June 15, 2012
The BYOD Dilemma IT folklore has numerous tales of a pompous senior executive of IBM, or GE, or the Air Force who visits a client like IBM, or GE, or the Air Force and has his expensive new laptop confiscated because he ignored the security warnings about no outside equipment entering the building. These days the situation is so common that it has gained its own acronym, BYOD or Bring Your Own Device, and IT departments all over the world are struggling to deal with it. Technology writers refer to the Consumerization of IT to explain the process over the last few years where new technology emerges first in the consumer market. Network users, having purchased smartphones, tablets, or other devices for personal use, then want to use them for work. IT staff are caught in the middle between their usual control-freak tendencies and the desire to give the users whatever makes them feel empowered and productive. Generally the result has been for IT to attempt to accommodate user preferences while sweating the security issues created by allowing random devices into the workplace. Network engineers are not the only ones who need to recognize the BYOD dilemma, Management and HR also need to make some decisions and create some policies. There is no single approach which works for every organization but the following question ought to get you started. Who pays for the device and service plans? Are bandwidth and data use monitored and who pays for overages? Who pays for replacement if a device is lost or stolen? Who handles support for the device and data on it? Are users required to use passwords or encryption on the devices? (At this point, few users even bother to lock their phones) Are users responsible for providing antivirus & antimalware on the device and anything it connects to outside of the corporate network? Do you need to be able to remotely wipe data (both corporate and personal) if the device is lost or stolen? Are users required to backup corporate and/or personal data on the device? What constitutes misuse or inappropriate behavior for the device? Does everyone understand where the data actually resides and which apps store and/or share personal or corporate data on the cloud? Does the company have any say on which applications may be used or loaded on the device? Who provides the software, adapters, cables, and service to connect devices to projectors, printers, and other office equipment? Keeping valuable information inside the network while keeping bad stuff out of the network is not a new task for IT. Tablets and smartphones are not very different from flash drives and users who take their laptops home on the weekend in that regard. iPhones, iPads, and Android phones and tablets do a good job of communicating with Windows networks but they do have their own operating systems, with peculiarities and vulnerabilities for IT to deal with. Their presence also affects network infrastructure and resources as users move to multiple devices needing IP addresses and logins. A common recommendation is to triple your WiFi bandwidth to support iPads for instance. The goal of BYOD networking ought to be more empowered, more flexible, and more innovative employees but no company can afford to ignore the tradeoffs in data security, bandwidth and supports costs.