Hello All.
I’d like to discuss with you something that is far away from the big science.
Very close to ground, the new trend in SMB (small medium business) IT devices management - BYOD.
BYOD stands for Bring Your Own Device.
The idea is simple. Employees agree to use their own computers to perform their work.
You might see this idea as nightmare for IT department or opposite, a relief for one.
Nightmare because you have a massive amount of devices that you cannot control. Security is the biggest concern.
Relief from the cost and support point of view. You do not need to buy new laptops for new employees and more – you cannot control the operating system of employees’ personal devices so when something goes wrong they are on their own.
This is of course much more complicated. You cannot afford leaving your employees without Helpdesk support just because they are allowed to use their own computers.
On the other hand the cost side gains new positions – you must implement a whole new set of polices defining how to deal with foreign devices, build separate networks to keep your central systems safe and teach tech support guys how to work with plenty of different versions of different operating systems.
Sounds like an ideal solution?
Please share what is your opinion.
Some additional material:
http://resources.infosecinstitute.com/byod-policy-for-companies/
http://en.wikipedia.org/wiki/Bring_your_own_device
I think it is a good, but not perfect idea.
ReplyDeleteI think that the main disadvantage of this idea is that I do not see the profit in it for the employee.
Of course you can say that it is more convenient for the employee, but I say that is more convenient for employer when you are working on your equipment.
Why? Because it is cheaper for the employer... I personally prefer situation, that the employer provided me the all tools to work...
The second disadvantage of this idea is that blurs the time between private life and work, personally I will never install corporate email on a private device.
It might be the case that the employer could pay same monthly fee to the employee for the fact that the private equipment is used. I that scenario it's still quite interesting for the employer because there is no need to pay in advance to buy new equipment.
DeleteThe disadvantage you mention - BYOD does not have to introduce the policy/culture to mix private/corporate time but it definitely can have such outcome.
I think it may be a good idea but for smaller companies when security isn't main concern. As you highlighted keeping such networks secure is quite a task for administrator and I would even push it further, it's almost impossible. Also in my opinion such solution obviously would only work in modern companies, where employees often work remotely. Very often employees want to leave their work behind at workplace (literally :)) and having their work on personal computer isn't best of ideas.
ReplyDeleteOne additional aspect is that quite often the starting force is the management group of employees willing to have their corporate email installed on their mobile devices.
DeleteUsually its because they want to be well informed 24/7.
Agree that it's rather for the modern companies and those where remote work is possible.
It's a good idea for really small businesses. Company privacy and security issues are here the main problem. If you manage a medium size business focused on for example accountancy or medical business - hard drive encryption and own wifi certificates are standard - you're holding really sensitive user data. What's more, think about your workers taking customers data to home - loosing a laptop during the tram journey can happend or exploits and malware - terrible. BYOD is a good idea, when your company counts you and three other workers, but when you're hiring 40 peoples - no way. Of course, if you are an advertising agency or a market it could be helpful. It always depends on question could I hold my data in cloud? - if yes, and you don't need any advanced software - it'll work.
ReplyDeleteYou are right - security is one of the biggest concerns of the whole idea. There are some solutions that could help. The VDI (Desktop virtualization http://en.wikipedia.org/wiki/Desktop_virtualization) is what I have in mind. Employees could have VDI installed on their devices which could enable IT department to regain the total control over the data.
DeleteFrom that perspective the private device would serve merely as a hardware which is required for VDI to operate.
This comment has been removed by the author.
ReplyDeleteIn many professions creative staff has very peculiar preferences as to the type of equipment they want to use. Even though it may seem as a security hazard, I believe that all it takes is proper education and maybe company-sponsored anti-varius software. I think that many people overlook the risks associated with mobile phones. BYOD or BYOC seems like a good idea with freelance businesses.
ReplyDeleteIf someone asked me, I would just ask: So how important is this employee to your company? Buy him/her the device and software he/she wants, put personal firewalls on it and watch for profits from his/her loyalty and/or creativity.
Thanks for mentioning about BYOC. Starting the thread I had BYOD and BYOC in mind and I’ve merged both into just BYOD term. I agree the risk is huge.
DeleteBYO(C/D) might be suitable for environments where you can control systems access with fine granularity and the where staff is highly geographically spread along with strong staff fluctuation present.
This solution is not good because security policy is the most important! In both small and large companies confidentiality is the most important aspect. Data loss for both small and large companies can lead to bankruptcy and the crisis of the company. If in the future will improve safety then you can implement this system to companies.
ReplyDeleteI would be uncertain to state that the solution is bad. I would agree that the isolated implementation can be assessed bad or good but not the idea itself.
DeleteThe idea of BYOD seems quite interesting and brings a lot to the table. Undeniably it has a lot of advantages: cost reduction, flexibility for employees, etc. Nevertheless, I highly doubt that many companies would put the security of their systems at risk just for reducing the costs of electronic equipment. Nowadays companies (and it does not matter how big they are) need to meet the expectations of their clients and one of the basic and most important expectations is that their personal data be protected from unauthorized view. For many companies a security breach would mean the end of business.
ReplyDeleteOn the other hand, not all companies will encounter such problems/threats, so... if you like gambling and trust deeply in your luck then why not?! Personally I'm not that kind of guy.
Most of the security constrains can only be implemented in the formal agreement between the company and the employer.
DeleteBy nature you can’t control everything. Imagine that the evil employee takes the photo of his highly secured company owned computer’s screen displaying valuable date. Lets’ say he smuggled his mobile even through entrance security.
The only solution you can have is to cover all aspects of sensitive data processing with well thought through written contract that you could use to blame the real one that did the bad thing.
I work in small (< 30 people) company and I met BYOD (without knowing this term previously) in my company so probably my opinion is biased because I know this topic only from one administrative side (I haven’t evaluated costs of introducing BYOD).
ReplyDeleteBefore we started analysis of security problems we had had to face with software license problem – our company’s lawyer had said that our company’s software hadn’t been installed on a private PC’s and since then only four people have started using own equipment for work (one of them used only free technologies).
About security – it wasn’t a big problem because most of people in my company are allowed for administering their computers – so I don’t see a big difference between company’s computer without my administrative control and private computer. But I agree that security may be a problem for companies with well-defined security policies.
I agree with s419 that “I think that the main disadvantage of this idea is that I do not see the profit in it for the employee.”. As Waldek said employer could paid a monthly fee – it already was commonly used a few years ago for using private cars in work. But such money are taxed so employers probably prefer spending them on company’s devices which is simply company’s cost.
At the end I would like to disagree with second Grzegorz’s thesis about flexibility for employers. I don’t see this flexibility because I see problems with sharing BYOD with other family members and so on. Maybe it is not a problem for mobiles, because everybody has his own, but it may occurs for more expensive devices.
Fair point regarding software licence. In situations where a specialised software is needed to do the work BYOD is limited by default.
DeleteI would say that you must always try to keep the balance. Even if BYOD exists well in some environments it can change in near future if some new circumstances appear.
I really dislike working on computers locked-down with security measures. The usability of such devices takes a huge hit and productivity goes down. There's a difference, however, between employees who use computers and are computer specialists and everyone else who may still need a computer to do their job, but have not studied computer science. I wouldn't trust that second group of people to bring and use their own devices, and in their case the productivity may even go down when their computers aren't maintained properly.
ReplyDeleteOn the other hand, from the company's point of view, it is the computer experts that may be more of a concern if they would be allowed to bring their own devices. That's because they are capable (intentionally or not) of doing more damage to the IT infrastructure and data of a company. As such they are a threat and it is a matter of trust between them and the employer. I agree with others who said that smaller companies may be more inclined to make use of this approach.
Indeed the security locked-down computers are so coarse to use.
Deleteas far as this BYOD idea, I think it is a pure nonsens. From the professional point of view of the IT specialist, the potential cost benefits for the employers are far below the potential nighmare of standarizing interfaces, managing the security, potential of data loss, etc. I can see only one possible solution eventually, implementing this idea - the only private Devices alowed in the office environment are terminals to access the Company's network and servers, and only after standarizing the security requirements.
ReplyDeleteHonest and straightforward.
DeleteWell BYOD is a trend which is mostly driven by the private user side and not the corporate one. As many other things that emerge from the crowd needs I would hesitate to name it nonsense in plain text.
Thank you all for your comments.
ReplyDeleteLet me say that I am not the big fan of BYOD.
I see the cons more intense vs. pros with the data security in the first place.
It depends of the company for example in some financial company I think that isn't good idea ad such solution is risk but for example in some kind of software development company it is good idea and that solution can reduce costs.
ReplyDelete