Bring your own network (BYON) is "the ability of end users to create or access alternative networks when the available options are not satisfactory for their purposes." This sounds great if you're an end user or a vendor selling mobile access, but it's not so great if you're in charge of corporate security.
From an enterprise perspective, BYON is seen as a derivative of the bring your own device (BYOD) movement. Since we're dealing with employee-created, unauthorized networks, however, data that travels via BYOD channels can't be monitored, which is a glaring data security risk that can introduce cyberthreats, such as malware, into a company's digital assets.
SysAid CEO Sarah Lahav considers BYON an even bigger threat to the enterprise than BYOD, and in a recent telephone interview with TechRepublic shared her views on how to address it. Headquarted in Tel Aviv, Israel, SysAid provides an IT service management (ITSM) solution that enables management of IT operations, including service desk, asset management, and mobile device solutions.
She recommends that enterprises embrace BYOD and engage their employees in order to proactively support an effective, evolving policy before they reach the "shadow IT" stage, which is when employees don't feel they need anything from the IT department, and create their own personal area networks. With no leverage, IT can't secure the data and gain insights into how staff members are using their mobile devices.
Along with a solid BYOD policy, Lahav recommends creating secure corporate Wi-Fi and offering a social platform where users can help each other, and IT can figure out what's going on.
TechRepublic: How would you define BYON and its current importance in enterprise IT?
Sarah Lahav: From an IT perspective, there are lots of challenges. BYOD is one of them. Shadow IT is another problem that a lot of people in IT talk about. BYON is just taking BYOD one step forward.
A lot of companies, whether they and their IT departments are admitting it or not, are already doing BYOD. BYON comes on top of BYOD. Why? Because everywhere their employees go there is Wi-Fi, and they expect it.
The only thing that connects corporate IT with BYOD is the fact that their end users need Wi-Fi in order to use BYOD in the workplace. If employees already have Wi-Fi, it takes the edge away from BYOD, because there is no need for engagement from the end user.
In order to implement a successful organizational BYOD policy, you need the engagement and participation of the end users. I think BYON is a big threat when the end user, as a customer of the IT department, doesn't need anything from IT, and there will be no engagement in regards to BYOD. If the end user doesn't really need anything, then there goes any chance to engage them and achieve security or any kind of understanding about what the user is doing with BYON.
TechRepublic: Is BYON different enough from BYOD to merit its own name? There is some skepticism evident in the press coverage of BYON. How would you address that?
Sarah Lahav: My perspective is that an organization should engage in a BYOD policy, because if they want to know what the security hazards that they are currently facing really are, they have to engage. In order to engage, both sides need to be involved: the end users and the organization. If you want to engage with your internal customers, you need some kind of point agreement situation.
BYON takes BYOD to a different level, from my perspective, because when the only thing that the customer needs from the IT department is Wi-Fi, there will be no engagement. What does he need IT for?
If the organization would like to have the end user engage with IT, in order to understand what he's doing in regards to BYOD, what apps he's accessing, and to have any kind of control over the information, then they need to engage before you reach BYON, before the customer feels he doesn't need anything from IT.
So BYON is a different perspective, because it's a service — it's what the actual end user, or customer, needs.
I think the organizations that are not going to engage now will have a lot of difficulties trying to add an MDM [mobile device management] solution, or control over the information that people are using on their own devices at that stage. Because they need to understand that the devices are there, the network is already free, and if you were working at that kind of organization, why would you need to engage with any kind of MDM solution if there is nothing you need?
TechRepublic: What are the main data security and business risks with BYON?
Sarah Lahav: I think it is the same as BYOD — the fact that a person can walk off with any information from the organization. Because of the networks they can do whatever they want. It is not regulated anymore, like email. If you engage with BYOD, then you know what's being stored on their devices. If you already have BYON, then you have no control over it.
TechRepublic: What are the main elements of an effective BYON/BYOD policy? What tech solutions best support them?
Sarah Lahav: There are three main ways you can do a BYOD policy.
There is no support, which means the IT department is not supporting or engaging in it.
Then there is social support, where you would implement some type of software or collaborative space where people can help one another. Everyone loves their phone, and sometimes the person next to you can provide support that IT doesn't have.
And there is a third way, where you can combine both of these: you could have IT support certain devices and apps, and also provide social support. So if you are currently dealing with BYON, I would recommend this approach.
When we consult with our customers in regards to this question, we say that even if you are not engaging, at least provide general information on the standards for BYON, so that employees don't have to figure things out for themselves and IT can have a general sense of what people are doing.
To my own customers, I would say implement a BYOD policy, and then you won't have problems with the networks and BYON, and your organization will have control.
But let's say the organization doesn't want to. Then I would say just provide the social platform so people can help one another. At least you will see some kind of discussion about network links, and also get a sense of what the organization is facing. But my recommendation would be to engage in BYOD so that BYON will not become a discussion.
A brighter note
Sarah shared with me one of SysAid's big achievements for 2014: winning the Vendor of the Year award from the Service Desk Institute IT Service Awards in the United Kingdom. With her own passion for serving the customer, it was deeply gratifying to the SysAid CEO: "Because I finally understood that we worked so hard to let our customers know that we are here for them, and they started to get the message, and understand that we mean it."
About the award, Lahav added that "our customers are really complementing us."
- 'Bring Your Own Network': More Security Risks Than BYOD? (ZDNet)
- BYOD policy: How to balance security with the user experience
- Is BYOD here to stay? Maybe it's just a phase you're going through
- 10 ways to reduce security headaches in a BYOD world
- Prevent BYOD from becoming Bring Your Own Disease
- BYOD (Bring Your Own Device) Policy (Tech Pro Research)
Note: TechRepublic, ZDNet, and Tech Pro Research are CBS Interactive properties.
Brian will do client work for AtTask.
Brian Taylor is a contributing writer for TechRepublic. He covers the tech trends, solutions, risks, and research that IT leaders need to know about, from startups to the enterprise. Technology is creating a new world, and he loves to report on it.