ stores for example, where there is often no mobile signal, an app that does not have this functionality is less useful.
Good apps are designed to improve productivity, deliver real-time information and ensure all parties have access to the most up-to-date information, and therefore organisations should encourage their use. Keeping company data secure on a BYOD device can be a challenge, but this should be balanced against the commercial gain to be derived from permitting CAFM data to be accessed via personal devices.
To minimise the risk of any company data being lost should a BYOD device be stolen or misplace, organisations should ensure their CAFM app provider is following the secure coding processes discussed in our blog ‘5 Questions to ask your CAFM provider about security’, as well as educating employees on the importance of following best security practices.