If your company plans to avoid the bring your own device phenomenon by ignoring it and hoping it goes away, good luck with that. You can't ignore it, and it's not going away.
Consider this: Seventy percent of IT workers bring their own tablets to work without IT's permission, according to Forrester Research, which released a report last week based on a survey this year of around 5,000 IT workers and 576 "mobile decision makers" in the US and Europe. When you add in smartphones, it's a safe guess that almost every employee out there has access to an unapproved mobile device at work, except those at the most security-conscious facilities.
Some firms may be tempted to issue a proclamation prohibiting personal mobile devices at work and citing "security reasons." But employees need to carry their phones with them. What if their kid gets hurt at school? And now that they've got that smartphone in their pocket, why not quickly Google a fact? Or play a round of Words With Friends while on hold? Or get directions for the drive to the client site? From there, it's a short hop to checking email, downloading documents to read later, and using the tablet for sales presentations. It's too convenient, too useful, and impossible to stop.
But there are some steps companies can take to minimize risks.
Create and distribute a mobile device use policy. Include reminders to use a password on the device, to make sure everything on it is encrypted, and to make sure there's a way to wipe data off the device remotely if it is lost. Also, remind employees about the importance of protecting sensitive data: Social Security numbers, medical records, credit card numbers, and, of course, passwords. Files containing this information shouldn't be stored on mobile devices, including laptops, unless they are securely encrypted. Finally, make sure employees use anti-virus protection when available on their mobile devices. The policy should incorporated into employee training, and all staffers should be asked to read and sign it.
Conduct a data assessment. Find out where data is and who has access to it, especially critical stuff such as proprietary information, customer data, medical data, and payments data. You can't guarantee 100 percent security for every bit of information your company ever gathered, but you can improve the locks on most sensitive stuff.
Give employees work-safe alternatives. If they need to have work files on their tablets, iPhones, or laptops, there are plenty of secure options -- for example, a company file server with password-protected access or a third-party, cloud-based file storage service like Box.net. Employees can avoid the hassle of figuring out how to transfer files. (Email attachments? USB sticks? Consumer-oriented file-sharing sites?) IT can track who accessed what file when and avoid the problem of multiple people working on different versions of the same file. Similarly, an encrypted Web-based email system lets employees check their inbox from any browser, removing the temptation to forward email to personal accounts. And this doesn't have to cost a lot. Google Apps for Business, which doesn't cost anything at the basic level, comes with SSL encryption for Web-based email, calendars, and shared documents. If you're using Microsoft Exchange, the Outlook Web App comes included and offers SSL encryption.
Consider replacing insecure systems with secure Web-based alternatives. Your company is probably already somewhere on the road to replacing legacy software with Web-based apps. Many companies have already switched from their expensive customer relationship management systems to secure online platforms like Salesforce.com, which are accessible via a Web browser and optimized for smartphones and tablets.
When all else fails, use virtual workstations. If it's critical for mobile employees to access data stored in legacy systems, consider virtual desktops. They can be hosted on company servers or on third-party services like Desktone. With a virtual desktop, users can access any or all of their regular workplace applications and files via a secure encrypted channel, without storing any files on the mobile device itself. An alternative to a full hosted desktop is a hosted application, which can be more cost efficient if there is just one application employees need to access remotely.
The users will only depend on their personal devices for work if the firm allows them to work with them in the first place. The level of support is often defined for a handful of devices and the users are expected to comply with them.
Information is relatively valuable. If your business is defense or finance, it might trump all other concerns. But an organization dealing with relatively public information might place much greater value in increasing productivity than protecting files.
When it comes to BYOD, security is the top priority. Everything else (including ease of use or convenience, perhaps) comes second. Information is valuable. It has always been valuable and it's definitely worth protecting.
I agree with all the tips Maria provided, especially with the first one. If you're going for BYOD, make sure you're properly equipped and prepared for it. Come up with a good policy that covers whatever needs to be covered. For this, the higher-ups and users should definitely work with IT so that the policy that will eventually be applied works for everyone.
Does this already happen when employees check their company email from home computers?
Now *those* have high security risks -- teenage kids downloading music, games, dirty pictures from creepy sites pick up all kinds of infections as well, and many have file sharing turned on, deliberately exposing their computers to peer-to-peer networks.
I've seen projections going both ways -- IT support costs going up and going down as a result of BYOD deployments.
It seems that it depends on what your corporate BYOD policy is.
For example, if your policy is that you allow your employees to access company email and a document server remotely, and everything else is up to them -- and the email server and document server are already in place to support laptop users -- then additional support costs will be minimal. All employees need will be a user name and password, and they'll be on their own for maintenance, etc... And, in fact, if you're switching away from company-supported Blackberry devices, then the support costs will actually drop.
But if your policy is that the company will pay for the devices, and install apps and management software and security, then support costs might go up, especially if you didn't have any supported phones or tablets before.
Maria - Yes, people should be allowed to bring their personal devices to work and use them for personal business. But should they also be allowed to connect with the enterprise network, unless they have good reason to do so?
Mitch, you're not talking about enterprise WiFi here are you? Is that a key concern?
@Maria this is a very important issue.On September 12, Symantec released its August Symantec Intelligence Report, which looked at how January through August 2012 compared to the last eight months of 2011 with respect to data breaches One of the concerns the report reveals is that employee use of personal mobile devices for access to their company's intranets, which they identidfied as amjor threat to organization's data.
Mitch - allowing personal devices to connect to the enterprise network is a call for disaster unless you a have a strategy and provide them secure access to the network. Probably, limiting access would also work in some cases.
If your corporate network allows folks to connect their own devices, there's a security issue right there.
The devices I'm thinking of connect to the public Internet, or to public Wifi networks, and then log into corporate systems via Web access -- say, the way folks check their company email at airport kiosks.
If your company already has that set up, then the difference in security between, say, an employee connecting via a laptop or a public kiosk and connecting via smartphone or tablet, is not that significant.
Meanwhile, with support, with consumer-owned devices, many folks aren't going to expect IT support at all. For example, if my iPhone breaks, I just get another one, and if there's some kind of fixable problem, I contact the folks I bought it from.
Where support could be an issue is if there are custom-made corporate apps, if the company pays for the devices, or if companies roll out mobile device management solutions to create isolated, secure virtual corporate workspaces on employee devices. But my guess is that companies would have solid business reasons for doing that that makes the extra support worth it.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
In the fall of 2011, around 160,000 students in 190 countries enrolled in a Stanford-sponsored online course about artificial intelligence. About 23,000 completed the course and got certificates, including 248 who got a perfect score. The university offered the same course the old-fashioned way to students sitting in Stanford classrooms. None of the those students got a perfect score.
I don't wear a watch. I haven't worn one years. If I'm carrying a phone -- any phone -- I always know what time it is and don't have to worry about time zones or daylight savings time. And I don't want to have an iPod or an iPhone that I can wear on my wrist. Again: Why? If I want to sport one while jogging, there are plenty of bands you can already buy that do that.
Organizations are expending enormous resources to improve their internal productivity by implementing cloud, adding collaborative applications, and investing in analytics solutions. Individually, we can improve our own productivity, even during sometimes lengthy meetings, by using free note-taking apps like Evernote or Microsoft OneNote.
Companies are still getting their feet wet with social networking and what employees should and shouldn't broadcast. But they don't always involve HR and PR. Here's why they should, and what they risk when they don't.
M2M is a hot acronym, but maybe it should stand for "Mine-to-Mine" because our appliances exist in a zone of personal information. Managing cooperation of the devices within this zone will allow us to create value and understand and mitigate the security risks they pose.
Law enforcement agencies are poised to use iPhones as facial recognition systems in the coming months. The technical advance promises efficiency but has created a backlash among civil liberties proponents.
Big-data and analytics tools enable marketers to understand customers as individuals, identifying unmet needs and addressing each customer as a "segment of one," says John Kennedy, VP corporate marketing, IBM.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?