BYOD in the Workplace

“Look what I got for Christmas!”

Although the holidays are long gone, those six words are still affecting IT managers months into the new year.  Then come the next eight words “When can you connect it to our network?” - turning the awe factor into a network nightmare. The excitement surrounding the latest cool gadget quickly dissolves into concerns of security, compliance, control, support, and “will this thing even work?”

The long awaited (and dreaded) day of Bring Your Own Device (BYOD) is upon us and it is here to stay.  The concept is not new even if the practice is in its infancy. The recent explosion in smart phones, pads, and tablet computers has thrust these issues to the forefront of all organizations. In fact, by 2014 Gartner predicts, “90 percent of all organizations will support corporate applications on personal devices.”  Not so long ago, IT was able to dictate systems and software used in business in an effort to set standards for security, compliance, control, and support which helped to control cost.  BYOD is a game changer for this model.

The New Model

A current trend driving BYOD is organizations giving their employees a budget to purchase their own device. This places the responsibility on the IT Team to ensure it will work with the company systems.  IT can either fight BYOD or embrace it.  Even if IT chooses to rebel against BYOD, end users have multiple cloud options for storage and collaboration and may choose to circumvent policies, opening up the company to unknown risk. If IT chooses to embrace BYOD, they will see that their end users fall right inline and essentially cooperate when they see that their needs being met.  As time progresses, BYOD will become commonplace - the question remains, will your IT department be proactive or reactive? 

If your organization is thinking about implementing or transitioning to a BYOD program, here are some points to think about when developing a BYOD strategy.

Implement Network Access Control (NAC) Having NAC technology in place implements a certain set of protocols to address endpoints (computers, tablets, mobile devices) before they can access the network.  In a nutshell, NAC will not allow any endpoint to access the network unless it complies with the predefined policy. Typical NAC policies include anti-virus protection level, system update level, employee credentials and configuration. For example, if you were an accountant trying to access client files from your company database, NAC would evaluate your current anti-virus level and employee credentials before allowing you to access the shared company database. The value NAC brings is allowing more control over endpoints that may lack updated anti-virus, patches and other host intrusion software that could place more vulnerability on the network.

 Develop and Communicate Security Standards Clearly define and communicate the security requirements for individual devices, pre-approved configuration policies, and most importantly the steps employees need to take in order to properly connect their device to the network. This will help the IT Team keep track of the devices and let employees know what is and is not acceptable.

Examples of Security Standards:

• Users may not store company data through cloud services on personal devices (i.e. Drop box, iCloud, etc).
• Personal devices must have a screen lock password and must time out or go inactive after not being used for 15 minutes.
• Company may remotely wipe the personal device if the device is lost, stolen or if the employee departs the company (voluntarily or involuntarily).

Responsibility Think of BYOD as a partnership between the company and the employee with both parties have different end goals and responsibilities. Dave Merrill, IBM Endpoint Security Strategist points out “while technologies can play the enforcement role by ensuring that all enterprise data is protected per security requirements, a successful BYOD program requires that employees acknowledge and embrace the need for controls that are now enforced on their devices.” Although this part is not easy, employee buy-in is vital when implementing a BYOD program.

Read more from Dave on BYOD via his post Things that matter: BYOD and the Enterprise on the IBM Institute for Advanced Security blog.

 

 It’s time for you weigh in: To BYOD? Or not to BYOD?

A Non-technical Perspective on the Cloud

My introduction to the information technology world came 2 short years ago. When you consider that I came from a non-technical background, I can be considered an infant in technical years. Right at the time I was on-boarding at BCI is when cloud technology was really beginning to build momentum; huge players like Cisco, Citrix and VMWare were beginning to rev their cloud engines.

Over the past year, especially the past 6 months, BCI has been all about the cloud.  Since my post is in the Marketing department, our focus has been getting our customers into our cloud, building cloud knowledge within our employee and customer base, and learning about partner cloud offerings.

After being immersed in cloud creation, cloud marketing, and putting on Cloud-inspiried events - I began to ponder...What does the cloud mean to me and all of the millions of other non-technical people that help power the IT industry?

IT As a Service

To me, the cloud simply allows IT to be provided as a service. The cloud unlocks the power of IT and allows for many more businesses to take advantage of cutting-edge technology. For example, today's small business can invest zero in capital, pay one monthly fee, and get all of their applications, storage, security, telephone, and backup needs delivered to them over any internet enabled device, minus the IT staff, maintenance, and upgrades.

No matter how many times I hear this example I still get as excited as I did when the first the proverbial light bulb went off. Now, superior competitive-edge enabling technology is not just for enterprise level business with huge IT budgets. As we continue to move towards the "IT as a commodity" mindset, more businesses will be able to leverage the power of IT to accelerate their profits.

IT Resources on Demand

On the flip side, how will the cloud affect businesses with huge IT budgets and the staff to support their environment?

This question is a challenge to the businesses that believe their equipment must be located on premises for them to maintain control.

I'd argue that no matter how unique one's business requirements or needs are, the cloud fits, its not one size fits all, it's what you need when you need it.

For enterprise-level businesses, the cloud brings a level of flexibility and scalability that has never before been available. A business that experiences 2 peak seasons per year no longer has to invest in equipment that will be under utilized during non-peak times. With the cloud, you can supplement your current IT environment to cover business activity influxes, while keeping the "surprise" out of your IT costs. For example, the cloud unlocks servers, bandwidth, and storage space-allowing resources to scale up or down - as needed and on demand.

It's 2 years later and I'm making my way into the toddler technical knowledge phase....being part of BCI's marketing team has been amazing, but getting to watch how the cloud is helping revolutionize how businesses are taking advantage of IT is alarmingly exciting.