Slashdot Mirror
Businesses Now Driving "Bring Your Own Device" Trend
snydeq writes "Companies are no longer waiting for users to bring in their own smartphones and tablets into business environments, they're encouraging it, InfoWorld reports. 'Two of the most highly regulated industries — financial services and health care (including life sciences) — are most likely to support BYOD. So are professional services and consulting, which are "well" regulated. ... The reason is devilishly simple, Herrema says: These businesses are very much based on using information, both as the service itself and to facilitate the delivery of their products and services. Mobile devices make it easier to work with information during more hours and at more locations. That means employees are more productive, which helps the company's bottom line.' Even those companies who haven't yet embraced bring your own device policies yet already have one in place, but don't know it, according to recent surveys."
Adds some information-security problems, but reduces a huge IT problem with procuring/managing/repairing the devices.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Unless the employer provides ongoing cash payments to compensate the employee for use of thier device, this is a way of offloading IT cost onto the shoulders of employees. Add to that the fact that here in Canada, an employee of a company is not allowed to treat the cost fo a computer as a business expense (for tax purpoes), and the reduction in salary experienced by the employee is even greater than the benefit received by the employer.
FTFY.
Really, why buy equipment for your employees when you can just make them buy it on their own?
Palm trees and 8
Today, report that businesses are encouraging users to bring their own devices.
Posted yesterday, how to get around businesses preventing bringing your own device: http://it.slashdot.org/story/11/12/18/2154224/how-to-thwart-the-high-priests-in-it
Am I imaginging things, or is somebody there trying to drive some agenda? (No, I didn't read either FA - I refuse to visit their website.)
with users bringing their own devices and loading sensitive data on them , customer data is lost in so many directions, its hard to point out the who actually "lost" the data in the first place.
Productivity = profit, and profit is more important than looking after customer data.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Anything required for work, the employer pays for, or I simply wont buy it. Not my business, not my problem.
The article discusses health care as the main industry that's important to have 24hr information connection, and by utilizing mobile devices that information and connectivity can be available 24/7. This is then generalized, saying because it works there all companies should utilize this opportunity to get a high ROI on employee efficiency. While we've all seen these posts before, what other industries require 24 hr access from all employees? I know managers and the like in most all businesses often are required to be on-call, but this seems to be addressing the lesser employees, as in the manager contacts his/her subordinate, making the subordinate more or less be on-call. Does anyone have such circumstances (besides power plants/industry and manufacturing)? Is it often outlined in your contracts?
You bring it yourself. Yeah. Brought in my own software so I could get things done. It's not just smartphones, people.
A feeling of having made the same mistake before: Deja Foobar
What's with the Infoworld spam about this subject?
Today, report that businesses are encouraging users to bring their own devices.
Posted yesterday, how to get around businesses preventing bringing your own device: http://it.slashdot.org/story/11/12/18/2154224/how-to-thwart-the-high-priests-in-it
Am I imaginging things, or is somebody there trying to drive some agenda? (No, I didn't read either FA - I refuse to visit their website.)
Two kinds of shops - a) those who want absolute control over all IT objects and b) those where results are valued more highly. Where I work there's discouragement from bringing your own devices or software to the party, but often that's the only way you get it done - and done timely.
I needed to have a web app up and running last spring - if I waited It would have been this Fall. I used what open source tools I could to get up and running - nothing beautiful, but highly effective. All done against the grain of things .. so guess what, it caught the attention of leadership and I was lauded for such a great advancement in service.
It could drive one to madness.
A feeling of having made the same mistake before: Deja Foobar
Slashdot just posted this other Galen Gruman story based on how to get your user devices into your business behind IT's backs: http://it.slashdot.org/story/11/12/18/2154224/how-to-thwart-the-high-priests-in-it
Now another story about user devices getting into business behind IT's backs, also by Galen Gruman.
Enough already!
I8-D
Anyone else getting a 'Verify Certificate' warning on the infoworld.com (2nd link) URL?
Safari can't verify the idendity of the website 'www.inforworld.com'.
The certificate for this website was signed by an unknown certifying authority....
I scanned TFA, and it looks like I will disagree with 70-90% of the assertions therein. I can't call them 'facts', because they aren't.
No mention of the security issues surrounding BYOD. For industries that reject bringing your own notebook to work, the assertion that financial services firms are embracing BYOD borders on the ludicrous, with a healthy dose of fantasy. Here at least, in a Fortune 50 financial services company, BYOD isn't even up for discussion. The security issues for Personally Identifiable Information alone rule out permitting any significant use of data on a device that is unsecured. And YOD is presumed to be unsecured, since it cannot be confirmed or assured by the people in data security that are responsible for preventing data loss. That's not 'minimizing' the loss, but preventing it. Nice try, Infoworld, but you're not fooling me into thinking I can load up my Android or iOS phone with corporate data. Not here anyways.
They then launch into how 'app-savvy' hardware is so great. Help me here - is 'app-savvy' another way of saying 'high-performance'? I thought so. Feh.
Good Devices may supply mobile device management systems to their customers, but I can name you a 50,000 seat company that may or may not use it, but if they do it's for captive devices - Blackberrys - that are never going to be BYOD. Quoting such a study is regurgitating their self-serving (and I expect nothing less, they are out for a propfit after all) hype and fantasy that with their services, BYOD is perfectly secure. Again, where I work, promises are not enough. Security is based on assurance. Little of it is provided by third parties. I can't even share data with co-workers in many/most cases. The concept of letting employees run mission-critical (data is mission-critical to a financial services company) or senstitive data apps would not be laughable here. It would be dismissed out of hand.
More to the point, however, the idea that somehow the device changes the nature of your work is both spot on and wide of the mark. If you're primarily displaying data, a table is par excellence. as soon as you need to enter data, it's a losing proposition. Depending on your role, tablets and smartphones offer some advantages.
My brother has been delivering real-time production data to his workforce worldwide (wherever there is a signal, WiFi, CDMA, GSM, or satellite) since Palm first made a phone. He's added native support for every OS as of last year. He sees the craze, and his boss asks him sometimes about how this 'Android thing' would work for them. And he responds that it has been working 'for a while now'.
And no, they do not do BYOD. They supply whatever is required for whatever geographic region the rep is in. But they could suport BYOD, since he supports some customers directly with the same apps, where they are BYOD only because it isn't 'his' device. And he sees the security issues. SSL is so flawed he considers it useless, but there is nothing else right now except for VPN tunnels. That's where he's at, and some Java sandboxing that he thinks is ensuring data is gone when the session is gone. But he knows that rooting devices will some day thwart that.
And since I can root most Android devices without a lot of effort, that alone makes BYOD for work just impossible.
Lastly, I read up on the link from IW that Android is making inroads into business environments that the IT staff are unaware of. Well, actually, I can't use any of my personal mail at work any more unless it's on my Android phone. I don't consider that a BYOD instance, since if I connected to the corporate WiFi, I wouldn't be able to use personal email on it then either. I can. theoretically, dump data to the phone via USB or a uSD card, but that would be logged and scanned, and PII would be captured and alarms sounded. Yes, my work notebook can be prevented from downloading data to a removable device, any sort of device. It can also check if the device is encrypted, which they all must be.
Hype. Misstatement. Fantasy. But it may sell more stuff, and that would be the point of TFA.
deleting the extra space after periods so i can stay relevant, yeah.
First off, those articles are very badly written. And they seem to be linked to InfoWorld's recent run of articles about how IT is PREVENTING such "adoption". Strange.
Secondly, he's quoting a guy from a firm that sells products to manage phones. He is NOT quoting ANYONE from ANY company in the health care industry.
What?
It is DECEMBER 2011. That's some fast action by "most companies" in a few months.
There's a HUGE difference between allowing such devices on the UNSECURED WIRELESS NETWORK and connecting them to the servers that hold private data.
He doesn't seem to be covering that difference.
And he doesn't have any quotes from companies that are doing what he claims.
This is twice the submitter is from the site that has the story, worse its nearly identical if not the same one (ain't going to read this slashvertisement) where they were went off on IT departments enforcing standards.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
At my workplace if you need a mobile device with email, IT will supply you with a blackberry. If you want something else, then they will pay you half of your subsidized device cost (i.e. if you need to pay $200 for a new phone, the company will pay you $100), and will pay the monthly fee they would have paid for the Blackberry (I think it's around $55, so it won't cover the entire plan, but should more than cover work usage). You own the phone and the plan, if you leave the company, you get to keep the phone, but you're still on the hook for the plan. LIkewise, if you drop it in a lake, you're on the hook to replace it.
IT will help you set up the phone for Wifi and Exchange email. Your phone has to allow remote wipe through Exchange to qualify.
It seems like a cheesy way to get employees to help shoulder some of the phone expenses, but also lets employees have pretty much any phone they want, so I see it as a net win for me. And most people don't *need* an Android/iPhone for work - a Blackberry could take care of all of their true work-related needs. Another nice advantage is that the company doesn't get my phone bills, so they can't see who I'm calling (like a job recruiter). And, I don't need to worry about losing purchased apps on a phone that's owned by my company if they take the phone back - it's my phone and my apps.
Not a perfect solution, I'd rather that they just gave me an Android for free, but with dozens of choices out there, the IT qualified device is probably not going to be the one I want anyway.
He's writing about how "most companies" are allowing users to bring in their own equipment ... while writing about how IT "priests" are preventing users from bringing in their own equipment.
But he isn't doing interviews with companies that are allowing users to connect to private. company data (the kind that would cause problems if leaked) via the users' own devices. Particularly companies covered by specific regulations such as health care.
Wouldn't at least one interview with the IT VP of a major hospital be appropriate by now? If nothing else, just to provide support for his claims.
Strange how that isn't happening.
So you don't want this to go too far. But some places make you buy uniforms / coats at high costs.
What if a place made you buy your own Sony laptops and did not let you take other cheaper ones?
My company has this policy, but I won't use it for one very simple reason:
You have to agree to a clause that allows them to remote wipe your device.
If it was truly a work device, this would be fine as it's theirs to do with as they please. It's my responsibility to keep whatever personal information I need backed up in a safe place. I'd probably still have my own personal device for personal photos/email/music/etc.
For a device that I own and pay for, this is not acceptable.
If the work access was appropriately sandboxed such that they could wipe only, for example, an encrypted partition of the SD card where the apps are installed and store their data, then I might be on board. Companies consider their data valuable, but I consider mine valuable too. And just like they won't give me root access to their servers, I won't give them root access to my phone/tablet/pc either.
There is an interesting legal issue here.. IANAL though..
When the company owns the machine, there is a much clearer line as to who owns the applications and data on that machine. When an employee leaves the company, the company can "brick" the system with minimal problems. They own the hardware, they own the software licenses, and the company probably has a policy about no personal applications or data on the machine.
When the employee owns the machine, the rights of the company to erase data get really murky, fast. Does the employee have to agree to allow the company to inspect their (the employee's owned system) to remove company assets from the system? I don't see how that is going to work. My employer does not have the right to search my car after I quit, even though I called into conference calls in it, and used it for work related trips quite a bit.
I know of several companies that completely prohibit employee owned devices in the workplace for exactly the reasons I mentioned above.
if people are willing to spend $2000 on Macbooks just to do their work, then management would be dumb to stand in the way and spend company money on company laptops
Company bought Iphone with data and phone paid for by the company, or use your own phone and we give you $30.00 a month on your paycheck.
Considering I spend hours on tech support and blow through data like a madman for work, I'll take the company supplied one that coves all my work expenses instead of me paying out of my pocket for work related expenses.
Honestly, if they did not supply it and paid for the service, I will NOT use my personal one for work. So I hope this BYOD is getting companies to pay the employees cellphone bills completely.
Do not look at laser with remaining good eye.
If InfoWorld isn't getting enough page hits on their own with badly written stories like that, why give them any more hits?
If there's a business case for BYOD, IT should be supporting it. I said if there's a business case. That would include factoring in the additional expense associated with properly supporting these devices. It does not come freely, or even cheaply. Figure it out. If it makes more money than it costs, case made and IT will be glad to help. If not, don't go whining to the CIO, as some dickhead suggested in an earlier article.
Two of the most highly regulated industries â" financial services and health care (including life sciences) â" are most likely to support BYOD
... until they get slapped with huge fines due to the whole concept of BYOD being against said regulations.
Are these devices presenting information or storing information? There is a world of difference between the two and I can assure that both finance and health industries have regulation that require governance in the event that data is stored.
That being said if the information is simply being presented (you log into a vm from home and all data is kept in the cloud) that's typically going to be ok. If information is being stored than you have large amounts of regulatory requirements you have to work with.
Home use devices are not inherently bad on their own. Having done enterprise management for both healthcare and finance I can assure you that both of these industries take their requirements seriously. They also both support large numbers of people that work from home by making the service available in a manner that can be controlled. This is something the troll of yesterday's "IT is an obstacle" just didn't understand.
This is not surprising as it allows people to communicate off the record by using their own account on their own devices and maintain records that would not be subject to any retention rules. That sounds like a great business case to me.
Which is exactly why we have PCs in the workplace at all. If it were not for stories like that, we would all still be running on mainframe green screens. Whether that would be a good thing or a bad thing depends on who you ask.
This guy seems to live in a dream world where facts and logic are irrelevant. I do have to wonder if the sky is brown for him.
IT fears no tech, we just don't want "Smart Users" to be putting the companies private data onto a device that can be completely owned by something as simple as plugging it into a USB port.
Sorry, most companies in the real world have rules against BYOD, otherwise you cannot enforce AV, encryption, remote device wipe, password policies, employee separation policies etc etc etc. If they don't they will after their first major breech. Something about not being allowed to process credit cards anymore or having to notify every customer you ever had that your "Smart User"'s Wii got hacked and had a copy of the customers database on it, that makes people with Cs in their title angry.
Also note how in these articles it seems to be the people who would be accountable are against BYOD... The author of both of these articles is no "smart user", the best I can say for him is he is a moron living in a dreamworld.
The other problem is it changes the nature of the employee relationship providing your own tools is an strong indicator that you are a contractor and not an employee - so there are lots of legal issues. :-)
.
Oh and if you want me to provide the tools cool but you will be paying a 25% arrangement fee, the $500 month management fee and and hers the lease agreement you will sign (equal to the cost over 3 years) and the tax indemnity in case the tax people decide after the fact that I owe them tax
you mean bring my gear that i've set up as war dialer nmap, OpenVAS etc etc etc , sure no problem , wont be for business use though
LMAO !!!!!!
IT professionals should read what kind of clueless propaganda memes that their executives are exposed to so that we can be prepared to crush these lies with reality. We've spend decades on user empowerment on both software and hardware and we need to be able to lay it out for the business decision makers as an inoculation against this kind of ignorance.
As has already been demonstrated at my porn shop job, this poses a HUGE security risk.
Just the simple act of plugging in your phone to charge can leave the hosting system compromised.
We found a virus in our systems a few days ago. Security log check - some LG device was plugged into our system.
We got lucky, I caught it before it could fuck our inventory database any worse than it already was when we finally discovered it.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Normally, the DMZ has additional attention (and software and hardware) dedicated to it because it is so vulnerable.
You might be one really smart guy ... but once you put a box in the DMZ you are defending against every other person in the world with an Internet connection.
And even with the extra attention and software and hardware sites are cracked every day.
So .... the new plan is to take that model and apply it to your internal network? Add the additional costs of more time / software / hardware AND the increased risk of some kid in Romania cracking your INTERNAL systems?
Sorry, but I'm not seeing the business advantage or the cost savings.
I work for a publicly held company that has some fairly strict information management rules, and must comply with SarBox, etc. I am not in the IT department.
And I have been surprised at how supportive and encouraging our IT has been for bring-your-own device. There are rules in place, but even with them, much of the burden of security is placed on (this will be horrifying to many Slashdot people) the *user*. The user is still obligated to try their best not to act like a stupidfuck. Which is always the case anyway. Even in the most tightly controlled environment you can leave a document (or a prototype) lying around, or forward email to the wrong person, etc.
The amount of fear, uncertainty and doubt on the part of the average IT admin that is on display on this topic is staggering. You get the feeling many IT people really think they're the last line of defense, and that information security is the be-all end-all. They seem to forget there are still millions of ways those idiot business users can make mistakes and royally screw things up in such a way that the lights go out on the whole operation - even if IT has everything locked down tightly.
It's 2011, people. I'm sure there are business people who still try and blame IT for their obvious failures and lack of responsibility/ownership. But they are fewer and fewer, and not credible.
So let me get this straight, people in "financial services and health care" are being encouraged to bring their own devices to work? And this is so they can do their work more efficiently I suppose. Now the work they do, I'm guessing involves my private data if I am their customer. Is this safe to assume? And Angela got drunk and left her iPad at the bar...
We show geeks how to get their dream girl at EyesOfOdessa.com
This is getting rather ridiculous, /.
Work recently decided the run with Gmail for Domains and migrated all the employees from using Outlook and a POP server to doing email on a version of Gmail.
Along with this change, they now allow employees to connect their personal smartphones to the Gmail for Domains product. Here's the problem: to do this, you have to give special admin permissions to the company IT team so they can admin things down to the device level.
Nobody can tell me what limits, if any, are on what they can do to my personal phone. Are they limited only to things related to my work email, or can they browse my device at will, look at my personal Gmail account which is also on my phone, grab my data, wipe the device and shrug at me?
As much as it would be convenient to have work email on my phone, I am not about to blindly hand over admin to them. If they want employees to consent to this, they need to spell out who is allowed to do what -and the answer had better be more than "we can do whatever we want and there are no consequences if we screw it up and brick the phone or wipe your unrelated personal Gmail account."
Sig for hire.
Fedex Express does not.
Fedex Ground drivers are technically private contractors who work as much as they want and rent the route.
Sig for hire.
What happens when the company is sued? Depending of the case, employees may have to surrender all the data on their device for discovery, since the device, while personally owned, is being used for work purposes too. This story talks about a recent case of DC government officials using their personal email from home for official business. How do you untangle the personal stuff from work stuff. I would think most lawyers are not going to care, and demand to see everything.
No Mr "DoYouKnowWhoIAm". We will not connect up your nice shiny new iPad to our network.
Why? We have a huge amount of personal information here and we have a boatload of regulations from our national organisation, consumer laws coming out of our ears and a small degree of common sense. All of these prevent us allowing someone - even you - to bring in their favourite device to put even the smallest quantity of it on.
But you really need to have it upon this fashion accessory? We can help you there. Please fill in this form and someone who is not one of us mean IT people will see whether the organisation agrees with you. If they do, they will spend our money on such a device. We will make it secure and you will then be able to increase your productivity as you describe.
But you want to use this one? We have another form here for this. Allow us to take control of your device. We will remove some applications such as Limewire and BitTorrent and put a few things on it to make it more secure. We will then Fix it so that it can't pass any of our records to people that the organisation does not want it to. We will also make it use that" RSA number thing" on your key ring. This will also prevent you from installing any more apps upon it but it will be nice and secure now."
Hello?
Hello? Are you still there?
Hello??????
I'll see your Constitution and raise you a Queen.
Galen Gruman with another article of dubious conclusion, no facts, no quotes and no sources.
As someone in a rather regulated industry.... regulation, as much as it has a reputation for being stifling to innovation actually can help move it along.
See the thing is.... companies can't really stop BYOD. It is already in the culture. You really going to tell me I can't have a personal phone? You mean my personal phone that works everywhere, lets me get my personal email etc wont work here? Right, thats going to work out.
The thing is, other companies, unregulated ones, they can ignore it. They can enact useless rules that so "no" and then ignore their own rules. They can do that. We can't. We already have rules about how safe our data must be. We already have rules about device access etc. You would think we would fall back on them and just say "see we have rules" but the fact is, we need to have our rules work. We can't ignore them and hope for the best.
Its like hard drive encryption. Everyone knew it was a problem. There were major leaks due to lost laptops. However, a lost laptop is a lost laptop, its an accident...what you gonna do about it? Well... when the rules come down that we can't do that anymore and we will be liable....boy you should have seen how fast every single laptop got encrypted.
BYOD is just a matter of admitting reality and working with whats possible rather than working with whats "within your rights as an employer" but completely unreasonable and unrealistic. If you are an employer, your employees already have these devices, and already have their lives revolve around being within reach of them 24/7.
"I opened my eyes, and everything went dark again"
Another day on Slashdot, another link to a Galen Gruman article.
I went from a Dell Shitbox environment to a Mac environment. A 500 employee company that seemingly prided itself on buying the cheapest, crappiest Dell products available to a 5,000 employee company where I have a MacBook Pro (2011), Mac Pro (older one, but still nice), 27" iMac (2010) and two cinema displays....and I'm just one developer...they understand that happy employees are productive, and more importantly productive employees are happy. \
Moral of the Story: It's hard to be happy with a Dell Shitbox.
And for your initiative too, I'm sure.
Then tomorrow, get bitch slapped for not following procedures. But you're safe for now, since leadership saw it.
This appears to be written by the same guy that wrote this wonderful pile of BS.
That is two articles for the price of one right there, journalism at its best
It said "windows 98 or better" so I installed Linux
I just wish the United States wireless companies would take that attitude. You provide the service, and if I want to bring MY phone (providing it is compatible with their network), I should be allowed to. Just look at the hoops some are having to do to convince at&t that the Samsung Galaxy Note is a PHONE as well as a tablet. Some are getting data turned off because the Death Star sees the Note as a tablet, not a phone.
When it comes to BYOD, you certainly want to ease the process for those willing to "provide it" - for both wired and wireless networks. You also want to have some control over what's going on your network. For all of this, have a look at PacketFence - http://www.packetfence.org.
oh, hello NEWMAN...
Allowing or requiring employees to use their personal devices in direct connection with the workplace is a bad idea for both the company and the employee. The moment that company enters litigation, all of the computers used by that company's employees are open to search. Establish a pattern of personal device use in the workplace, and you've opened every employee's devices to discovery. If that employee gets involved in litigation or prosecution, and the company computers become vulnerable. You are far better off separating personal from business, and I personally would refuse to use any of my personal devices on behalf of the business.
--- Generation X: The first generation to have SIG lines inferior to their parents... ---
Company either gives me some tether device (which I throw in the drawer at 6pm when I get home) or they can kiss my ass. No way are they getting my personal device on their network for anything short of doubling my salary. They're not getting my device, my personal info, my contacts my mail, notes, pictures NOTHING.
Wake up people. Just like the new gmail look -- say NO now or else.
Biased article + InfoWorld + Galen Gruman = PROFIT
Gruman's articles are not well researched or balanced and look like marketing slicks.
Why? Because most of what the personal devices are being used for is personal business and nothing to do with what they are being paid for. I walk around our offices and find people hiding the devices to text, read emails and surf porn. Now this is very productive especially if they are working on a 35 work week. Then, they want IT to fix the device or call technical support because they dropped the device.
Give me a break!
The return is obvious. They no longer have to buy or lease equipment or software. The risk is unmanaged anarchy and regulatory and audit fines for non compliance. Companies like IBM though, being IBM try to get it both ways - tell people they 'can' use their own stuff at least in so far as smart phones is concerned. And also micromanaged according to The One True Specification To Rule Them All. But lapstops, no longer. It's just too much work for them to manage laptops they don't own and build while STILL supporting help desk calls for them. My sources tell me though that as a kind of weak hedge they've decided to keep their own laptops in service longer - stretching them out years past the standard FASB depreciation as a cost cutting measure. Which is pretty funny when you show up at a customer with a 5 year old Thinkpad running XP and it takes 9 minutes to boot.
Carpenters bring their own hammers to a worksite, Plumbers bring their toolbox, etc.
Tradespeople are now also programmers, system support staff, and I guess, even bosses.
Nothing wrong with bringing in your own smartgadget.
Leslie Satenstein Montreal Quebec Canada