Category: Tech

Anything and everything I write that has something to do with tech. Maybe it’s a post about the time I blew up that server in 2003 because I didn’t know what bridged networking really meant. Sorry Roger!

Google's definition for impractical

BYOD makes your organization less secure because it is impractical

 

Google's definition for impractical
definition from www.Google.com

BYOD which stands for Bring Your Own Device is a common topic lately amongst the IT Crowd.  It’s one particular method for dealing with the escalating interest of employees wanting to do more work from tablets or smartphones.  The strategy is as straight forward as it gets, let the employees bring whatever device they choose to work on, and the IT department will decide what and how the employee can or can’t do that work.  While great on paper, the practical reality of a BYOD strategy is what makes it so ineffective.

If you’re still reading this, I’m going to assume you have an interest in IT, and particular the future of mobile technology in the workplace.  It’s likely you have  read articles, watched Gartner webcasts, and possibly even participated to some extent in a BYOD scenario.  It’s also very possible you are reading the above and thought to yourself “Whoa! What the heck are you talking about, BYOD is a bad idea?”

BYOD on paper is a great idea, but it’s impractical to think it will simultaneously meet all of an IT departments security needs and the productivity desires of employees.  The technology used for BYOD, known as a “secure container” is a special app or space on a device where all the company apps are stored in.  The container is easily thought of as a locked box inside your device, where the IT department squirrels away the company data.  Unfortunately the container really isn’t where most of your employees are going to do their work.

The concept of BYOD is impractical because it derives from the belief that staff members will only do their work in the way that an IT department believes staff should do their work.  BYOD revolves around how an organization can predict or worse dictate how their staff will utilize a mobile device to accomplish their work.  A BYOD strategy is incapable of acknowledging all the faster, easier, and sexier ways employees can and will get this work done outside the container.  Because of this impractical expectation, BYOD programs are less secure than the IT staff behind them intend.

BYOD exists as a reaction from the world of IT Security and other IT groups over their ever burgeoning workload. They have allowed themselves to be distracted by the belief that work functions will be safe and secure if it is only accessed through this container. This is impractical and counter-productive on a device that is designed to allow people freedom to work however they want.

LOLCAT being distracted by something shiny - http://s9.photobucket.com/user/Pritchard71/profile/
Distracted by Shiny Device – image from Pritchard71

It’s impractical to believe this container is going to provide all the technology necessary for employees to fully realize the capabilities mobility can bring them.  The container doesn’t matter when your business counts on enabling the versatility of your employees. When an employee is at an important event, they don’t have time to enter the container every time they need to take a note or a picture.  They will use whatever app they are used to, and they will “copy that to the container later.”  The container has not prevented data leakage.

When was the last time you emailed something to your work address from your personal address?  It’s a very easy thing to do.  It doesn’t matter if staff sign an agreement, once the data is outside the container, it is outside the control of IT.  The harder it is for someone to use their mobile device to perform work functions, the more encouraged they may be to find a way around your controls. Is it easier to work on your full-featured document editing app that came with the tablet, or the restricted editor in the container?  People send documents through Dropbox or their Google Drive all the time because it is easier and often faster than using the mechanisms provided by their company.  It really doesn’t matter how great your written policy is, people will work how they want to work.  Shadow IT is a term today because IT departments are spending too much time restricting the tools people want to use to be more productive.

Because BYOD is impractical and drives your staff further away from playing by the rules, the alternative of company-provided equipment is the only way to securely enable mobility for your people. If you are asking your staff to work on a device, give them a secure device that does its best to stay out of the way of the person using it.  To provide a secure device that provides as much capability as possible is a difficult recipe to get correct, and any IT department is going to approach these devices in a new, but similar fashion to traditional endpoints like desktops and laptops.

The alternative to BYOD, that of corporate-owned devices is a follow-on topic to this. Look for that shortly!

 

Corporate Owned Personally-Enabled (COPE)

While the Company Owned Personally-Enabled (COPE) route is a bit different from roads you have traveled before, IT departments experience with managing endpoints, balancing user needs and security isn’t an unfamiliar landscape. The elements of a COPE strategy are very similar to IT strategies build on over the last two decades: Company provided equipment (desktops, laptops) Centrally managed technology (Active Directory, LDAP, A/V, SCCM, etc.) Application allowlisting (you don’t allow people to install whatever application they want, do you?) Totally controlled and secure endpoint (as much as time and technology allow) The conversation surrounding BYOD vs. COPE continues because of the relative immaturity of devices designed for a mobile workforce compared to the twenty years of continuous improvements for desktops in an enterprise. (Let’s exclude RIM and the Blackberry, a mature enterprise device, which has just lost its appeal.) The current set of popular devices, Androids, iOS, and Windows Phones lack consistent APIs that business tools can take advantage of. This is only compounded by companies confronting a move to cloud services, and which flavor of cloud to chose from. If a company is going to provide a device, or choice of devices (CYOD) these devices have to be centrally managed. The company will installed management apps and change the settings to what best suits them. Mobility is an Insider threat.

 

http://searchconsumerization.techtarget.com/feature/BYOD-vs-COPE-Why-corporate-device-ownership-could-make-a-comeback

Obama stands up for Net Neutrality!

I know the fight for Net Neutrality isn’t over, and I understand that the FCC has been given the ultimate decision on whether to reclassify ISPs as utility providers.  It’s a long road ahead, but it feels like it was a longer road behind us to get to a place where the most powerful man in the world, the president of the United States understands and supports the importance of protecting the Internet.

This makes me happy.