Discussion on:
View:
Show:
I think any responsible network admin faced with this challenge would have to start thinking about delivering services to these devices on separate, very carefully planned networks, since any network accessible enough for ad hoc devices would need to monitored very closely for abuse, malware infection, and various other things too... You might even have to go to the point where you establish a NAC policy for this network and allow the NAC system to ban devices based on their behavior. If it's just putting out normal amounts of traffic, checking email, surfing the web, no problem. If it's systemically scanning devices in the data-center, that's a problem, and I'd rather that device be automagically banned than find out later a drive-by attacker with an iPad sat in the parking-lot and reconned my network.
I think people are overestimating the value trade-off here. Owning the hardware and software stack provides a lot of value to the company as a whole: amortization and write-downs on equipment and software costs, controlled software versioning, client PC's with similar images reducing support costs, controlled networking and security policies reducing exposure to malware, secured access to resources, the list goes on and on.
What do you get from BYOD? The biggest value detractor comes in having to personally configure each and every device you want to add to your network. That seems like an awfully big waste of time/resources for a stretched IT staff to support, and for what? Please chime in, because I'm looking at the trade-off and I'm not seeing any value here.
What do you get from BYOD? The biggest value detractor comes in having to personally configure each and every device you want to add to your network. That seems like an awfully big waste of time/resources for a stretched IT staff to support, and for what? Please chime in, because I'm looking at the trade-off and I'm not seeing any value here.
Is that employees are basically "on their own" when it comes to supporting their own devices. And this might be reasonable where "BYOD" is "optional."
However, any number of pundits have suggested that eventually BYOD with zero support from IT may become the norm. THAT is truly insidious, because then basically what that means is your employer has offloaded 100% of the cost of supporting their users onto you.
However, any number of pundits have suggested that eventually BYOD with zero support from IT may become the norm. THAT is truly insidious, because then basically what that means is your employer has offloaded 100% of the cost of supporting their users onto you.
I wonder how the companies embracing BYOD are going to protect their intellectual property? Is it possible to enforce the same security standards on an user owned device as on a company owned device? I doubt that. When the agent from Marketing leaves the company, what's happening with the proprietary information stored on his device? What's happening in case of theft? If the guy comes with a new laptop and loads his data again, you will never know that he lost confidential data stored on his device. Just hope that he's going to confess...
Largely on whom your employer is what's going to happen. Larger, savvier organizations might try to get BYOD users to sign documents saying the user is personally liable for company data on their device, and assumes full financial responsibility for compromises of their personal device. Whether or not a judge would ever enforce such a one-sided "Take-it-or-lose-your-job!" contract is another story, but it's certainly one way to put a "somebody else is the bad guy" roadblock in front of BYOD.
Honestly, I can't say as I blame them: It's utterly ridiculous that people feel they "need" to have their personal electronic toys on the network at work. You're there to do WORK, not visit Facebook. If you can't live without Facebook until lunchtime, a document saying you're personally liable to the potential tune of a couple billion dollars should be the sort of sobering dose of reality that causes you to reconsider that point of view. Maybe you could wait until lunch and access Facebook from your phone off-campus, instead of mating your phone to wifi for faster Facebook access.
Honestly, I can't say as I blame them: It's utterly ridiculous that people feel they "need" to have their personal electronic toys on the network at work. You're there to do WORK, not visit Facebook. If you can't live without Facebook until lunchtime, a document saying you're personally liable to the potential tune of a couple billion dollars should be the sort of sobering dose of reality that causes you to reconsider that point of view. Maybe you could wait until lunch and access Facebook from your phone off-campus, instead of mating your phone to wifi for faster Facebook access.
While all the above concerns are very valid, I think we should look at this phrase... "Expose only the services that are necessary for users to be able to perform their duties." This line is so blurred these days that you stand the risk of exposing your enterprize or to the other extreme angering your work force by messing with their sacred Facebook. Reducing the number of vectors to attack always makes things easier. Blending the growth (number of attack vectors) with actual business related gains can be close to impossible.
with BYOD is transforming the IT department in a kind of Best Buy's Geek Squad.
The IT department's resources are very tight maintained for a limited number of hardware and software applications. Introducing BYOD in an organization allows an unlimited number of devices and software to need support from the IT department. This will either stretch too much the resources, or will bee needed supplemental resources for supporting the extra effort.
Unless, everything will be standardized. And, by standardization, I envision it at the producers' level. Which - as proved by so many years of producing IT technology by various companies - is rather in the fiction domain, isn't it? Each producer will continue to tend using proprietary technologies which - in return - will give the producer a more or less real advantage to the others.
The lack of industrial standardization in case of BYOD will create a generalized chaos in the companies' IT infrastructure and a huge increase of the IT expenses - malware, attacks, intellectual property looses, support knowledge for any possible device a.s.o. - which will nullify the savings from not owning the devices.
If, on the other hand, the employees are required to bring only certain types of devices while limiting their use of the devices by limiting the software they can install on them, the websites they can browse, the information they may copy on the devices etc., will be nothing but a breach of BYOD as total freedom for the employee, so that ridiculous as concept. It may be - in extremis - as my boss will tell me: "Dude, you are netadmin so, why don't you bring in your own devices (switches, routers, WAPs, antennas, thingumabobs, whatchamacallits etc.) so that you will be more comfortable in using them, eh?
Finally, I would recommend not to stop here - at BYOD. Why not BYOF (furniture), BYOS (stationary), BYOEPW (electric power and water) and BYOTP (toilet paper; each of us has different preferences for this, right?).
The IT department's resources are very tight maintained for a limited number of hardware and software applications. Introducing BYOD in an organization allows an unlimited number of devices and software to need support from the IT department. This will either stretch too much the resources, or will bee needed supplemental resources for supporting the extra effort.
Unless, everything will be standardized. And, by standardization, I envision it at the producers' level. Which - as proved by so many years of producing IT technology by various companies - is rather in the fiction domain, isn't it? Each producer will continue to tend using proprietary technologies which - in return - will give the producer a more or less real advantage to the others.
The lack of industrial standardization in case of BYOD will create a generalized chaos in the companies' IT infrastructure and a huge increase of the IT expenses - malware, attacks, intellectual property looses, support knowledge for any possible device a.s.o. - which will nullify the savings from not owning the devices.
If, on the other hand, the employees are required to bring only certain types of devices while limiting their use of the devices by limiting the software they can install on them, the websites they can browse, the information they may copy on the devices etc., will be nothing but a breach of BYOD as total freedom for the employee, so that ridiculous as concept. It may be - in extremis - as my boss will tell me: "Dude, you are netadmin so, why don't you bring in your own devices (switches, routers, WAPs, antennas, thingumabobs, whatchamacallits etc.) so that you will be more comfortable in using them, eh?
Finally, I would recommend not to stop here - at BYOD. Why not BYOF (furniture), BYOS (stationary), BYOEPW (electric power and water) and BYOTP (toilet paper; each of us has different preferences for this, right?).
This could be a problem - over the last 30 years, I have worked with two people, who were so 'tight', that they used the work toilet, (and paper), to save on the cost of buying it, for home!
If it's BYOD, then give them a virtual desktop on their machine or remote desktop/citrix and transfer the cost of maintaining user machines to increasing the blades on the backend.
This implementation is still vulnerable to key-logging and screen scraping if the user's device is compromised. Certainly, it's better than the alternative, but these implementations cost money, and some (less intelligent) IT "leaders" will try to use "BYOD" as a "cost-savings" mechanism, so the desktop budget actually vanishes (into his and his bosses' bonuses) when users are allowed/required to provide their own gear.
If you decide to go down this route, make sure the limitations (and the fact that it isn't a panacea) are thoroughly documented, in writing, with your superiors, their superiors, and their superiors above them.
If you decide to go down this route, make sure the limitations (and the fact that it isn't a panacea) are thoroughly documented, in writing, with your superiors, their superiors, and their superiors above them.
This solves most of the issues with BYOD. A virtual desktop can be monitored, updated, and locked down very easily. You can even determine what OS version/image you want all the employees using which will make the help desk team's job much easier.
I'm interested to hear if anyone thinks I'm missing something here but it appears to be a solid solution to me.
I'm interested to hear if anyone thinks I'm missing something here but it appears to be a solid solution to me.
It's possible to address your concerns by implementing BYOD in a ways that separates the Enterprise apps and data from the personal devices. This can be achieved with a solution like Ericom's AccessNow, a pure HTML5 RDP client that enables remote users to securely connect from various devices (including iPads, iPhones, Android devices and Chromebooks) to any RDP host, including Terminal Server (RDS Session Host), physical desktops or VDI virtual desktops ??? and run their applications and desktops in a browser. This keeps the organization's applications and data separate from the employee's personal device.
AccessNow works natively with Chrome, Safari, Internet Explorer (with Chrome Frame plug-in), Firefox and any other browser with HTML5 and WebSockets support.
As an extra benefit, Ericom AccessNow also provides an optional Secure Gateway component. This Gateway enables external clients to securely connect to internal resources using AccessNow without requiring a VPN.
For more info, and to download a demo, visit:
http://www.ericom.com/html5_rdp_client.asp?URL_ID=708
AccessNow works natively with Chrome, Safari, Internet Explorer (with Chrome Frame plug-in), Firefox and any other browser with HTML5 and WebSockets support.
As an extra benefit, Ericom AccessNow also provides an optional Secure Gateway component. This Gateway enables external clients to securely connect to internal resources using AccessNow without requiring a VPN.
For more info, and to download a demo, visit:
http://www.ericom.com/html5_rdp_client.asp?URL_ID=708
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
