BYOD movement can be a security challenge for IT departments, and big data adds a new level of complexity. Here are some points to keep in mind.
Samsung Unleashes New Mobile Devices: Visual Tour
(click image for larger view)
The bring-your-own-device-to-work revolution, a.k.a. BYOD, may make employees and executives happy, but it often means migraines for the folks in IT. End users love using their favorite smartphones and tablets at work, but IT is stuck with the arduous task of supporting multiple devices, safeguarding sensitive enterprise data, and generally making everything work together seamlessly.
This challenge is particularly acute in the small and midsize business (SMB) market, where IT staffs are already stretched thin. An expected increase in the use of big data applications, many of which use mobile devices as data-collection tools, may compound the problem as well.
Jeff Kaplan, CEO of Breakthrough Technology Group (BTG), an IT and managed service provider, often sees this dilemma firsthand. "You have this struggle within the SMB market," said Kaplan in a phone interview with InformationWeek. "[End users] want to have one device for personal and work. They want to be able to drop their laptop, pick up their phone and get the same user experience."
But IT departments often aren't prepared. Kaplan cited a recent survey of SMB leaders by market research firm StrateSci, in which just 22% of respondents said they've developed a BYOD policy for data access via personal devices. The study, conducted for cloud services provider Cbeyond, also found that 32% of SMBs aren't sure or don't believe their business information is sufficiently protected.
This lack of preparedness has more than one cause, but one major factor is that workplace computing has changed dramatically in short time, and many SMBs have been caught off guard. "Think about a couple years back," said Kaplan. "I hand you a computer. That computer is rubber-stamped by IT. It's kind of locked down. And that's pretty much it."
But that's changing as software-as-a-service (SaaS) and other cloud-based services gain popularity among businesses. "Today, many companies are adopting SaaS-based services, [which] can be used from any device. You can go to a Web browser through a tablet or iPhone and get to Salesforce or somewhere else," Kaplan added.
His four most important considerations for BYOD are security, policies, infrastructure and management. "Number one is security," Kaplan said. "BYOD is going to grow when people go to more of a centralized compute model."
An SMB needs to have a clearly defined set of BYOD rules and regulations for its staff and contract workers. Kaplan said, "It's one thing to say, 'OK, we're going with BYOD,' but where are the policies associated with that? If you don't have that [in place], how do you know if someone's doing something wrong?"
He added, "BYOD has certain use cases that are great fits for it, [such as] hiring part-time workers, consultants and call center workers. It makes perfect sense. But you can't do that in an environment … where your internal security policies are exposed because of it."
Standardizing and controlling an organization's computing infrastructure is another crucial step, as is effective management of your network. And while some of these considerations may seem obvious, that doesn't always mean that SMBs will implement them correctly.
The main reason: Lack of IT staff. "They can't just assign a person or a group of people to go off on the side, do this, and then come back," said Kaplan. BYOD is "very, very hard from an IT standpoint," he added. "They're already running 24/7 with their apps, and now they're asked to deliver new capabilities and technologies layered on top of that, and they don't have the infrastructure or the means to do so."
One solution for SMBs is a virtual desktop infrastructure (VDI) where IT pros centrally manage thin client devices. With VDI and BYOD, Kaplan said, the data that workers access never leaves the data center.
InformationWeek is conducting a survey to see where organizations are on the road to services-oriented IT and to highlight both challenges and benefits of this transformation. Take the InformationWeek 2013 Services-Oriented IT Survey today. Survey ends July 5.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.