Does BYOD keep IT admins awake at night? That will be the core topic of a set of questions I’ll answering on Twitter live Tuesday December 10th. In preparation for this I figured I’d share some of my thoughts in a post this week while getting my appetite ready for the Thanksgiving Holiday here in the US. If you aren’t in the US, Thanksgiving is the holiday where Americans overeat and then sit on the couch until they pass out watching other people exercise. It is clearly not a holiday celebrating intelligence or survival.
Anyway BYOD, or Bring Your Own Device, has provided IT with a number of advantages, including the wonderful late night calls from someone that has a new gadget that is likely infected with a virus already and now wants to put it on your secure network. There was a time when you could hang up; that time is now passed.
Now it is about limiting the collateral damage.
To Manage or Not To Manage, That Is the Question
I can certainly understand the argument that if you don’t manage a thing, that thing doesn’t become your problem. However, with more and more connected devices coming into the corporate environment and likely already causing some level of breach, it would seem that the time to play Sargent Shultz (a character in Hogan’s Heroes who refused to see or hear anything) has long since passed.
Now you do have to provide at least some management, if only to ensure a device isn’t either infecting your network or broadcasting out confidential conversations or images. We now fully understand that the NSA and other like agencies are aggressively capturing information. A breach, in hindsight, runs the risk of appearing negligent if it’s from a device you know is regularly used to spy on executives and employees.
In addition we have also learned that Angry Birds and other games that are used on company property to improve strategic thinking have a rather adverse impact on productivity if used excessively. And that employees who like to look at questionable images often find their phones a safer place in which to view them.
This is true even though there is a good chance that if someone else sees what they are enjoying you’ll have a hostile workplace lawsuit, further damaging your belief that people don’t misuse these devices.
In short, like it or not, IT is part of the solution to bad employee behavior. And often, for responsibilities like this, saying it is something you didn’t want to do or weren’t adequately funded for may not drown out the call for IT heads for not catching it before the behavior became a problem.
Or put another way, you sure don’t want your boss to wear the “I’m with stupid” t-sshirt next time he or she takes you to lunch for your performance review.
BYOD should come with limits, both because you can’t possibly be expected to support everything in the market and because some parts of the company really do need to be secure. I understand the desire to keep employees happy, particularly if they have titles and partially control your budget. But every freedom comes with limits and allowing hardware that you can’t be sure isn’t being used inappropriately simply represents too high a risk.
This suggests a company should maintain a certain list of allowed hardware that employees, including executives, can use on company property and get executive backing for penalties against those that don’t follow the rules. The list can be reasonably broad and still not include that phone someone picked up as a bargain in China or Eastern Europe. We are clearly at the early stages of what will likely be a painful learning process with regard to devices and companies. And you don’t want to create one of those early teachable moments. I mean, even if you always wanted to be a celebrity, this kind of fame tends to be a onetime thing.
Letting Mobile Admins Sleep
In the end, solutions shouldn’t be about what keeps Admins awake but more about what allows them to sleep peacefully. Unmanaged BYOD offerings are disasters waiting to happen and while there will undoubtedly be famous teachable moments, you don’t want them to be yourfamous teachable moments.
I know you don’t want to manage these things but I don’t see you have any alternative if you want to sleep better in world where everyone seems to by spying on, or giving malware too, everyone else. Or put another way, it may be Thanksgiving season, you need to ensure you aren’t the BYOD turkey.