Bring Your Own Device

BYOD: Four reasons why your staff will take the plunge - with or without you

Trying to ban BYOD will just drive it underground, so IT departments need to address four reasons why staff are frustrated by their existing hardware.

As IT departments standardise and lock down desktops in a quest to slash support costs, staff are becoming increasingly frustrated with their corporate devices, fuelling demand for their company to adopt a bring your own device (BYOD) policy.

BYOD sees staff buying and using their own choice of laptops, smartphones and tablets to access corporate IT systems. The hard-line policies of some IT departments will lead to outbreaks of "unsanctioned" BYOD as "legions of workers retake control and cloak their efforts in clever ways", according to a report by analyst group Forrester. It warned that the IT department's "prohibition" will drive BYOD underground instead of stopping it.

Forrester found that workers are using more devices to get their jobs done than they are being given by their employers, with the average power user using three or more devices.

"Workers are dissatisfied and are spending an average of $1,253 annually of their own money on computers to do their jobs," the report said. It found that only 12 per cent of firms encourage staff to BYOD, with most actively discouraging it and some even penalising employees.

"The mismatch between employee needs and IT's position is obvious, but few infrastructure and operations organisations are adequately prepared to change course," said the report, Five Steps To A Successful BYOC Program.

Forrester said this lack of flexibility is down to IT departments' insistence on standardised, locked-down corporate PCs with as little variation as possible, in a bid to cut support calls and lower IT operational costs. The analyst said this approach brings the "unintended consequence of stagnation from the worker's point of view".

Forrester said four factors are likely to be fuelling demand for BYOD inside organisations

1. Workers have been on Windows XP for too long

Windows XP is 11 years old, yet it's still in on more than half of corporate desktops and laptops. "For employees accustomed to using Windows 7 or even the Mac OS at home, being forced to use Windows XP for work is frustrating," the report said.

2. Management tools and practices are outdated

Forrester said most of the tools and practices used for endpoint management and security were developed in the early 2000s, for Windows 2000 and XP. Since then, many of the underlying reasons for these practices have changed, rendering them obsolete. "Both Mac OS Lion and Windows 7 are very different from earlier-generation operating systems on many levels, yet IT organisations still apply the same outdated management tools and techniques," it said.

3. Locked-down PCs create productivity bottlenecks

Many employees now use two computers to get around the corporate IT lockdown - one provided by their employer, and the other their own. "They then find back-channel ways to transfer files and data between them, such as email, Dropbox, and of course thumb drives — behaviour that effectively decreases security," according to the report.

4. Gorilla-sized agents hog PC resources

Forrester said nearly half the processes running on a corporate PC may have nothing to do with the user's day job, causing great frustration. "The top offenders include antivirus and security agents, data backup processes, systems management, and a range of other processes such as application updaters. These agents run in their own space and routinely interrupt the end user's work by monopolising disk I/O, CPU, or other resources, often for several minutes at a time," the report said.

About

Steve Ranger is the UK editor of TechRepublic, and has been writing about the impact of technology on people, business and culture for more than a decade. Before joining TechRepublic he was the editor of silicon.com.

94 comments
nuno.borges
nuno.borges

So Windows XP is being used for long. Should I have installed Vista made things worst? We are already upgrading to windows 7 so don't agree. Locked down PCs - so should we allow for company information to be stored in Google Apps, Sky Drive and DropBox and then when we have a leakage call the CIO and make him/her responsible? What is the solution? Agent Hog - So should we uninstall all AV, Malware, Personal Firewall, SPAM filter and Proxy filtering and allow malicious code to infect our organization. To simple to say this is the problem. Selection of good tools is required but saying this is the problem is too simplistic. Will this problems disappear with BYOD or will we just create another set of problems?

pconaty
pconaty

Biggest issue against BYOD for a lot of companies is funnily enough cost and money. Netowrk and systems infrastructure in most companies has been setup to secure laptops and PC's. Mobile OS's and devices were never a design consideration. To update your infrastructure to support the severely increased data leakage exposure that comes with tablets and smartphones requires a large investment in technology and training for your support staff. I have been reviewing and comparing MDM's for several months now and have still not found one that adequately manages all mobile OS's out there. Only way I see to do this is with a proscribed list of devices provided by the company. BYOD would be a nightmare to support with multiple versions of Android OS, Windows phone 7.0 and 7.5 not supporting encryption just some of the problems.

stevewschmidt
stevewschmidt

While we agree that some IT departments need to play catch-up, there are a growing number of IT leaders who are embracing the BYOD trend, either by allowing user owned devices to be connected to the company infrastructure (usually in addition to a company supplied device) or by providing a stipend to the user to acquire a device intended for corporate use. The important thing is enabling employees on those devices, while balancing the needs of the organization. This is aligned with the point #2 about requiring updated management solutions. These solutions need to provide accountability and control, in spite of the flexible device policy, including effective strategies around application readiness (assessing and preparing applications for corporate use) and enterprise license optimization (ensuring the ideal procurement and allocation of software licenses). Then IT can more effectively manage the process of delivering vetted apps to users, whenever and wherever needed. Without them, BYOD policies increase the risks associated with system supportability, excessive software spend, and license compliance. ??? Steve Schmidt, Flexera Software

patg00
patg00

What happens when you are involved in some law suit where the data is Subpoenaed, or seized? Do you want your personal machine and all it's contents to be bared to the world? or the Gov't?

OldHenry
OldHenry

Anyone read http://www.networkworld.com/news/2012/060812-california-byod-259984.html? The state of CA is trying to get employees to use their own smartphones to save on the cost of Blackberries. Most of the clients I've worked with have BYOD as their tablet strategy. People like being able to specify what hardware they use but don't like being told how to lock downand manage the hardware they buy themselves.

matt
matt

Given that the traffic from a cell phone browsing a web site looks nearly identical to that of a PC hitting the same site, how can a company determine the amount of Internet bandwidth utilized by the combined smart phone devices? Monitoring BYOD traffic with NetFlow and IPFIX is one of the best ways to find out how much BYOD traffic your infrastructure is currently supporting. Loaded with accurate data, IT members can educate employees and remind them to use appropriate behaviours when using BYOD devices.

JJFitz
JJFitz

How would you feel if you found out that your personal, financial, or heath information leaked out from your employer, bank, hospital, doctor's or dentist's office because they allowed their employees to use their own unsecured technology to work? I am not talking about a malicious leak. I am talking about that well intentioned person who wanted to finish a financial spreadsheet overnight so they install their personal remote access client on their company owned desktop, or they email the data to their personal email account, or they save it to an unprotected flash drive, cd, smartphone, tablet, or the cloud. As a Director of an IT Department, I am seen as the obstacle to new technology because I provide you with a tried and true way to access data through a secure encrypted tunnel or a fingerprint & password protected encrypted laptop but you don't want to be burdened with having to remember your login credentials. It's too much work. It slows down productivity. So again, I ask what if it is [i]your personal data[/i] I'm trying to protect?

Charles Bundy
Charles Bundy

is the home visit. I've had people demand that IT staff not only configure their device for corporate infrastructure, but want us to come to their house and do the same. I always told folks up front that there were too many liabilities (including the workload) to allow technicians to start doing home visits.

Vulpinemac
Vulpinemac

Cloud-level services for an enterprise do not have to be on public servers; your company can have its own in-house cloud that does the same thing on private--secured--servers. Think if it as a much more advanced version of the old mainframe technology where the MF served both files and applications and the employees used dumb terminals. The enterprise cloud has the company's server farm now serving files and applications but the task of actually using the apps is delegated to the desktop, eliminating the workload and time-sharing bottleneck that developed when the mainframe had to do it all. Of course, this also means that any mobile device attached to that network is automatically restricted to the in-house cloud if it's a wi-fi only device or has its 3/4G radios turned off or blocked. Google, among others, does offer this kind of cloud computing. I have no doubt that Microsoft does as well.

Vulpinemac
Vulpinemac

Through the '80s, '90s and '00s, companies only looked at desktop replacement as bulk purchases, buying hundreds or even thousands at a time to get the lowest possible price. However, one company tried an experiment and separately purchased one Mac and one PC. They attempted to make the two machines as equal as possible, even to using the same software (as closely as they could) on both machines. They then went to a temp agency and hired two secretaries that had no PC experience of any kind and spent 30 days training them to proficiency on their respective machines. Once trained, these two workstations were given identical tasks for 90 days, neither knowing about the other. The company measured direct productivity between the two machines and all support issues. At the end of the 90 day experiment, they analyzed the data and discovered that the Mac proved more than 200% more productive while only costing about 30% of the Windows machine's support. It proved that the long-term costs of using Macs went far below costs of remaining with Windows. However, the results of that experiment, while documented and later even made into an educational documentary (I watched it some 10-12 years ago on The Learning Channel or similar) the company chose NOT to convert to Macs because of the--at the time--three times higher up-front cost per unit and overall cost to convert from Windows to Mac en-masse. With BYOD, such a changeover's cost is minimized by the employee effectively absorbing the hardware costs (companies still tend to buy the cheapest they can get away with on their own) while managing to retain the majority of their existing infrastructure. They now gain the benefit of the higher reliability and resulting higher productivity without having to eat the higher up-front cost of buying hundreds of Macs at one time. IT itself may want to resist this conversion, but even though no company may never fully convert to Macs, they and other Apple devices are moving in and will remain as long as Apple retains its lead in real systems integration.

slonej@nationwide.com
slonej@nationwide.com

If you are using apps like the Good app then it's a simple matter to delete the Good app remotely along with all the corporate data. If you really allow your users to store data outside a container then really open yourself up for all kinds of hurt.

JJFitz
JJFitz

You say, "People like being able to specify what hardware they use but don't like being told how to lock down and manage the hardware they buy themselves." This is the biggest hurdle to BYOD. They don't want to be bothered with requiring password and let's not even talk about encryption. Or worse, they drank the Kool-Aid from a certain computer / tablet / smartphone manufacturer believing that their devices are somehow naturally immune to malware therefore they don't need protection.

Vulpinemac
Vulpinemac

I don't deny there are many reasons for refusing to permit BYOD, but your argument assumes it's a device that will travel back and forth. What if that user wishes to use a different computer at his desk simply because they don't like the hardware or wants additional capability? True, a receptionist might not need the latest-and-greatest, but the ability to use a touch screen rather than having to mouse through pages worth of documents or touch a spreadsheet cell rather than wiggling her mouse to find the pointer then clicking that cell might realize better efficiency simply through speed. There are many meanings of BYOD and you're apparently restricting yourself to a single one.

tbmay
tbmay

...Joe Public really doesn't see that as a problem. Also, I'm sure you've noticed, everybody is a technology "expert" and you're basically an incompetent, justifying your position, roadblock to all that is right in the world. I recently got the Security+ cert to allow me to do DoD contract work. As I studied for it, I remember thinking that cert would be better suited for end users than IT pros. It would put an end to a LOT of the nonsense guys like you and I have had to deal with our entire careers. Most people, and by extension, most companies, simply are not serious about security. And if you try to bring things to their attention, their response is to kill the messenger more often than not.

CharlieSpencer
CharlieSpencer

Last time I looked (early winter), Apple still had only around 5% market penetration on desktop and laptop systems. Considering some of those are corporate systems, then the percentage owned by individuals must be even smaller. I don't see that relatively small wave of BYOD Macs washing Microsoft out of the corporate pool, especially when the majority of laptop devices being brought in are Windows systems. If you're talking about the dominance of Apple tablets, I might agree. On the other hand, such devices render your discussion of the 'MS vs. Apple' experiments irrelevant. Those focused on the only form factor available at the time: desktops. I'd also point out that many of those many of those Apple tablets are being used to remotely access Windows desktops and servers. If an employee is bringing his own tablet, regardless of brand, but is using it to access a company-owned desktop, the company isn't saving any money.

Vulpinemac
Vulpinemac

You totally ignore that the hardware from that specific manufacturer [i]IS[/i] immune to Windows-specific malware and quite honestly the mobile devices are effectively immune to drive-by malware [i]as long as they're not jailbroken.[/i] You also ignore that specific brand's reliability and efficiency at the desktop (probably because you are unaware/biased against it) even after decades of testing have proven that brand's abilities. No, the one who has drunk the 'Kool-aid' is the one who has closed his mind to anything but what he is told without bothering to do any research for himself. Maybe you should research that 'Kool-aid' argument back to its source and see who the real victim is here.

JJFitz
JJFitz

Do you think if the personal device is portable, it will stay at work? When refering to a personal device I do assume that "Bring" means bring it back and forth. Even if they kept it a work, do you think they will leave it when they get another job? Do you think they will allow me to wipe it clean before they go?

Vulpinemac
Vulpinemac

If security were the sole reason to block progress, then we'd still be using punch cards and mainframe computers despite the separate issues those present. Even the DoD is experimenting with the newest technologies, including smartphones and tablets, for both their functionality in the field as well as their ability to be secured. Even President Obama has a DoD-secured Blackberry and now iPad. You'd be surprised by how many companies are serious about security, but that doesn't stop them from embracing change when it's to their advantage.

Vulpinemac
Vulpinemac

The up-front cost of the hardware is really less than a quarter of the cost of ownership when it comes to enterprise PCs. Desktop support tends to drink more IT resources by far. This is where better hardware comes in. Usually better hardware lasts longer than cheap hardware. In the case of Mac PCs vs Windows PCs, the ratio is about 3:1 on hardware durability. But there's more as well. There have been many reviews done over the years that compared Windows use on Macs vs Windows use on other brands like HP, Dell and the others and those Macs consistently demonstrated better performance even when the PC used to compare were as equivalent as possible with all the Mac's components and features. I'm talking visibly faster in nearly every aspect that an enterprise would need. (I will except gaming because gamers have the convenient ability to swap video cards whenever they feel like it. Even so, gaming is eminently available for the Mac through Mac ports of many popular games and the Mac's ability to run Windows itself.) In other words, when taking the total COO (cost of ownership) into account, the Mac can still save the company between 50% to 70% of what they'd pay for the average PC over the same period of time.

CharlieSpencer
CharlieSpencer

I doubt the superior hardware provides enough advantage to be worth the price to most buyers, corporate or consumer. Sure, it would be nice to have a Lexus, but an Accord will be more than good enough for much less money.

Vulpinemac
Vulpinemac

... my point was that the Mac did prove itself almost 20 years ago and the Mac today is still better than the majority of the Windows boxes currently in use in the enterprise--and still more expensive on a per unit basis for purchase. Why? Because the Mac adheres to far tighter specs on nearly every internal component compared to its competition. Higher cost on components means higher up-front price. But that's an old argument that will never be settled until the antagonist actually bothers to physically test each and every component to verify what I learned through working for an Apple component supplier. I know from experience what Apple's parts acquisition methods are like. Others simply refuse to believe Apple would do that when nobody else (except maybe the US Government) does.

JJFitz
JJFitz

You have clients. I have employees. You can influence what clients purchase and do. I have a budget. Within that bugdet, I decide what the employees use and I can limit what they can do. The upside for you is if things go wrong, you can say, "I told you not to do that." The downside for me is if things go wrong, I have to look at the guy in the mirror. That's why I choose to narrow the computing options.

Vulpinemac
Vulpinemac

With the caveat that sometimes just pointing to the information isn't enough. I have a client who, even though I've told him many times how to protect himself from malware (especially phishing emails) he still opens anything and everything that hits his mailbox. While I grant that if he were an employee I would strongly consider dismissing this person, instead he is a client and I have to at least try to keep him safe. His advantage? He's using a Mac so the majority of the malware attacks run into a dead end (he does know not to permit installs out of email or websites unless he triggers them himself) but even I have come close to getting caught out by some of the more recent phishing attempts. Using rules to guard his emails also doesn't work as it might, since the majority of the attempts tend to come through his whitelisted friends. Fortunately I get a mirror of most of these attacks and remind him to manually scan his machine when I see something questionable come through. The point is that you do have to take the user into account and sometimes go that extra bit with them. Not only does it improve customer satisfaction, it makes you look good to the company, too.

JJFitz
JJFitz

I like to help people out. That's why I run the IT Department. I never say, "Flat out no, not on the corporate network." I explain that with unlimited resources, we can make anything happen in IT & this is what getting your device on the coprorate network would entail. I don't care what OS is running on a personal device. They are not allowed on the corporate domain for all the same reasons. I am not picking on Apple. I apologize if I made it sound like I was. It's just that for some reason, quite a few Apple users believe that their devices are immune to malware or viruses and that's a dangerous thing to believe. As for the SETI guy, we have intelligent switches on the guest network. Once his device reached the "top talker" threshold, the switch shut off the port and sent me an alert. I explained the issue to him and asked him to disable SETI while at work. Sometimes it's good to let the users know what IT can see runniing on the networks. ;)

JJFitz
JJFitz

If you keep your Apple patches up to date, you should not have a problem but obviously 2 of these folks didn't and the third guy had no idea what SETI did to a network. Fortunately the malware folks' devices were not allowed on even our guest network. I didn't fix their problems for them, I just directed them to the information about addressing it.

Vulpinemac
Vulpinemac

Whether you want to acknowledge it or not, Windows users are just as likely to not know what they are doing as OS X users--they're no more tech oriented and far more likely to infect their own machines simply because there are so many exploits in use against them. Obviously, it's your job as the IT staff to protect them. The two Docs you mention are simply examples of this on the Mac side. Trojans affect both platforms equally, it's just that some AV apps are better at detecting them than others. All a user has to do is click on a (not so) well-crafted false login page and the machine is infected. But really, that's beside the point. As one person pointed out below, you certainly didn't mention WHAT infection was on those machines; it may not have been an infection at all, but rather some other issue entirely. As for SETI, it's easy enough to disable or even remove that from any machine, Mac or otherwise. It can even be set up to run only at specific times, like when the machine is at the user's home and not on the corporate network at all. Personally, I used to love SETI when they used their own software, but hate the BOINX (or whatever) distributed computing service they use now. It's far less of a bandwidth hog as it is a resource hog on the host machine, pulling and pushing data only when the machine has completed its packet scans. On the other hand, if your firewall was blocking it, then the software was going nuts trying to access SETI to swap files. In that case, it should have been easy for you to simply uninstall the app (drag and drop to trash works really well, though I admit it leaves files behind unless you use a 'cleaner' app to trash it.) Doctors, unless their doctorate is in CS, are no more computer literate than the average "Joe Plumber", their profession is whatever they specialized in, not computers. Yes, I do know what Apple claimed and even now Macs are immune [i]to Windows malware[/i] which is still the prevalent malware environment on the internet. Apple itself does recommend AV software and has for many years, though they haven't released any 'commercial' scanner of their own--believe it or not for security reasons. Bloggers think they know what Apple is doing, but so far Apple has been far more effective in simply shutting down the malware authors and protecting their customers that way instead of putting bandaids over the exploits. By not telling anybody what they're doing to defend against an attack, they're not telling the attackers to start looking for another hole. Even Microsoft has begun using similar tactics as a combined Apple/Microsoft/police effort shut down and arrested the perpetrators of two very significant botnets. I guess you were unaware of this 'new' tactic.

tbmay
tbmay

I'm not a MS shill. In fact my actual job title is Linux Engineer. I'm not anti-MS either though. I am on board with JJFitz's concerns though because I have experienced users in organizational settings who simply were not satisfied using what was provided them. My only point is businesses have good reasons not to dive into a BYOD policy.

anil_g
anil_g

I use a Mac at home and at work, but I'm not familiar with any Mac malware, since I've never had any. Can you please tell me what kind of exploit you encountered with your Mac users? I'd like to know what kind of impact and what kind of entry point to be aware of. I'd appreciate it. Thanks.

anil_g
anil_g

Windows has so dominated business for so long that support staff are often "educated" in a purely windows environment. Some support professionals are so ignorant of other platforms that they have really skewed ideas about basic (otherwise well-known) principles such as open standards and erroneous opinions on cross-platform issues. I think this needs to be recognised because the environment is moving. Recognition of this situation does put the onus on "windows supporters" to open their minds to what benefits are driving business users to request support for other platforms. It's the business requirements at the end of the day that need to be the drivers. The cloud movement also suggests that an emphasis on the browser as thin client will eventuate and loosen requirements on corporate networks. BYOD may provide more and more value and enable cost savings for in house support. Windows guys may be forced move on from their (in) glorious communist past and move into a new republic. I'm working with Windows engineers that have recently been required to support a large scale move to Mac platform and when interoperation problems are experienced the perception is usually that Mac is failing. This is hardly justified as a first reaction to any inter-operability problem, especially given Windows sterling track record at actively blocking inter-operation, which it seems they are ignorant of. I guess that's not included in the Windows manual. Windows "documentation" is never delivered without additional embedded "sales" information.

tbmay
tbmay

Malware isn't the only thing that can cause you problems. This amuses me a bit because I used to work with some Mac enthusiasts who would consistent tell me how unreasonable the Tech Dept was for not supporting their personal Macs. Two of us supported roughly 2000 machines at one time. This is not do-able without standardization.

JJFitz
JJFitz

Because the owners told me that they didn't need any protection. Therefore they did not make any attempt to secure them. The fact that two of the computers subsequently got infected only proved my point. Oh and the third one? When he connected to our guest wireless network, we noticed a significant slow down on our switches and were able to determine that it was coming from his laptop. He was running the SETI application (search for extraterrestrial intelligence) in the background. He put it on his laptop and he had no idea how it worked. It's a huge bandwidth hog. Imagine if that got on our corporate network. Then imagine something worse originating from his laptop.

Vulpinemac
Vulpinemac

Does OS X not have a configurable firewall? Are there not commercial firewall apps available for OS X? No, I believe what you are afraid of here is that while the Macs themselves may have been protected (whether or not these headsheds know the truth) they might let some form of Windows malware slip through undetected. Oh, yes; I saw your denigrating comment about "Applespeak" and I think maybe you should bother to learn exactly what OS X can do for security and how OS X itself can work in your network. You may be Windows-centric yourself, but things really are changing and have been different for a long time. Too small a target? That excuse died 2 years ago. And exactly what were their laptops infected with? If the network itself they were using had been properly protected, said malware shouldn't even have reached their laptops.

JJFitz
JJFitz

My point remains the same and i have this from first hand experience. There is a common misconception that the Mac is immune to malware. And your kind of Applespeak doesn't help. I had three very senior staff members at work ask me to allow their Macs on our business network. i said no because they were unprotected. Each one told me that they don't need any protection because they are macs and macs don't get malware. Mind you, all three were Ph.D's or M.D.'s who should have been a little more skeptical. A month later, two of them asked me if I knew how to get malware off a Mac because their laptops were infected.

Vulpinemac
Vulpinemac

... compared to 'rabbit' viruses. Yes, I am aware of Flashback and the previous trojan, but that is only two very limited malware attacks compared to what Windows suffers and affected a far lower percentage of 'foxes' compared to those 'rabbit' attacks. I'll grant that we'll see more attacks against OS X in the future, but the simple fact that it took nearly 10 years to have even one marginally effective against OS X means that they have been safer (note I didn't say "safe") for longer than they have been elsewhere. With the simple addition of a router's built-in firewall that data remains safer for even longer as I never even saw any attacks on my own Macs despite them remaining online 24/7. Naturally, I do the same for my clients whether they use Windows or OS X and only the Windows users still have to have spyware and other problem software removed on any kind of a regular basis.

JJFitz
JJFitz

That does not mean that foxes are immune to viruses. "hardware from that specific manufacturer IS immune to Windows-specific malware" is lawyer-speak. For some reason TechRepublic will not let me link a ZDNet article to this post so you will have to search for it yourself. Search for ZDnet flashback and gaps in security while you sip on the Kool-Aid. April 29, 2012

JJFitz
JJFitz

[i]"My point is that you don't need to partition a drive if it's a device purchased specifically for the work environment--simply image it and run just as you do Windows." [/i] I don't know of any employee who would buy a computer [i]specifically[/i] for work, let alone allow the IT department to image it. That would be ideal but I think that's as likely as seeing a real leprechaun on a unicorn flying over my house. What I see for BYOD are users coming in with Macbooks and Android and iPad tablets expecting me to somehow join it to the corporate domain so they can access network resources and bring the device back and forth from home to work. - as soon as I spot that unicorn... If I allowed it and the user intentionally or accidentally transported personal or IP data on it and got caught, he would be fired and I would be right behind him. No thank you.

Vulpinemac
Vulpinemac

If you've paid attention to the last couple of years specifically, OS X at least is extremely easy to support on a corporate network with the same kind of group control software you've used for Windows all these years. In fact, based on many reports and reviews I've read over the years, OS X has fewer problems in an enterprise network than Windows. In other words, BYOD should not be an issue any more as long as IT has the right software available. Yes, I will grant that certain devices are weak in this area, but Apple at least has made monitoring and even wiping easy through multiple methods including a complete system wipe if unauthorized personnel attempt to access data--for instance on a stolen laptop. My point is that you don't need to partition a drive if it'a a device purchased specifically for the work environment--simply image it and run just as you do Windows. I've had people attempt to partition a Mac before for their 'security'--an ISP I worked at, in fact, and they so screwed the job because they didn't know what they were doing that the machine, though brand new, was nearly unusable. The so tried to do it the Windows way that they totally overlooked that easier, even more effective means were available. I, as the only Mac user in the office (though we had hundreds of Mac clients) had to fix their mistakes to restore functionality and point out what they should have done. Interestingly, I had the full support of the Systems Administrator who realized I knew a lot more about Macs than she or her staff did. In one case, she flat crashed the Mac (damaged the boot sector) to the point it couldn't boot. When I came in to discover the problem, merely holding a single key during bootup let me access an emergency boot sector which repaired the damage and got me right back to functionality in less than 30 minutes. This was almost 15 years ago even before OS X. IT needs to not only be aware of other OSes, but learn how to incorporate them. OS X is nothing more or less than UNIX with a GUI; Linux is a spin-off from UNIX that has its own advantages. The "higher costs" that have become associated with using them is more due to a lack of education and understanding than through any inherent perceived incompatibilities.

anil_g
anil_g

I think this approach negates most of the value. While corporations will no doubt factor in the savings in hardware costs much of the value of BYOD is that the user brings a device that is integrated operationally with work at home or with other clients. It makes it easier for users to manage time savings while checking work and personal email at home for instance. I don't think the idea is that the employee / contractor just covers the cost of hardware for the corporation which then just treats it as their own. I'm picking up that the main resistance to BYOD is that its "too hard". Some networks are either not capable or just don't want to. Nice for them that they have the choice. Maybe one day they won't. On the other hand, the support implications need to be considered. Support time is always the biggest drain on time and cost. I think along with BYOD there has to be a greater level of self support implicit in the plan, and I think that is the idea behind it. That's why it's happening now. The new generation of office workers are generally a lot more self supporting, and hopefully less prone to obvious phishing etc, which may be a critical component to making BYOD work.

tbmay
tbmay

"...they just don't care. The majority probably fall in the latter category." The reality is employees, on the whole, don't care about the confidentiality of their employers data. I will say I wouldn't sweat the malware risks of non-windows devices. They really are a rare thing. But I most definitely would sweat confidential data leaking out into the world. Heck, some employers will fire you for bringing a smart-phone that isn't connected to their network for fear of your using the camera. I don't have any opinion on whether or not that's overkill, other than to say a business has a right to protect it's data. What they do over their 3g connection, as long as it doesn't involve confidential employer data, is no business of the IT Department. There are benefits to BYOD. And as everything becomes more and more browser based, they become more pronounced. Even with that though, the concerns regarding web cache and such are there. Data leakage is the big concern here. If management decides they don't care about that, then they are the ones responsible when it happens. Think they'll accept that?

JJFitz
JJFitz

I feel the same way you do. You don't want me to affect your device and I don't want users to affect my network. Users want the IT Department to support and accept the risk of allowing unsecured devices running on various OS'es access to corporate data. I am not sure of their reasoning. Either they don't understand the risk or they don't understand the cost of supporting multiple OS'es or they have been fed bologna about how secure their OS is or they just don't care. The majority probably fall in the latter category. Don't get me wrong. I'm not unreasonable about the corporate network that has been entrusted to me. I am cautious. Users can access certain data from outside of the corporate network on their own device provided their computer meets certain criteria required by the VPN application. They must be running a Windows OS of a certain service pack level and they must have one of over 70 supported Anti-Virus applications running with an up to date anti-virus library file.

Vulpinemac
Vulpinemac

... and skew my workload in such a manner. Sure, I'd let you put anything you want into the Bootcamp partition, but there are far better ways to monitor UNIX than by breaking up its boot drive. If I'm using my Mac as an enterprise desktop device, such invasive measures are exactly that, invasive overkill.

JJFitz
JJFitz

but if you google "BYOD", you will see that the most common definition is Bring Your Own Device. Bring? Buy? It doesn't matter. I would only allow a personal device on the network if I could partition their hard drive and control the partition. The owner would not have administrative level rights to the partition and I would block all other partitions from connecting to the corporate network.. I would provide no hardware support.

Vulpinemac
Vulpinemac

BYOD can also mean "Buy Your Own Device". By this I mean that some corporations are allowing their employees to 'bring in' their own desktop computer, as evidenced by the fact that Macs themselves are tying into the corporate network--not as quickly as mobile devices, but they're still there.

tbmay
tbmay

More are secured than not in 2012. But that's not the point. The point is the public is absolutely apathetic about security....believing data leakage is something that only happens to other people. They believe they are obscure enough they don't have to worry about it. For many employers, that attitude with their data is not acceptable.

anil_g
anil_g

I think we need to recognise that there is a ridiculous edge to BYOD that needs to be eliminated. I find it hard to believe that unsecured wifi is a common occurence. I've never found one in domestic areas for the last 5 years and only heard of one 7 years ago from a colleague. Wifi is secured by WPA auto set up out of the box these days. Even if I'm wrong about this it's obvious that these sort of ridiculous edge case scenarios need to be eliminated. BYOD does NOT mean any employee can start sharing commercial information on unsecured networks that they provide for themselves. Every BYOD location is going to have a policy whitelisting allowed parameters for hardware, firmware, software and connections.

tbmay
tbmay

...that I wouldn't lose sleep over what my neighbors did. Businesses paying for your services think if they hire you to set up any system, your system should "protect" them to perpetuity. The overall misunderstanding I found on these matters was mind boggling. I want the best system.....but I don't want to pay for it. I want everything safe and secure.....but I don't want to change any of my habits. Most of the time they wanted either magic, or just someone to blame. The customer I discussed had a guy who fancied himself an IT Tech, but it wasn't his primary role. The other employees, and the boss, did too. He really though he was doing big things by sharing a folder on a workstation. And plugging that WAP into the network was awesome. Now they could be anywhere on the premises and get to their files. Law enforcement officers told me they would ocassionally pull into that parking lot to use the web, so I'd say the "chance" somebody up to no good would do this were pretty high. I won't even get into the many instances in other businesses of passwords taped to monitors in high traffic areas. Malware laden machines...etc...etc. All businesses, sometimes the boss himself or herself being the biggest perpetrator. They all told me they wanted me to make them secure. They all protested when I told them until some habits changed, I couldn't. They wanted magic. I say all that to say I know the personalities of people who are beating the BYOD drums. Management can do what they want. But if management gets into some trendy notion of BYOD because it's the cool thing....they're demonstrating they aren't too serious about security.

Vulpinemac
Vulpinemac

... telling you there are 13 wireless routers in the neighborhood where I live and that only three of those are open--the rest locked down mostly on my own recommendation. I won't deny there are those who get defensive when you tell them such things, but others genuinely don't know and aren't told by their provider if it is installed by, say, the cable company. Point it out to them, demonstrate it to them, and most people are surprised, shocked and happy that you've brought this issue to their attention and will usually ask you to fix it and even offer to pay you for it (of course, many won't, either). Yes, I do know that many, if not most people are ignorant of the security issues inherent in internet use; it's up to the consultants and the professionals to make these people aware and do what they can to limit the risks. Thieves, whether they be data thieves or 'simple' robbers, go for the easiest target they can find. If they can't break into a network with a couple of quick and easy attacks, they move on to a different network, looking for easy prey. On the other hand, governmental and corporate-grade networks are usually under attack by far more 'professional' hackers who aim for big prey like massive numbers of credit card accounts or military secrets like weapons and tactics. Obviously the most visible attacks are financially oriented but I don't doubt in the least that government secrets are very desirable data to other governments. Also obviously, the security needs of such systems are far higher than the average consumer's. What I'm saying here is that you have to balance every aspect of that user's usage and security needs. Again I know the public is ignorant, but the public doesn't always need to hide behind massive firewalls and black-ice defensive software; sometimes a simple hardwired firewall in their network router is more than enough to protect them--as long as that firewall is turned on and their devices use that router and not some other, unsecured one.

JJFitz
JJFitz

I am willing to be that the President has security on it - security at the level that most users would refuse to allow on their devices. When security bumps up with convenience, convenience almost always wins.

tbmay
tbmay

And too many IT Departments are run by control freaks and power lovers. I am definitely sympathetic to that reality. But more often than not...and I'm speaking of 15 years of experience with the reality....people who don't understand the slightest thing about IT and IT security are the ones pushing for every new gadget. I simply have experienced more businesses that were averse to anything that wasn't convenient. Example...and this is a true story: When I first started my business, I went to a first time client, fired up my laptop in the car to find an open WAP. Browse for shares...yep....see if I can get in...yep...what's on one of those shares....financial data. I bring this to their attention...their response...."What's the chances somebody will be able to do that?" And they were NOT happy I made the absurdly simple discovery. When I started making recommendations, protests were too numerous to count, and some of them were angrily done with implications that I was just making work for myself. This is just one example. I have many. After several years of encountering similar scenarios, I dropped the idea of bringing business class IT to small businesses. It's a mugs game, but not because of the technical work. It's because of the public's attitude about technical matters. EDIT: I agree BYOD will probably pick up traction. But I wouldn't want to be giving out WIFI keys to some of the users I've dealt with over the years. I wouldn't want a job where I had to provide support for whatever somebody decided to bring to work. I would think common sense would dictate management would have a position that made the user responsible for his or her own device. I would hope they would understand why someone like me wouldn't want a personal device attaching to a corporate network that has confidential data. If not, I don't want to be responsible for that network, and only a crazy person would.

Editor's Picks