Mobile // Mobile Devices
Commentary
11/25/2013
09:06 AM
George Baroudi
George Baroudi
Commentary
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

Personal Computing Device Required: BYOD Should Rule

Just like using your own car is a requirement for some jobs, BYOD should become the norm for corporate IT.

Many, many years ago, salesmen travelled on mass transit to their jobs, where they picked up merchandise and the corporate car. They travelled door to door selling their goods. One day, a smart businessman realized that cars were becoming ubiquitous, and that most of his employees were traveling to the office in their own cars. On that day, a new journey began where job descriptions included the sentence "Car and travel are required." Companies saved millions. They saved on car purchasing. They saved on insurance. They saved on car maintenance. They allowed the salesman to be as clumsy or neat as he wanted to be in the car. We are on the verge of the year 2014, and no one remembers when that journey began.

Isn't it time we do the same with computers? Less than 10 years ago, folks were shy about showing their geek factor. Nowadays it is very chic to be geek. Many of us have a cellphone, a home computer, a tablet, and an office PC. Why isn't there a COO somewhere asking employees to come up with the dough and use their own devices? IT seems to be the problem, and here are its claims:

  • Security: IT claims that having a non-approved PC is a security breach. Why? It could infect the network. It could upload confidential data to the web. People can run rogue programs that cause denial of service.
  • Support: IT claims it is too difficult for the help desk to support every device on the planet. How can a technician take a help desk support ticket when he might not be familiar with the nuances of some odd operating system?
  • User preference: IT claims that users don't want to co-mingle their private data with their work life.

[ How do you go BYOD? Read 6 Tips For Financing BYOD Workplaces. ]

So let's look at these three reasons and bust some myths.

  • Security: In my humble opinion, security and network are an oxymoron. With digital cameras, security went directly out the window. Anyone can take a picture of any screen and any sensitive data and then tweet it in a nanosecond. With Citrix, VM, SSLWeb, and HTML5 applications, the security is on the cloud. Much more than that, the amount of information we collect in audit tables is tremendous -- type of device, IP address, time, space, and even now thumbprint. It is time to figure out how to secure our applications through the web.
  • Support: From CompuServe to Yahoo to Google, services have been supporting different PCs, Macs, browsers, and even phones for years. And you don't hear them complaining. They figured out a way around this. Why can't the rest of corporate IT do the same? Half the support currently in the corporate world is for hardware. If we ask employees to bring their own devices, that support all but disappears.
  • User preference: Users now are so connected that, every breath they take, every sigh they make, they are being watched. Any corporate geek on her own can read all your cloud footprints now. She can see your tweets, your Facebook Likes, and all manner of other posts. Personal data and private data overlap, like it or not.

Of course, I'm trivializing some things, but I am trying to make a point. It is time for the corporate world to embrace a less expensive approach by allowing employees to bring any device they like to the office. It is time to have a statement on every job description: A personal computing device is required.

The Five Ways To Better Hunt The Zebras In Your Network issue of InformationWeek's Must Reads explores ways to protect vulnerable users in your company, lessons learned from the Evernote breach, how the FBI is improving enterprise insider theft detection, and more (free registration required).

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Author
12/3/2013 | 9:54:55 AM
Re: Get rid of legacy applications, then we'll talk
Thanks for that sharing your personal experience developing a BYOD policy -- including the good, the bad and the ugly. I suspect what didn't work (end-runs & exceptions) are fairly typical. I like your simple "no nonsesnse" approach -- beyond stern warning to actually setting an example by wiping a violator's phone. Your policy of offering employees choices from a list of preferred hardware and software devices conforms to the results so far of our BYOD flash poll. 

Anybody else have a BYOD strategy that works? Let's chat about it in the comments.
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
12/3/2013 | 7:43:16 AM
Re: Get rid of legacy applications, then we'll talk
The craziness was a former employer and no their BYOD policies did not work.  They went as far as implementing a system that checked for hardware changes and would lock out devices if you plugged in a phone to your PC's USB port for example but that only lasted so long until two things happened.  First people found ways around the software locks and second higher level employees had their desktops removed from such policies rendering the whole system pointless.  Currently my BYOD policy is very simple but comes with very stern warnings and a no nonsense action plan.  We list preferred hardware and software versions for smart phones and tablets.  We have our own cloud based storage solution that users have access to from their own devices and they are expected to use that service.  When you agree to use your own device you sign a document saying that you understand that the company has the right to wipe your device remotely should we suspect there is data on it that should not be there, if your employment is terminated or if your device is lost.  Yes, I have remotely wiped someone's phone when it was learned that they were saving sensitive documents on it's internal memory rather than leaving it on the cloud storage solution.  It only took doing it once for everyone else to realize that the policy was there for a reason.  BYOD has quite a few benefits but you do have to be careful regarding the level of control that you give up. 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Author
12/2/2013 | 10:04:52 AM
Re: Get rid of legacy applications, then we'll talk
SaneIT, with all your commentary on your experience with physical device checks at the door, you've got me wondering what your company's "sensible BYOD policies" are. Do they work?  
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
12/2/2013 | 8:50:21 AM
Re: Get rid of legacy applications, then we'll talk
No, they were just there to keep "unauthorized" people and items from entering the building.  What was really funny is that we had moved from a site where we rented about half of the office space and the building owners handled security with a couple of guys who walked the lobby area and were more or less there to direct people to the appropriate suites inside the building.  When we moved to our own space it become necessary to stop everyone before they got past the lobby and there was one armed guard on duty 24/7 with one unarmed checking people in and watching people badge through a set of turnstiles. 
Alex Kane Rudansky
50%
50%
Alex Kane Rudansky,
User Rank: Author
11/27/2013 | 11:08:37 AM
Security
I've spoken with security experts who dislike BYOD mostly because of human error. They've seen too many doctors lose their unlocked devices, giving anyone who picks up the device access to sensitive information. 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Author
11/27/2013 | 7:53:28 AM
Re: Get rid of legacy applications, then we'll talk
Armed security guards? Really? I assume they were hired to look for something more dangerous than unauthorized mobile devices. But still....
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
11/27/2013 | 7:50:56 AM
Re: Get rid of legacy applications, then we'll talk
We had armed security guards, I'd be shocked if they stopped more than one person per month trying to bring items in.   Chances are if they recognized you then they weren't going to go through your bags.  I walked in and out with a backpack every day without ever being stopped.  Not that it mattered since if I really wanted anything I wouldn't have needed a camera to get it.  Policies are nice but they have to be written with some basis in reality.
Chuck Brooks
50%
50%
Chuck Brooks,
User Rank: Author
11/26/2013 | 1:17:58 PM
BYOD
BYOD is already happening in both the public and private sector. The best solution is a personal computing device with two processors that can isolate work activities from personal so malware cannot be tranferred.
Adam2IT
50%
50%
Adam2IT,
User Rank: Apprentice
11/26/2013 | 11:31:29 AM
HTML5 & BYOD
HTML5 can be an important tool for managing BYOD issues. For example, Ericom's AccessNow HTML5 RDP client enables remote users to securely connect from iPads, iPhones, Android devices, Chromebooks and more traditional laptops and PCs to any RDP host, including Terminal Server and VDI virtual desktops, and run their applications and desktops in a browser. AccessNow doesn't require any software installation on the end user device – just an HTML5 browser, connection and login credentials. An employee that brings in their own device merely opens their HTML5-compatible browser and connects to the URL given them by the IT admin.

That protects corporate data by keeping it off the device, and also reduces IT support costs, since IT staff don't need to spend time installing software on so many different platforms.

Visit http://www.ericom.com/BYOD_Workplace for more info.

Please note that I work for Ericom
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Author
11/26/2013 | 8:32:45 AM
Re: Get rid of legacy applications, then we'll talk
"..ignoring BYOD or pretending that you can keep it out of your company is short sighted. "

Totally agree.  Better to address the BYO reality with a practical policy. (In other words, don't let perfect get in the way of good). Of maybe hire bouncers to check employees and visitors for unauthorized devices at the door. 
Page 1 / 2   >   >>
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 7, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program!
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.