Tag: BYOD security
Posted by Brandon Hill
Good afternoon! Last week, in Questions to Ask About BYOD – Part 1, we discussed whether or not BYOD will save your company money.
Today, we will look at the second aspect of BYOD that needs to be considered, and is closely related to the IT cost benefits: What security challenges and risks will face your IT folks in a BYOD world? The IT and security challenges are complex and many. What happens when someone’s device is lost? What happens when a CEO becomes a victim of corporate espionage (this is not just paranoia, it actually does happen) and her device is stolen by the competition? How much control can the company have over employees’ devices? There’s obviously a myriad of other security questions that need to be addressed for BYOD security but you get the picture, it’s daunting.
Most experts agree that the single most important element in a BYOD environment is having explicit policies surrounding employee devices. In fact, in a recent article by Muneyb Minhazuddin of Australian-based Dynamicbusiness.com it’s as important as having a phone number or a quality Web site.
That being said, policies are only effective if they are adhered to and enforced. Penalties for infractions need to be clear, concise and, most importantly, enforced. Sometimes employees make mistakes; sometimes they are outright stupid. When rules are broken there needs to be a clear solution available to fix any problems the infraction may have caused and people need to be reprimanded accordingly.
Even with strong BYOD policies in place keep in mind that the human element tends to really mess things up. Look long and extremely hard before you enter the BYOD arena.
Posted by Kelly Ungs
If you ever visit one of the public food courts in Singapore, you’ll find that there are as many as 85 different food vendors and outdoor kitchens side-by-side. Most of these have exactly the same menu as the vendor next to them and they will proudly tell you that. When begin your decision process, the vendors move from talking about the food and how good they can make it taste, and move the sale to talking about why their chef is better than the rest, or why their customer service is a differentiator. From where I sit, BYOD and MDM may have started to morph into exactly that.
Now, I’m not trying to belittle or downplay the importance of the BYOD market, but there have been scores of new vendors that have popped up in the last couple of years, and they are starting to sound a bit like these food vendors by sharing the same features and capabilities. One thing we’ve noticed is that there are some myths that need a little debunking. We’re not saying this just to stir the pot, but most companies need to strongly consider if BYOD is really for them.
Is this really going to save me money?
This has been a huge topic, and there have been a number of studies into whether or not BYOD saves money for those who implement it.
Cisco, for instance, stated a 17-22 percent savings, but that’s not the norm. Tom Kaneshige points out that while hardware costs might be lower, and they no longer have to worry about acquisition cycles, there are hidden costs. A lot of the BYOD crowd is basing savings on workers bringing their own mobile devices to work – tablets, phones, etc. so there is a trade-off between acquisition costs and a number of aspects of control.
One place that costs creep back in is in service plans, and allowing workers to purchase their own vs a negotiated corporate agreement. An Aberdeen report indicates that a big corporate wireless plan breaks down to about $60 per person while the average reimbursement for a BYOD smartphone is $70. If you’re a big enterprise, that can add up really quickly. Kaneshige’s article goes on about other hidden costs, and what it surmises is sometimes you are robbing Peter to pay Paul.
We run up against this all the time. Companies will say that they have verbal and written policies in place. We have the firewall, a secure VPN, etc. but when you start to ask questions things begin to fall apart. A recent study asked workers about using their mobile devices remotely, only 29 percent of users have set passwords that would prevent their device from being used by a thief or co-worker.
While a stranger might not be able to get on the network, without a pass code on the phone, someone could surely access contact lists, to do lists, and company email to access and review a lot of data that companies don’t want other people view or have access.
This has been one of the biggest claims amongst those who are leading the BYOD charge. They claim that using a device they “know” will make them work faster and be more productive. They may be more familiar with their device reducing confusion about how the device works, but how much time are they spending playing Angry Birds, keeping up with Words with Friends, posting on Facebook, etc. that isn’t being or can’t be enforced by the company?
There’s no concrete evidence that this is going on, but if my friend, who is using his phone for work, is a test case, then I would suggest it’s more than his employer would like.
BYOD isn’t inherently bad or good. Whether it really works for you depends on how you do business, secure your enterprise, and manage your costs, employees, and infrastructure. I thought it might be useful to at least start talking about a few of the widely cited myths and panacea expectations that we encounter as we talk to potential enterprises considering allowing employees to use their personal devices and computers as part of enterprise working assets. BYOD can be useful and may make sense for you – clearly define your requirements, policies, and expectations moving forward. Make sure you understand how your workforce uses technology and the trade offs of personal freedom on productivity. With that said, you also need to know there are some rough, potentially sharp and harmful edges associated with employing BYOD. I didn’t even mention the potential headaches that accompanies managing BYOD, depending on whatever your definition of managing it might be. Bottom line, can you really control what you don’t own, or should that even be a realistic expectation?
Posted by Brandon Hill
The post below comes from Ashley Furness of Software Advice, discussing her recent research on “Strategies to Secure Your Enterprise in the New World of BYOD.” Hope you enjoy it!
“Hello everyone! My name is Ashley Furness and I am a marketing analyst for research firm Software Advice. I cover emerging trends in CRM, sales, marketing and help desk solutions, such as Wavelink’s Avalanche and Avalanche Remote Control. I’d like to share some research I recently completed on tips for your help desk to combat BYOD-created risks. While this list should not be considered all-encompassing, it should serve as a good starting point.
Bring Your Own Device (BYOD) policies–or allowing employees to use personal laptops, tablets and smartphones for work-related tasks–benefits employers and users in compelling ways. Workers get to use the device they are most comfortable with, and employers reap increased productivity benefits.
But sensitive corporate data is very likely vulnerable to theft on employee-owned mobile devices.