Mobile // Mobile Devices
Commentary
11/25/2013
09:06 AM
George Baroudi
George Baroudi
Commentary
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

Personal Computing Device Required: BYOD Should Rule

Just like using your own car is a requirement for some jobs, BYOD should become the norm for corporate IT.

Many, many years ago, salesmen travelled on mass transit to their jobs, where they picked up merchandise and the corporate car. They travelled door to door selling their goods. One day, a smart businessman realized that cars were becoming ubiquitous, and that most of his employees were traveling to the office in their own cars. On that day, a new journey began where job descriptions included the sentence "Car and travel are required." Companies saved millions. They saved on car purchasing. They saved on insurance. They saved on car maintenance. They allowed the salesman to be as clumsy or neat as he wanted to be in the car. We are on the verge of the year 2014, and no one remembers when that journey began.

Isn't it time we do the same with computers? Less than 10 years ago, folks were shy about showing their geek factor. Nowadays it is very chic to be geek. Many of us have a cellphone, a home computer, a tablet, and an office PC. Why isn't there a COO somewhere asking employees to come up with the dough and use their own devices? IT seems to be the problem, and here are its claims:

  • Security: IT claims that having a non-approved PC is a security breach. Why? It could infect the network. It could upload confidential data to the web. People can run rogue programs that cause denial of service.
  • Support: IT claims it is too difficult for the help desk to support every device on the planet. How can a technician take a help desk support ticket when he might not be familiar with the nuances of some odd operating system?
  • User preference: IT claims that users don't want to co-mingle their private data with their work life.

[ How do you go BYOD? Read 6 Tips For Financing BYOD Workplaces. ]

So let's look at these three reasons and bust some myths.

  • Security: In my humble opinion, security and network are an oxymoron. With digital cameras, security went directly out the window. Anyone can take a picture of any screen and any sensitive data and then tweet it in a nanosecond. With Citrix, VM, SSLWeb, and HTML5 applications, the security is on the cloud. Much more than that, the amount of information we collect in audit tables is tremendous -- type of device, IP address, time, space, and even now thumbprint. It is time to figure out how to secure our applications through the web.
  • Support: From CompuServe to Yahoo to Google, services have been supporting different PCs, Macs, browsers, and even phones for years. And you don't hear them complaining. They figured out a way around this. Why can't the rest of corporate IT do the same? Half the support currently in the corporate world is for hardware. If we ask employees to bring their own devices, that support all but disappears.
  • User preference: Users now are so connected that, every breath they take, every sigh they make, they are being watched. Any corporate geek on her own can read all your cloud footprints now. She can see your tweets, your Facebook Likes, and all manner of other posts. Personal data and private data overlap, like it or not.

Of course, I'm trivializing some things, but I am trying to make a point. It is time for the corporate world to embrace a less expensive approach by allowing employees to bring any device they like to the office. It is time to have a statement on every job description: A personal computing device is required.

The Five Ways To Better Hunt The Zebras In Your Network issue of InformationWeek's Must Reads explores ways to protect vulnerable users in your company, lessons learned from the Evernote breach, how the FBI is improving enterprise insider theft detection, and more (free registration required).

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
ChrisMurphy
50%
50%
ChrisMurphy,
User Rank: Author
11/25/2013 | 9:34:30 AM
All In On HTML5?
If you go this route, are you betting the farm on HTML5 and browser based apps, and entirely giving up the option for native apps? It seems to me that the big differentiator IT can bring to productivity today isn't around generic apps such as email but around job-specific and company-specific apps, like a sales tool tuned precisely to the needs of a salesperson selling soda to restaurants or shopping mall space to retailers, or to an engineer building a plane. 
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
11/25/2013 | 9:56:40 AM
Get rid of legacy applications, then we'll talk
Seconding Chris' point. This is likely a fine option for some younger and smaller companies, but large enterprises have kludgy legacy applications that require a certain OS/hardware mix to run. Until that changes, no CIO is going to say it's fine for that new data analyst to bring in his Ubuntu system.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Author
11/25/2013 | 11:05:55 AM
Re: Get rid of legacy applications, then we'll talk
No matter how hard IT management tries to control the beast of BYO devices & apps, employees are going to bring them into the organization. So why not just develop policies and strategies that accept that vision of reality. 

Disagree? Take our flash poll. We want to know your thoughts on what is the best policy for managing a bring-your-own-device program? Vote now and tell us why in the comments. 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Author
11/25/2013 | 11:05:55 AM
Re: Get rid of legacy applications, then we'll talk
No matter how hard IT management tries to control the beast of BYO devices & apps, employees are going to bring them into the organization. So why not just develop policies and strategies that accept that vision of reality. 

Disagree? Take our flash poll. We want to know your thoughts on what is the best policy for managing a bring-your-own-device program? Vote now and tell us why in the comments. 
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
11/26/2013 | 8:13:21 AM
Re: Get rid of legacy applications, then we'll talk
I agree that ignoring BYOD or pretending that you can keep it out of your company is short sighted.  I worked for a company that banned cameras inside the building but handed out cell phones with cameras to staff members.  They wouldn't allow USB thumb drives to be inserted into desktops but I could walk in and out of the building carrying a stack of hard drives without questions.  Your polices have to make sense and they have to address the current state of the world not your ideal version.  I wish anyone who is trying to keep smart phones out of their organization the best of luck but I see that as a fight that I don't want to get into.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Author
11/26/2013 | 8:32:45 AM
Re: Get rid of legacy applications, then we'll talk
"..ignoring BYOD or pretending that you can keep it out of your company is short sighted. "

Totally agree.  Better to address the BYO reality with a practical policy. (In other words, don't let perfect get in the way of good). Of maybe hire bouncers to check employees and visitors for unauthorized devices at the door. 
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
11/27/2013 | 7:50:56 AM
Re: Get rid of legacy applications, then we'll talk
We had armed security guards, I'd be shocked if they stopped more than one person per month trying to bring items in.   Chances are if they recognized you then they weren't going to go through your bags.  I walked in and out with a backpack every day without ever being stopped.  Not that it mattered since if I really wanted anything I wouldn't have needed a camera to get it.  Policies are nice but they have to be written with some basis in reality.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Author
11/27/2013 | 7:53:28 AM
Re: Get rid of legacy applications, then we'll talk
Armed security guards? Really? I assume they were hired to look for something more dangerous than unauthorized mobile devices. But still....
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
12/2/2013 | 8:50:21 AM
Re: Get rid of legacy applications, then we'll talk
No, they were just there to keep "unauthorized" people and items from entering the building.  What was really funny is that we had moved from a site where we rented about half of the office space and the building owners handled security with a couple of guys who walked the lobby area and were more or less there to direct people to the appropriate suites inside the building.  When we moved to our own space it become necessary to stop everyone before they got past the lobby and there was one armed guard on duty 24/7 with one unarmed checking people in and watching people badge through a set of turnstiles. 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Author
12/2/2013 | 10:04:52 AM
Re: Get rid of legacy applications, then we'll talk
SaneIT, with all your commentary on your experience with physical device checks at the door, you've got me wondering what your company's "sensible BYOD policies" are. Do they work?  
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
12/3/2013 | 7:43:16 AM
Re: Get rid of legacy applications, then we'll talk
The craziness was a former employer and no their BYOD policies did not work.  They went as far as implementing a system that checked for hardware changes and would lock out devices if you plugged in a phone to your PC's USB port for example but that only lasted so long until two things happened.  First people found ways around the software locks and second higher level employees had their desktops removed from such policies rendering the whole system pointless.  Currently my BYOD policy is very simple but comes with very stern warnings and a no nonsense action plan.  We list preferred hardware and software versions for smart phones and tablets.  We have our own cloud based storage solution that users have access to from their own devices and they are expected to use that service.  When you agree to use your own device you sign a document saying that you understand that the company has the right to wipe your device remotely should we suspect there is data on it that should not be there, if your employment is terminated or if your device is lost.  Yes, I have remotely wiped someone's phone when it was learned that they were saving sensitive documents on it's internal memory rather than leaving it on the cloud storage solution.  It only took doing it once for everyone else to realize that the policy was there for a reason.  BYOD has quite a few benefits but you do have to be careful regarding the level of control that you give up. 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Author
12/3/2013 | 9:54:55 AM
Re: Get rid of legacy applications, then we'll talk
Thanks for that sharing your personal experience developing a BYOD policy -- including the good, the bad and the ugly. I suspect what didn't work (end-runs & exceptions) are fairly typical. I like your simple "no nonsesnse" approach -- beyond stern warning to actually setting an example by wiping a violator's phone. Your policy of offering employees choices from a list of preferred hardware and software devices conforms to the results so far of our BYOD flash poll. 

Anybody else have a BYOD strategy that works? Let's chat about it in the comments.
MikeLeib
50%
50%
MikeLeib,
User Rank: Apprentice
11/25/2013 | 2:36:26 PM
BYOD Success is not Luck
I think you're spot-on George, and in fact many companies are battling this very question today. Can they infact institute employee owned devices, strictly? I think it will happen in the near future, and agree with your sentiment.

I will, however, comment that successful BYOD implementations don't happen by luck. Planning, policies and investment in intelligent infrastructure and knowledgeable IT admins remain crucial components that CIOs and CFOs must consider, jointly. Legacy approaches to connectivity, inclusive of security, need to be thought of differently.

My advice is to think inside-out when planning - think from the users/device perspective out to the cloud/datacenter and not vice-versa. IT can quickly discover the problems they need to solve and the correct path/technologies required to do just that.

 
J_Brandt
50%
50%
J_Brandt,
User Rank: Ninja
11/25/2013 | 4:15:05 PM
Too Trivial
 I think you're trivializing it way too much.  The car analogy simply doesn't work.  A personal car can't be used as the keys to the corporate secrets. 

Perhaps a better analogy for the personal car might be the case or protector for the BYOD – Go ahead knock yourself out and get whatever case/protector you want I don't care.  I will agree with you that we need to rethink the way we implement security.

 

@Chris, Apple killed HTML5.  Google came along and cut its head off and burned it.  Microsoft wants to pile on.  I don't a resurgence in HTML5 coming anytime soon.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
11/25/2013 | 4:33:57 PM
Re: Too Trivial
I'm curious as to why you believe HTML5 is dead. 
J_Brandt
50%
50%
J_Brandt,
User Rank: Ninja
11/25/2013 | 4:36:46 PM
Re: Too Trivial
No one is doing any serious development for HTL5.  It's all Apple iOS and Android apps.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
11/25/2013 | 4:44:50 PM
Re: Too Trivial
A recent survey by Telerik (admittedly an interested party here), suggests that quite a few are developing in HTM5:

"While native approaches were perceived to be the best choice for mobile application development in the enterprise a few years ago, today, 57% of those surveyed believe that HTML5 is either enterprise-ready or will be within 12 months."

While Telerik is probably exaggerating in accordance with its business interests, HTML5 development seems far from dead.

 

 
Adam2IT
50%
50%
Adam2IT,
User Rank: Apprentice
11/26/2013 | 11:31:29 AM
HTML5 & BYOD
HTML5 can be an important tool for managing BYOD issues. For example, Ericom's AccessNow HTML5 RDP client enables remote users to securely connect from iPads, iPhones, Android devices, Chromebooks and more traditional laptops and PCs to any RDP host, including Terminal Server and VDI virtual desktops, and run their applications and desktops in a browser. AccessNow doesn't require any software installation on the end user device – just an HTML5 browser, connection and login credentials. An employee that brings in their own device merely opens their HTML5-compatible browser and connects to the URL given them by the IT admin.

That protects corporate data by keeping it off the device, and also reduces IT support costs, since IT staff don't need to spend time installing software on so many different platforms.

Visit http://www.ericom.com/BYOD_Workplace for more info.

Please note that I work for Ericom
Chuck Brooks
50%
50%
Chuck Brooks,
User Rank: Author
11/26/2013 | 1:17:58 PM
BYOD
BYOD is already happening in both the public and private sector. The best solution is a personal computing device with two processors that can isolate work activities from personal so malware cannot be tranferred.
Alex Kane Rudansky
50%
50%
Alex Kane Rudansky,
User Rank: Author
11/27/2013 | 11:08:37 AM
Security
I've spoken with security experts who dislike BYOD mostly because of human error. They've seen too many doctors lose their unlocked devices, giving anyone who picks up the device access to sensitive information. 
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 20, 2014
CIOs need people who know the ins and outs of cloud software stacks and security, and, most of all, can break through cultural resistance.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.