BYOA: How businesses can manage the ‘bring your own app’ trendBlog
Picture the scene. You’re sitting down for a Monday morning catch-up with Jen, one of your data analysts in South Africa. But instead of using your company’s conferencing tool, Jen insists you meet via WhatsApp or FaceTime, tools which she stresses are much more efficient.
This phenomenon? ‘Bring your own app’ (BYOA) – or in other words, employees using third-party applications in the workplace. This is a natural evolution of the Bring your own Device boom of the past few years.
It reflects the continued consumerisation of IT we’re seeing in the workplace (90% of workers who own a personal smartphone or tablet use third-party apps for work-related tasks). And it also throws up a multitude of challenges for companies that want to empower their employees to work productively while retaining control over their IT and data.
How has BYOA come about?
It’s common knowledge that generations Y and Z have been brought up in an app-centric world, and with consumer applications often providing the path of least resistance for employees looking to carry out specific tasks more efficiently, businesses are playing serious catch up when it comes to developing work tools that meet the requirements of every individual, in addition to being safe and secure.
New technologies have made exclusive ownership of data and information a thing of the past. To add to this, few businesses possess the necessary budgets to develop first-party applications that deliver to every function and all employees.
In short, companies can no longer control every type of technology their employees use, and should move to a culture of enabling individuals and teams to excel.
What are the risks?
When you invite workers to use their own third-party software, there’s a possibility you’re opening yourself up to potential risk. Many applications stem from sources you may not know and could have lower security standards than those validated through your IT organisation.
These applications can store data outside of your company and without encryption. Additionally, there may be potential complications due to remote access capabilities. These risks can significantly impact your brand reputation if you’re hacked and could also incur huge fines if you’re found to be in breach of compliance standards.
What companies are realising however, is that BYOA is a natural progression in the way we work, and should be embraced. Attempting to combat the BYOA storm with wholesale prohibition would be a fruitless endeavour.
Companies instead need to see this as an opportunity to further empower their employees with the choices (and tools) necessary to foster a productive climate. Their people are the subject matter experts, after all, and they should be encouraged with access to the apps that deliver the best answers faster. Or as Jeremy put it, security shouldn’t be technology led, it should be people led.
Yet herein lies the challenge. How do you strike the right balance between enablement and making sure your organisation is compliant? A notable example was highlighted recently, where an Asia-based organisation found many of its employees were using WeChat for both personal and business use.
If the company was to record all conversations on that channel for compliance, would this have a negative impact on how the individual viewed their employer and could this increase risk of talent flight to their competitors.
A culture of responsibility
There are many similar anecdotes and on a cultural level, it’s critical we display faith in our employees by keeping the button off or at the very least find a solution that can truly distinguish between corporate and personal activity.
Companies also need to establish a culture that will foster a sense of individual responsibility.
Start by establishing a clear and concise set of BYOA guidelines, and educate your staff accordingly. These guidelines should define exactly what kind of information is prohibited outside of approved corporate control, as well as the risks to the company if the rules are broken.
This is a progressive way of thinking. If we go back even five or 10 years, data protection was about building security around your business, but this approach doesn’t allow modern-day companies to differentiate and innovate.
Thankfully, companies are realising they need to be more open, and they’re being supported by more modern security technologies, such as advanced threat protection where data risk is analysed at the application level while also incorporating machine learning.
As the ‘BYO movement spreads and employees develop their own apps to work more productively, it’s clear this is no fleeting trend. Learn more about how to build a modern digital workplace and support the BYOA trend, check out our Digital Workplace hub.