Bring your own device (BYOD) in the workplace has risen dramatically over the last few years. According to research by Gartner, 30 percent of businesses currently embrace BYOD, a number that's expected to grow to 60 percent by 2016. As more employees than ever go mobile, smartphones, tablets and other devices are allowing them to blend work and their personal lives. In many cases, that's a good thing. Better access can improve efficiency, and there's even some evidence that BYOD improves how people feel about their jobs.

On the other hand, of course, there are some serious security issues that can put businesses at risk. What that means is that the next phase in BYOD is going to be all about security. Here we'll take a look at some of the key components of mobile security. (Get some background reading in BYOD: What It Means for IT.)

The Cost of Poor Mobile Security

Introducing employee-owned devices into the workplace as business tools can cause serious security problems. Most companies are aware of the difficulties posed by the new model. A 2012 survey from the Ponemon Institute found that 77 percent of companies consider mobile devices important in the workplace. Seventy-six percent of them believe that BYOD introduces "serious" risk.

Malware and data breaches are the main security concerns for business mobile devices. In the Ponemon study, 59 percent of businesses noted a rise in mobile malware infections over the past 12 months, with 31 percent reporting an increase of more than 50 percent.

Data breaches, which can be far more damaging to a company than malware, are also occurring at an alarming rate through mobile devices. The study found that 51 percent of businesses had experienced a mobile data breach, while a further 23 percent weren’t sure whether they have or not. (For related reading, check out The 7 Basic Principles of IT Security.)

What Businesses Are Doing Now

For the most part, electronic security for business has concentrated on networked IT infrastructures that can be protected with a unified security solution. The BYOD trend changes the landscape of IT security, forcing companies to rethink systems and procedures. With employee-controlled mobile devices, there are no standardized security protocols. In fact, there isn’t even a unified platform or device model.

The challenge of establishing security across multiple mobile devices is reflected in the survey from Ponemon, which reports that:

  • 55 percent of the companies surveyed do not have policies in place to dictate acceptable and unacceptable use of employee mobile devices.
  • Less than half of the 45 percent of companies with employee usage policies in place actually enforce them.
  • Only 49 percent of businesses require employees to use device-level security settings in the workplace.
  • Of those, just 6 percent report that employees are compliant with the use of device-level security, and a further 15 percent said they weren’t sure about employee compliance.

BYOD Security Solutions

Mobile Device Management
One possible solution for these security problems is mobile device management (MDM), an area that has seen a recent surge in the IT industry. In 2012, Gartner predicted that 65 percent of enterprise business will adopt MDM solutions by 2017.

MDM strategies are a big-picture approach to mobile security that uses comprehensive life cycle management for device content, access and authentication, and the device itself. For the most part, MDM is currently employed by companies that provide mobile devices to employees specifically for business use, but many are looking for ways to create MDM solutions for BYOD workplaces as well. (Read more about MDM in 3 BYOD Costs Companies Often Overlook.)

Remote Locks and Data Wipes
In addition to malware and data breaches, device theft poses a threat to business security in BYOD environments. Remote locking and data wipe capabilities are the most established security protocols currently in place to combat device theft. Unfortunately, these solutions aren’t ideal, especially for employees who use personal devices at work.

Remote locking enables a company to remove sensitive files and lock down an employee device through an Internet connection. While this can be effective, it doesn’t always work. The other possibility, data wiping, deletes all files and information from the device, which, of course, makes the data irretrievable should the device be recovered.

One Final Mobile Security Measure

The BYOD is here to stay. After all, expecting employees to remain plugged in is tantamount to expecting them to arrive at work in a horse-drawn carriage. Once technology moves forward, there's no going back. In response, smart companies will create solutions that allow employees to use their own devices for work while still ensuring that company data is protected. In that regard, one of the strongest solutions doesn't rely on technology at all. By that I mean an increase in employee education about mobile security.