This page contains a Flash digital edition of a book.
Shots Parting


W


ant to increase your workforce’s productivity while decreasing your operating budget? Then


implementing a BYOD program is just the right thing for you. It will lower your hardware costs, allow your employees to more effi ciently balance their work and personal lives, and your workforce will always remain at the cutting edge of technology. Sounds great, doesn’t it? Well, it appears it’s not so simple.


BYOD – and the consumerization of IT in general – can deliver on many of these promises, but only if implemented properly and via a comprehensive secure mobility program tailored to an organization’s specifi c needs. Your bean counters may see dollar signs when contemplating the potential savings of BYOD, but astute security professionals know that the cost of a device dwarfs the damage that can be infl icted when consumerization goes wrong. There are some common myths around BYOD that many organizations must combat in their haste to appease an increasingly mobile workforce, not just the CEO who demands to use their tablet on the corporate network, as Danny Bradbury explored earlier in this issue. Allow me a moment to outline just a few of these common misconceptions for your eager management to consider. ‘Employees want to use their own devices in the workplace.’ Although this may be true for many of your employees, there will be an entire subset of users in any organization that will resist this mixing of business and personal, as correctly pointed out by Steve Durbin in his article on portable device security. Some employees are not keen to have their personal devices monitored by employers, and would rather avoid the possible legal entanglements that could


56


arise when an incident involves an employee-owned device.


Durbin astutely remembers those employees who do not want to be ‘on call’ 24 hours a day. Then there are those who would consider auditing of a personal device to be a violation of personal privacy. As a staunch privacy advocate, I can empathize with this sentiment. As Durbin concludes, this aspect of BYOD means that – for the foreseeable future – organizations will continue to provide IT equipment for their employees. ‘Technology will solve your BYOD


problems.’ This couldn’t be further from the truth, as one CISO of a global corporation recently told me. The device that one uses to access organizational data is secondary to the data itself. According to this CISO, before running out and buying state-of- the-art access control technology, organizational data should be


organization the fi nal word on the who, where, when, and how.


‘BYOD saves the organization money.’ Perhaps this will be the case, but only if viewed from a long-term perspective. Many CISOs and risk professionals have told me over the past few months that BYOD may actually increase costs over the short term, negating the savings organizations reap from cutting their hardware costs. There are numerous reasons for this


initial uptick in IT and security expenditures, especially if you oversee a large


organization. First are the likely increased calls to your help desk, which brings up another uncertainty: Which help desk do you call? The device manufacturer? Your employer’s? Your ISP?


Any BYOD program will also require a certain amount of employee re-education on revised company policies.


BYOD is both the present and future of IT, and resisting the tide is a losing proposition


categorized by risk levels (high, medium, and low) and then access to that data should be dictated by established parameters (for example, the employee’s role, location, time of day, etc.). In this scenario, the brand and model take on lesser signifi cance and still allows employees to use their personal devices for work. If their access to a data set or application is prohibited from a certain mobile device, then it is done so according to the organization’s risk tolerance for a particular action.


It may be a bit oxymoronic, but I view this as a ‘rigidly fl exible’ risk-based approach that does not discriminate against a particular device or operating system and instead protects a far more important asset – the data itself. This approach can provide the best of both worlds in that it allows freedom of choice by the end user while giving the


Add to this potential legal issues, possible labor law confl icts, and questions about who is responsible for troubleshooting an employee-owned device. If my personal laptop or tablet crashes, then who is responsible for fi xing it, and what about my lost productivity in the meantime? More devices can mean more questions, and even more problems. So, BYOD may make your users happy, but it may not automatically save you money. Regardless of the potential drawbacks – from a security perspective and otherwise – BYOD is both the present and future of IT, and resisting the tide is a losing proposition. Just be sure when devising your strategy that you embrace this trend with caution. What works for one business may not necessarily work for your own.


Drew Amorosi, Deputy Editor January/February 2012


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60