Bring Your Own Device

BYOD's impact on the data center

Scott Lowe doesn't see the trend of users bringing their own devices to work changing any time soon. Here are some things you need to anticipate as you make adjustments in the data center.

Much has been written about the significant impact that Bring Your Own Device (BYOD) initiatives have or will have on IT departments. CIOs and the help desk need to embrace this reality. On the CIO side, some control needs to be returned to the users as they bring devices into the organization. Obviously, the CIO needs to create and enforce guidelines to such usage, but BYOD is coming whether you want it or not.

In concert with whatever guidelines are put into place, the IT help desk needs to be prepared to support devices differently than in the past. The time may have already come when the company no longer controls the entire hardware and software stack. Instead, the organization needs to adjust to new methods of delivery and may, for some users, retain control of the entire stack and for others, control just a portion.

It's not just the policy-writing CIO and the support-minded help desk that's impacted, either. All of this means big changes in the data center, too. When organizations controlled the entire stack, the data center's role was generally limited to that of a primary file repository so that people wouldn't save files on an unprotected desktop computer; instead, user documents would be stored on a file server in the data center. Further, company-controlled machines may have been considered "trusted" entities by some organizations. This trust relationship may have led to somewhat lax physical and logical separation between the desktop environment and the servers.

All that has to change. Here are some of the ways that the data center will be affected by BYOD:

  • In addition to being a user document repository, the data center may take on new responsibilities, such as provisioning VDI-based desktops.
  • Servers to support application virtualization, VDI and other "hardware stack replacement" technologies may wind and wend their way into the data center.
  • A new and changed focus on security will need to be addressed. Now, the company will actively use what can be considered "hostile" devices from a network security point of view. If there weren't clear security mechanisms in place before, BYOD will force the issue. Think of it like this: You wouldn't put your servers on the Internet without a firewall protecting them. With BYOD, you need to do the same thing for your internal servers, if you're not doing it already. Expose only the services that are necessary for users to be able to perform their duties.
  • Common remote access needs will become absolute requirements even on different platforms. Think about such options as the VMware View or Citrix Receiver clients servers here.

In many ways, BYOD can be good for the organization and good for the IT department. The organization can experiment with new technologies more easily and, if done right, the whole initiative can save IT time and allow them to refocus efforts elsewhere. BYOD will necessarily shift the support burden from having to address the whole hardware/software gap to an application-driven focus.

Like it or not, the trend for BYOD is very strong, so start planning your support and process standards now.

Has your organization been affected by an influx of different devices? Tell us how you've adjusted to the change.

About

Since 1994, Scott Lowe has been providing technology solutions to a variety of organizations. After spending 10 years in multiple CIO roles, Scott is now an independent consultant, blogger, author, owner of The 1610 Group, and a Senior IT Executive w...

12 comments
AG4IT
AG4IT

It's possible to address your concerns by implementing BYOD in a ways that separates the Enterprise apps and data from the personal devices. This can be achieved with a solution like Ericom's AccessNow, a pure HTML5 RDP client that enables remote users to securely connect from various devices (including iPads, iPhones, Android devices and Chromebooks) to any RDP host, including Terminal Server (RDS Session Host), physical desktops or VDI virtual desktops ??? and run their applications and desktops in a browser. This keeps the organization's applications and data separate from the employee's personal device. AccessNow works natively with Chrome, Safari, Internet Explorer (with Chrome Frame plug-in), Firefox and any other browser with HTML5 and WebSockets support. As an extra benefit, Ericom AccessNow also provides an optional Secure Gateway component. This Gateway enables external clients to securely connect to internal resources using AccessNow without requiring a VPN. For more info, and to download a demo, visit: http://www.ericom.com/html5_rdp_client.asp?URL_ID=708

relwolf
relwolf

If it's BYOD, then give them a virtual desktop on their machine or remote desktop/citrix and transfer the cost of maintaining user machines to increasing the blades on the backend.

ScarF
ScarF

with BYOD is transforming the IT department in a kind of Best Buy's Geek Squad. The IT department's resources are very tight maintained for a limited number of hardware and software applications. Introducing BYOD in an organization allows an unlimited number of devices and software to need support from the IT department. This will either stretch too much the resources, or will bee needed supplemental resources for supporting the extra effort. Unless, everything will be standardized. And, by standardization, I envision it at the producers' level. Which - as proved by so many years of producing IT technology by various companies - is rather in the fiction domain, isn't it? Each producer will continue to tend using proprietary technologies which - in return - will give the producer a more or less real advantage to the others. The lack of industrial standardization in case of BYOD will create a generalized chaos in the companies' IT infrastructure and a huge increase of the IT expenses - malware, attacks, intellectual property looses, support knowledge for any possible device a.s.o. - which will nullify the savings from not owning the devices. If, on the other hand, the employees are required to bring only certain types of devices while limiting their use of the devices by limiting the software they can install on them, the websites they can browse, the information they may copy on the devices etc., will be nothing but a breach of BYOD as total freedom for the employee, so that ridiculous as concept. It may be - in extremis - as my boss will tell me: "Dude, you are netadmin so, why don't you bring in your own devices (switches, routers, WAPs, antennas, thingumabobs, whatchamacallits etc.) so that you will be more comfortable in using them, eh? Finally, I would recommend not to stop here - at BYOD. Why not BYOF (furniture), BYOS (stationary), BYOEPW (electric power and water) and BYOTP (toilet paper; each of us has different preferences for this, right?).

vduber
vduber

While all the above concerns are very valid, I think we should look at this phrase... "Expose only the services that are necessary for users to be able to perform their duties." This line is so blurred these days that you stand the risk of exposing your enterprize or to the other extreme angering your work force by messing with their sacred Facebook. Reducing the number of vectors to attack always makes things easier. Blending the growth (number of attack vectors) with actual business related gains can be close to impossible.

Adrian_curiosu
Adrian_curiosu

I wonder how the companies embracing BYOD are going to protect their intellectual property? Is it possible to enforce the same security standards on an user owned device as on a company owned device? I doubt that. When the agent from Marketing leaves the company, what's happening with the proprietary information stored on his device? What's happening in case of theft? If the guy comes with a new laptop and loads his data again, you will never know that he lost confidential data stored on his device. Just hope that he's going to confess...

blarman
blarman

I think people are overestimating the value trade-off here. Owning the hardware and software stack provides a lot of value to the company as a whole: amortization and write-downs on equipment and software costs, controlled software versioning, client PC's with similar images reducing support costs, controlled networking and security policies reducing exposure to malware, secured access to resources, the list goes on and on. What do you get from BYOD? The biggest value detractor comes in having to personally configure each and every device you want to add to your network. That seems like an awfully big waste of time/resources for a stretched IT staff to support, and for what? Please chime in, because I'm looking at the trade-off and I'm not seeing any value here.

tom.marsh
tom.marsh

I think any responsible network admin faced with this challenge would have to start thinking about delivering services to these devices on separate, very carefully planned networks, since any network accessible enough for ad hoc devices would need to monitored very closely for abuse, malware infection, and various other things too... You might even have to go to the point where you establish a NAC policy for this network and allow the NAC system to ban devices based on their behavior. If it's just putting out normal amounts of traffic, checking email, surfing the web, no problem. If it's systemically scanning devices in the data-center, that's a problem, and I'd rather that device be automagically banned than find out later a drive-by attacker with an iPad sat in the parking-lot and reconned my network.

bryanhines09
bryanhines09

This solves most of the issues with BYOD. A virtual desktop can be monitored, updated, and locked down very easily. You can even determine what OS version/image you want all the employees using which will make the help desk team's job much easier. I'm interested to hear if anyone thinks I'm missing something here but it appears to be a solid solution to me.

tom.marsh
tom.marsh

This implementation is still vulnerable to key-logging and screen scraping if the user's device is compromised. Certainly, it's better than the alternative, but these implementations cost money, and some (less intelligent) IT "leaders" will try to use "BYOD" as a "cost-savings" mechanism, so the desktop budget actually vanishes (into his and his bosses' bonuses) when users are allowed/required to provide their own gear. If you decide to go down this route, make sure the limitations (and the fact that it isn't a panacea) are thoroughly documented, in writing, with your superiors, their superiors, and their superiors above them.

ozchorlton
ozchorlton

This could be a problem - over the last 30 years, I have worked with two people, who were so 'tight', that they used the work toilet, (and paper), to save on the cost of buying it, for home!

tom.marsh
tom.marsh

Largely on whom your employer is what's going to happen. Larger, savvier organizations might try to get BYOD users to sign documents saying the user is personally liable for company data on their device, and assumes full financial responsibility for compromises of their personal device. Whether or not a judge would ever enforce such a one-sided "Take-it-or-lose-your-job!" contract is another story, but it's certainly one way to put a "somebody else is the bad guy" roadblock in front of BYOD. Honestly, I can't say as I blame them: It's utterly ridiculous that people feel they "need" to have their personal electronic toys on the network at work. You're there to do WORK, not visit Facebook. If you can't live without Facebook until lunchtime, a document saying you're personally liable to the potential tune of a couple billion dollars should be the sort of sobering dose of reality that causes you to reconsider that point of view. Maybe you could wait until lunch and access Facebook from your phone off-campus, instead of mating your phone to wifi for faster Facebook access.

tom.marsh
tom.marsh

Is that employees are basically "on their own" when it comes to supporting their own devices. And this might be reasonable where "BYOD" is "optional." However, any number of pundits have suggested that eventually BYOD with zero support from IT may become the norm. THAT is truly insidious, because then basically what that means is your employer has offloaded 100% of the cost of supporting their users onto you.