Businesses Now Driving "Bring Your Own Device" Trend

snydeq writes "Companies are no longer waiting for users to bring in their own smartphones and tablets into business environments, they're encouraging it, InfoWorld reports. 'Two of the most highly regulated industries — financial services and health care (including life sciences) — are most likely to support BYOD. So are professional services and consulting, which are "well" regulated. ... The reason is devilishly simple, Herrema says: These businesses are very much based on using information, both as the service itself and to facilitate the delivery of their products and services. Mobile devices make it easier to work with information during more hours and at more locations. That means employees are more productive, which helps the company's bottom line.' Even those companies who haven't yet embraced bring your own device policies yet already have one in place, but don't know it, according to recent surveys."

also reduces IT costs

[Trepidity]

Adds some information-security problems, but reduces a huge IT problem with procuring/managing/repairing the devices.

Re:also reduces IT costs

[sycodon]

This will not end well.

Re:also reduces IT costs

[vlm]

Doesn't add any problems if you were already accessing software as a service over the internet, or if you were already providing software as a service to outsource partners etc.

Merely allowing employees access to the courtesy wifi internet access doesn't create new problems. Merely allowing employees to log into "internet" apps just like the contractors already do doesn't create any new problems.

Basically, its just a concept of getting rid of the "trusted" LAN and everyone and everything lives in the DMZ, both servers and clients. Once you reach the tipping point of moving your "IT" stuff into the internet DMZ, the process accelerates until its all there, and you are basically a colocated software as a service shop and a really small time ISP.

Re:also reduces IT costs

[MichaelKristopeit420]

once the first IT manager is fired for a data breach caused by a mismanaged virus-laden "bring your own" device, the regulations will return.

Re:also reduces IT costs

[crow_t_robot]

This reduces cost in the short-term but it will be a cost increase in the long-term.

It just takes 1 piece of malware on your network or one security event to loose all the financial benefit. Or how about when someone has a piece of pirated software on their personal machine that they are doing company work on? Or how about when someone loses a personal laptop without WDE that holds sensitive company information?

It just takes one event.

Re:also reduces IT costs

[AliasMarlowe]

This will not end well.

Indeed; there would be no escape from work-related calls, for instance. One reason I don't volunteer my personal phone for work purposes is because I ignore the work phone outside work hours (except by prior agreement such as a conference call with people in the US or Asia). I leave my personal phone on, and don't get any work-related calls on it.

Re:also reduces IT costs

One danger to watch for, courtesy of my company's policy - I can put my iPhone on the network, but it requires allowing them to modify (and wipe!) the device whenever they like, including any backups. So when you leave the company, kiss all your other data goodbye as well.

Make sure you're not screwing yourself when you let them play with your personal equipment. (Or as our local folks say - we don't trust them to keep their own equipment working right, why would we give them our own stuff to fsck up?)

Re:also reduces IT costs

[EdIII]

Then in the end they get their asses handed to them hard, and by hard, I mean reaalllly hard .

No competent IT person will ever agree to allow BYOD to propagate through the workplace. Not with access to any kind of sensitive data whatsoever that is not already passing through secured portals.

Secured websites that allow access, that they themselves are limited in what they can show, is one thing. That allows functionality not just in the workplace, but in the field. It also allows a lot more freedom in what kind of devices can be used. Tablets, phones, computers, etc. Freedom in operating systems is great too. If the employee can get everything done in a web browser, then you don't need the expensive Windows fat clients.

Bring your own personal computer in to work? Only the executives would think of something so "full-retard" like that.

I have always locked corporate down harder than East Germany. Nobody even knows the wireless passwords to access the corporate network, and executives who demand business laptops, get them configured by IT. Some places even get the Ethernet locked down further so that unauthorized devices cannot connect. They don't know the passwords either. No stupid Facebook, Twitter, etc. from within the corporate network.

To make it easier, I just provide a public wireless network with a simple password for all the employees to use. Separate IP address space, and not even remotely connected to the corporate network and VPNs. If they want Facebook, Twitter, and all the Social Media crap plus media streaming of YouTube, Pandora, etc. they can do it on another network that won't impact corporate operations. I make it a clear policy that they can use the public network with their own devices in any way they want because it is safer. The only thing they are not allowed to do is directly transfer or connect their devices to corporate hardware. You make it reasonable like that, and the vast majority of employees are happy and not trying to bypass your corporate security to get to Facebook while on break.

Security and Usability is a balancing act.

If the company execs want to shove Usability down IT's throat, despite common sense and valid warnings, and at the expense of security, just to gain some perceived ability to work employees harder for the bottom line ... then get your resume ready to jump ship.

You will have to jump ship. I have to be skeptical about this. Financial institutions and highly regulated companies doing this? I have to doubt this. Any security company that comes in to audit them or evaluate their security is going to have a field day killing several trees with reports to the execs about how insecure and vulnerable their network is. Would it pass PCI compliance? Doubtful.

All it takes is one really bad screwup. Lose a half million credit numbers (with full info) and then the executives might really understand the cost of letting employees bring in their tainted malware infested, porn overloaded, crap equipment from home.

I write this while downloading an ISO to fix an executives business laptop that they crapped up with malware.

It's already a never ending battle for IT to keep the corporate network and assets from being owned by hackers and malware. Handcuffing us and force marching us down a path to the 9th level of IT hell is just an oh-so-good idea. There is a really really good reason why IT has to control all hardware connected up to corporate. Any hardware we don't control is not just a point of failure, but a security vulnerability waiting to be exploited.

How many hacking groups out there are just waiting for that "big fat gold nugget" that is a laptop being connected up to a major financial institution from the inside?

Offloading IT cost onto employees

[crath]

Unless the employer provides ongoing cash payments to compensate the employee for use of thier device, this is a way of offloading IT cost onto the shoulders of employees. Add to that the fact that here in Canada, an employee of a company is not allowed to treat the cost fo a computer as a business expense (for tax purpoes), and the reduction in salary experienced by the employee is even greater than the benefit received by the employer.

Re:Offloading IT cost onto employees

[vlm]

Now, if everyone buys iPhones there is very little problem with IT support. If 30 people buy iPhones, 10 people buy Android phones and the remaining buy a mix of Windows phones, Open Moko phones and something new that came out last week the IT job will be a nightmare. Same kind of problem happens where everyone buys a different tablet device brings them all to a meeting and someone has instructions for using some iPad-only app for displaying something important. Guess what? The help desk may not be able to resolve this to everyone's satisfaction.

It creates a contractor relationship. We do not provide equipment to our contractors, and we do not care what they use as long as it works and they don't hurt anyone else. We also demand they wear clothes and occasionally bathe, but we do not buy them clothes nor hose them down if they cannot handle it themselves. We assume they are big boys and they can take care of themselves. IT makes our things work, they do not teach you how to use your things. Much as the janitor is paid to keep the toilets unclogged, not teach us how to unclog. WRT contractors, the only help desk interaction is verifying our courtesy internet access is up for them, and our internet accessible apps such as webmail are available to them. The days of hand holding people who don't know which side of a mouse is up, are over.

We provide a courtesy wifi internet connection for contractors to use at our workplace as they see fit. The apps the contractors need access to are already internet accessible because we sure as heck are not giving contractors access to our internal LAN. Allowing the employees the same freedoms the contractors already have for many years, is not a big stretch.

It turns out that most (although perhaps not all) employees job requirements "fit" with the contractor IT model.

Re:Buy your own devices

[0123456]

Really, why buy equipment for your employees when you can just make them buy it on their own?

And get them to work for free in their own time because they're now 'mobile'.

DOUBLE WIN!

One day all those people demanding that the IT department let them connect their phone to the network will be feeling nostalgic for the days when they didn't have to.

Though perhaps it would allow the Slashdot admins to build a site that works; I've had to turn Javascript off because of randomly vanishing 'Reply' buttons that do nothing other than say 'Working' when I press them.

Related: Businesses loosing more customer data

[who_stole_my_kidneys]

with users bringing their own devices and loading sensitive data on them , customer data is lost in so many directions, its hard to point out the who actually "lost" the data in the first place.

Re:Related: Businesses loosing more customer data

[blue_teeth]

From The Fine Summary "'Two of the most highly regulated industries -- financial services and health care (including life sciences) -- are most likely to support BYOD".  Give me the names of banks who are encouraging this BYOD.  If my bank is in the list, I will close all my accounts.

Enough Galen Gruman/Infoworld stories on /.

[Kamiza+Ikioi]

Slashdot just posted this other Galen Gruman story based on how to get your user devices into your business behind IT's backs: http://it.slashdot.org/story/11/12/18/2154224/how-to-thwart-the-high-priests-in-it

Now another story about user devices getting into business behind IT's backs, also by Galen Gruman.

Enough already!

Pure unfounded hype.

[rickb928]

I scanned TFA, and it looks like I will disagree with 70-90% of the assertions therein. I can't call them 'facts', because they aren't.

No mention of the security issues surrounding BYOD. For industries that reject bringing your own notebook to work, the assertion that financial services firms are embracing BYOD borders on the ludicrous, with a healthy dose of fantasy. Here at least, in a Fortune 50 financial services company, BYOD isn't even up for discussion. The security issues for Personally Identifiable Information alone rule out permitting any significant use of data on a device that is unsecured. And YOD is presumed to be unsecured, since it cannot be confirmed or assured by the people in data security that are responsible for preventing data loss. That's not 'minimizing' the loss, but preventing it. Nice try, Infoworld, but you're not fooling me into thinking I can load up my Android or iOS phone with corporate data. Not here anyways.

They then launch into how 'app-savvy' hardware is so great. Help me here - is 'app-savvy' another way of saying 'high-performance'? I thought so. Feh.

Good Devices may supply mobile device management systems to their customers, but I can name you a 50,000 seat company that may or may not use it, but if they do it's for captive devices - Blackberrys - that are never going to be BYOD. Quoting such a study is regurgitating their self-serving (and I expect nothing less, they are out for a propfit after all) hype and fantasy that with their services, BYOD is perfectly secure. Again, where I work, promises are not enough. Security is based on assurance. Little of it is provided by third parties. I can't even share data with co-workers in many/most cases. The concept of letting employees run mission-critical (data is mission-critical to a financial services company) or senstitive data apps would not be laughable here. It would be dismissed out of hand.

More to the point, however, the idea that somehow the device changes the nature of your work is both spot on and wide of the mark. If you're primarily displaying data, a table is par excellence. as soon as you need to enter data, it's a losing proposition. Depending on your role, tablets and smartphones offer some advantages.

My brother has been delivering real-time production data to his workforce worldwide (wherever there is a signal, WiFi, CDMA, GSM, or satellite) since Palm first made a phone. He's added native support for every OS as of last year. He sees the craze, and his boss asks him sometimes about how this 'Android thing' would work for them. And he responds that it has been working 'for a while now'.

And no, they do not do BYOD. They supply whatever is required for whatever geographic region the rep is in. But they could suport BYOD, since he supports some customers directly with the same apps, where they are BYOD only because it isn't 'his' device. And he sees the security issues. SSL is so flawed he considers it useless, but there is nothing else right now except for VPN tunnels. That's where he's at, and some Java sandboxing that he thinks is ensuring data is gone when the session is gone. But he knows that rooting devices will some day thwart that.

And since I can root most Android devices without a lot of effort, that alone makes BYOD for work just impossible.

Lastly, I read up on the link from IW that Android is making inroads into business environments that the IT staff are unaware of. Well, actually, I can't use any of my personal mail at work any more unless it's on my Android phone. I don't consider that a BYOD instance, since if I connected to the corporate WiFi, I wouldn't be able to use personal email on it then either. I can. theoretically, dump data to the phone via USB or a uSD card, but that would be logged and scanned, and PII would be captured and alarms sounded. Yes, my work notebook can be prevented from downloading data to a removable device, any sort of device. It can also check if the device is encrypted, which they all must be.

Hype. Misstatement. Fantasy. But it may sell more stuff, and that would be the point of TFA.

Stop the INFOWORLD spam please

[Shivetya]

This is twice the submitter is from the site that has the story, worse its nearly identical if not the same one (ain't going to read this slashvertisement) where they were went off on IT departments enforcing standards.

Strange, isn't it?

[khasim]

He's writing about how "most companies" are allowing users to bring in their own equipment ... while writing about how IT "priests" are preventing users from bringing in their own equipment.

But he isn't doing interviews with companies that are allowing users to connect to private. company data (the kind that would cause problems if leaked) via the users' own devices. Particularly companies covered by specific regulations such as health care.

Wouldn't at least one interview with the IT VP of a major hospital be appropriate by now? If nothing else, just to provide support for his claims.

Strange how that isn't happening.

Re:Fuck you, No. Pay me more.

[betterunixthanunix]

My local HR was freaked out about my temporary lack of a landline

They need to reach you instantly, at any hour of the day? Then they need to buy you a cell phone. Maybe you spent the past few nights at your new girlfriend's house, or you had to accompany your spouse to a funeral, or you decided to spend a few hours walking along the beach to center yourself.

Ended up listing my cellphone as both home and cellphone

So you are basically paying by the minute when your employer calls you. Yes, I know modern cell phone plans sell you blocks of hundreds or thousands of minutes, but the point here is that you are paying to make yourself available to your employer when you are not even at your office/job site. It may be rude to say this, but this is not really a situation that you should be in.

Re:Fuck you, No. Pay me more.

[vlm]

They need to reach you instantly, at any hour of the day? Then they need to buy you a cell phone. Maybe you spent the past few nights at your new girlfriend's house, or you had to accompany your spouse to a funeral

I suppose if I told my wife I was at the girlfriend's house, and I told the girlfriend I with with the wife at a funeral, I might finally have the spare time to get some stuff done in the lab without interruption... I think you're on to something here...

So you are basically paying by the minute when your employer calls you. Yes, I know modern cell phone plans sell you blocks of hundreds or thousands of minutes, but the point here is that you are paying to make yourself available to your employer when you are not even at your office/job site. It may be rude to say this, but this is not really a situation that you should be in.

Ah its not so bad because I am in a rather weird/unique situation of not being salaried as my current employer categorically will not go salaried for non-management employees, and being a tightward cheapskate I have the worlds most expensive pay per minute cellphone service, which even at its inflated rate is something like one nineth my hourly hourly rate at time and a half overtime... Work is paying me nine times what I'm paying the phone company for the privilege of talking to me, so I'm all good with that profit rate. When the phone rings with a call from work, I almost feel my wallet getting heavier as I talk... makes me want to speak slower, sometimes. I can see why a salaried guy would be pissed off, but theoretically they are paid more to make up for calls like that, theoretically at least.

Sometimes, at home, without being paid for it, I even read computer books. Weirdly enough, I like Knuth. I know, I'm a sick, sick man, etc etc.

I am very happy not to have to carry two cellphones, and sometimes being always available is an inherent part of the job... which is probably partially why my pay rate is so high to begin with.

Its like arguing that the company should pay for the detergent used to wash my work clothes an extra time if I come in to work on a Saturday, after they cut me a check for overtime around the size of a decent car payment... geeze don't look a gift horse in the mouth, take the money and run.