Professional Documents
Culture Documents
BYOD
BYOD
“BYOD” denotes “Bring Your Own Device”; whereby are just some of the considerations, as outlined by Cesare
employees bring their own home-purchased technology Garlati, Co-Chair of the Cloud Security Alliance Mobile
into work. It’s a phenomenon that’s here to stay. Jessica Working Group:
Keyes, Ph.D. is president of high-tech management
consultancy, New Art Technologies, Inc., and an Honorary Getting everything to work together. When a
Lecturer at the University of Liverpool. She says, “Technical business could dictate its technology, it was always
wizardry is no longer purely the domain of the IT consistent. Homogenous technology is cheaper to
department. Geeks are now everywhere. Many of them buy, maintain and connect. But with everyone
have grown grow up with computers from birth. These connecting different smartphones, laptops, tablets
workers want to make their own technology choices, and even home computers to the company
whether they are on the ‘approved’ list or not, and whether network, it makes managing them – and the many
the company pays for it or not.” different applications they may be running - very
complicated.
This is, surely, a win for your business. Employees pay for
their own equipment, and pay to Controlling security.
maintain it, too. It’s also usually up to “Technical wizardry is no longer purely Whether you have an IT department
current specifications: better than the domain of the IT department. (as large companies do), an IT
you might be able to afford; and likely Geeks are now everywhere. Many of contractor (as midsize companies do)
full of current software and apps, too. them have grown grow up with or you try to juggle technology for
Plus, your team are happier, because yourself (as small businesses do),
computers from birth. These workers
they get to use kit with which they’re BYOD represents a security
want to make their own technology
already comfortable. There’s no need nightmare. You can’t completely
choices, whether the company pays for prevent your employees from
for training or familiarisation; indeed
it or not.” accidentally uploading nasties like
most users of consumer IT won’t
even have bothered to read the viruses or spy-software onto their
manual. It’s a world of turnkey machines; or visiting dodgy websites.
computing. Garlati adds, “Plus, the technology and
applications are both consumer-grade, not
Keyes adds that the comfort factor can directly lead to enterprise grade; and will need third party security
productivity gains: “It has even been suggested that products which previously would have been
employees will work longer hours because they will be able provided by the IT team”. As these devices are
to interact with their systems, using their tools of choice, at mobile, that security regime needs to be delivered
any time of day or night.” over the air, too. A range of new services like
Microsoft’s Windows Intune deliver systems
So, what’s not to love? Well, imagine if you ran a taxi firm,
management from the Cloud, and are evolving to
and any driver could turn up with any old jalopy and start
include mobile device security regimes. It’s not a
ferrying passengers about. This is a good analogy for the
moment too soon: as Keyes notes, “McAfee, the
sort of challenges associated with unregulated BYOD. Here
security company, says that over 4% of world has not radically changed.” The key to successful
smartphones are lost or stolen each year. Each BYOD is a comprehensive policy, plus some good
unsecured stolen or lost phone opens the technology. Says Garlati, “Management of the device needs
organization up to the chance of a breach of to be non-touch, somehow, because either you don’t have
corporate systems and/or data.” an IT team, or if you do, they won’t be able to cope anyway.
So the Mobile Device Management layer is crucial.” Luckily,
Providing support. If you do have a support says Keyes, “traditional asset management has been
contractor or in-house function, the cost of trying improved just for this purpose. MDM functionality typically
to solve problems on users’ home machines (which includes over-the-air distribution of applications, data and
might even be their problem, not yours…) can configuration settings for all types of mobile devices,
easily outweigh all the cost savings derived from company-owned or BYOD.”
having them use their own equipment.
7. Licensing (CG). Home computers usually include 10. Litigation (CG). Finally, if your company should find
home-use licensing of software. If that software is itself mired in litigation, the court can seize devices
then used for commercial purposes, not only is the for ‘e-discovery’; i.e. the hunt for electronic
employee breaching the terms of their license, but evidence; even if it’s a personally owned device.
the company can be accountable as an accessory Your employee probably won’t get it back soon, if
to the license infringement. Microsoft offers at all; and their personal content will likely be
licenses of Office software under Office 365 Small exposed.
Business Premium to resolve precisely this
problem.
BYOD and the Cloud are both buzzword trends right now, and file storage Apps – there are literally thousands on the
but neither is particularly new. The Cloud has been around market. Many are free, and we think they’re safe because
as long as the internet itself, and people have used their they’ve passed the test to be allowed onto a
own devices for a long time too – you may remember manufacturer’s App Store. But the legal position regarding
putting syncing your contacts to a ‘Palm Pilot’! personal or company-confidential data may be
What’s changed is that both technologies are very different indeed.
now prevalent, mass market, connected by wi-fi
rather than cable, and therefore what IT people An unauthorised App could be storing personal
call ‘frictionless’ – i.e. ridiculously easy. data about customers on a system which
doesn’t conform to the Data Protection Act at
Anyone can do it, and that’s why the perceived all. It could be hosted in a wholly unregulated
risk of insecurity with BYOD is greater. IT people country. If, instead, you store your information
aren’t being spoil-sports: BYOD is fabulously in the Microsoft Cloud using Skydrive Pro or in a
powerful, but it can mean that both employers SharePoint Workspace using Office 365, you
and any IT Support they may have completely absolutely know that the data storage is
relinquishing control over the corporate compliant with EU Safe Harbour laws. By setting
network, and that’s an open invitation to up Office 365, it’s the business, rather than the
hackers. non-expert employee, who chooses where file
storage and use happens.
The ideal outcome is therefore to get the benefits of BYOD
– better, faster business from happier employees– whilst In the same vein, sometimes even when a paid App is up to
keeping enough control to minimise the security mistakes scratch, the free version of an App will have no encryption
that untrained people can make. This is where cloud of information when stored or transmitted. Employees
services like Office 365 and Windows Intune are useful. obviously like free Apps, and in any case, we expect to use
With Cloud tools, you can have many of the security free Apps to ‘try out the service’ anyway. Again, by giving
functions and policies of a server without the maintenance employees secure cloud tools of the company’s choosing,
price tag which so many smaller companies found the temptation and risk are very much reduced.
prohibitive (and therefore lived without). With Office 365,
you can block unauthorised or hopelessly insecure devices. Employees (and managers!) are always going to make
You can make sure that mobile devices are password mistakes. Wise Cloud decisions, however, can minimise
protected; essential if they get lost – which they do. It those mistakes by keeping a modicum of control within the
allows business owners and employers to maintain at least company’s four walls; all at manageable and predictable
some control over connected devices. cost and with plenty of productivity benefits, too.