BYOD and IT: The Tail Wagging the Dog?
Dec 9, 2011 5:00 AM PT
There was perhaps no hotter topic in 2011 than the consumerization of IT, and for good reason. The rise of personal technology -- smartphones, tablets, storage devices and cloud services -- has forced the hand of IT departments across every industry sector, from SMB to enterprise.
While the impact of this diversified technology environment on network and information security has been discussed at length over the last 12 months, the conversation has gradually begun to shift from how to tackle the problem to how to harness the potential benefits of this sea change. It seems that techies have finally taken a hint from their Trekkie cousins and accepted that resistance is futile.
As growing numbers of CIOs begin to accept that the battle against employee-liable technology in the workplace has been lost, the strategy for winning the information and network security war has evolved from attack to integration.
Google CIO Ben Fried, for example, published an article in early October touting the long-term benefits of consumer technology in the workplace.
CIOs need to stop looking at employee-owned devices as a burden and focus instead on the positives, he suggested. It's "one less [smartphone] you have to buy and one less carrier contract you have to maintain. It is one problem off your organization's back."
The IT-ization of Employees
There are less immediately tangible benefits to allowing the BYOD (bring your own device) rule. Employees who are permitted to use a single device for all work and personal needs will have a better knowledge of the technology, making them more efficient and less reliant on IT's support. They're also more likely to afford special care to devices they own, in turn helping to ensure that data stored on them remains safe.
The flipside of IT's growing acceptance of the BYOD culture is that the onus for procuring, maintaining and troubleshooting technology is now shifting to consumers. Individuals now expect the anywhere, anytime access that comes with a smartphone, cloud storage, etc. -- and their employers are starting to expect them not only to have it, but also to maintain it.
While consumer adoption of mobile and cloud technology has been relatively smooth sailing so far, recent news around the burgeoning number of Android malware apps, as well as Dropbox's major security breach, should be viewed as harbingers of the end of the consumer technology honeymoon period.
2011 may have been all about the consumerization of IT, but 2012 will be all about the IT-ization of employees. As technologies that were once the exclusive purviews of the enterprise enter the personal technology space, adopters of these technologies need to be proactive about thoroughly vetting the hardware, software and service providers they select, and understanding how to navigate the challenges that come with them.
Ready or not, employees will be expected to become self-sufficient in their use of technology. Creating a successful personal technology procurement and management strategy will be especially critical in the mobile and cloud spaces, where innovation is hottest, adoption is most widespread, and the security threats are proliferating as rapidly as the consumer options.
Following are strategies to assist consumers in evaluating, selecting, and implementing mobile and cloud technologies.
The New Mobile Reality
Losing a mobile device (or having one stolen), used to be little more than an inconvenience. Lost phone numbers and the expense of replacement were the biggest concerns consumers had to grapple with. As consumers have adopted increasingly advanced mobile technology, however, the concerns of businesses have become personal.
These devices now store large quantities of data, and networking capabilities open the devices and the content residing on them to ever-evolving threats. Recent news about malware apps on Android and the growing availability of remote data extraction devices underscores the need to protect your digital content, no matter where, or on what device, you access it.
Mobile users need to focus on multiple levels of security -- not just on the device level, but on the application and content levels as well. A good place to start is with a mobile security program -- similar to antivirus software for a PC -- that protects the device itself, alerting its owner to malicious applications. Users should likewise look for apps that protect data with an automatic sign-out feature. Apps that keep you signed in even upon exit are storing your passwords and leaving access to your digital content open. Apps with an automatic log-out feature ensure that your content is protected -- no matter where, or in whose hands, your phone resides.
Finally, consider how best to protect your content. Downloading and syncing content to a mobile device means that the data resides on the device permanently unless the user proactively removes it after use. Consider password protecting data or using a service that allows you to access content remotely without creating a copy on the device.
All Cloudy on the Home Front
The personal cloud has exploded over the past year as consumers have increasingly demanded enterprise-class access solutions, with Apple's iCloud leading the charge. Although the "enterprise" cloud and the "personal" cloud have remained relatively separate thus far, consumers are increasingly viewing personal cloud solutions as ideal tools to integrate their work and personal data into one convenient storage and access repository. Work documents to which employees need home access go into the same cloud solution as family photographs and grocery lists.
While each solution has its drawbacks and benefits, depending on the unique requirements of the user, there are several factors that all users should consider when selecting a cloud offering. First and foremost, the solution should be secure enough to protect the most sensitive data placed in the cloud repository.
Protecting pictures of Grandma's 80th birthday celebration might not be a chief concern, but ensuring the safety of enterprise data, or even personal data like tax or financial information, is crucial. Look for solutions that encrypt data not only where it is stored, but as it is transmitted from the cloud to the user's device.
Cloud access features should also be a consideration. Solutions that allow access across multiple mobile device platforms and computer operating systems are critical when operating in a multidevice, multiplatform environment. Furthermore, consumers should consider how the data is accessed from the cloud provider -- syncing, streaming and downloading all have their advantages and drawbacks.
Mobile empowerment of the workforce is a new reality IT must learn to embrace. Developing corporate-wide mobile usage policies is a good first step. Next comes implementing the tools to enforce them.
Providing clear lines of delineation between employee and employer responsibilities is a must on everything from supporting the devices to reimbursement of data service plans. By addressing these issues now, IT can regain control of the proverbial dog, rather than having employees drive the transformation and become the tail that wags it.