An increasing trend in the modern workplace is the advent of the Bring Your Own Device (BYOD) policy. This allows employees to bring personal devices (i.e. PCs, laptops, tablets, smart phones, etc.) and connect them to the company’s secure data sources. The benefits of this type of environment can be seen in several ways. First, because the user is familiar with the device and its capabilities, time spent in training can be better focused toward specialized software applications and job duties as opposed to time spent training an employee on the use of unfamiliar hardware. Secondly, there is a level of comfort that is attained by someone using something that they view as a personal possession rather than a work asset. This can lead to an increase in early productivity and more rapid integration into a working team. Additionally, there is a certain level of respect given to the device. A piece of technology is more likely to be treated with caution when the repair and replacement costs are being absorbed wholly by the employee. Finally, there is the lowering of cost to the employer. By allowing (or requiring) that employees use their own equipment, you can dramatically reduce the technology cost per employee to the company. Items such as smartphones and desktop computers that can cost hundreds of dollars are now eliminated from budget considerations.
Although there are many positives to the advent of the BYOD office, there are also a myriad of issues that can be created. By definition, there is a loss of standardization. While it would be nice if each employee were to come in with the same computer, it is virtually impossible to achieve. When dealing with a BYOD environment from an IT perspective, you may see users running on obsolete or experimental platforms with out of date or incomplete security patching and a myriad of antivirus and anti-malware solutions. The same comfort level that a BYOD user shows toward his computer can become a potential leak in your corporate network. While an employee might never think to download a bit torrent program onto a company-owned resource, that same employee might think nothing of deploying it on their own device. Another potential hazard is standardized or specialized productivity software. For items like Microsoft Office, how do you ensure that the version installed on the user’s personal device will be compatible with versions used by other employees? If your business uses custom or proprietary software, how do you handle the distribution and licensing of the software? In the event of an employee leaving the company, how do you reclaim the software? Finally, from the perspective of IT management, how do you enforce policy and procedure on a device not owned by the company? Microsoft best practices dictate to give the least amount of access required for the user to perform his assigned duties. Can you legally restrict access to a device that is not owned by the company? Can you forcibly remove software deemed inappropriate or obsolete from a device that was purchased by the employee?
Given the highs and lows of a BYOD environment, it is hard to say with any certainty whether or not whether it is a good or bad idea. Like anything else it should be reviewed extensively against your business model and practices before committing to a changeover and, as with anything else, it should be tried with smaller independent groups first before committing to a full migration.
If you don’t know the difference between BYOD and BYOB, then give Trigon a call and we can assist you with protecting your company data. We have the expertise and mobile device solutions that can assist you and your organization.
With all of the hullabaloo over the reported antennae issue with the iPhone 4, I thought that I would try and shift gears to a completely unrelated topic for discussion. However, at the prospect of the severity of the iPhone issue, I realize I may be barking up the wrong tree. I mean c’mon how can I even think that I would be able to capture your attention when Apple is throwing out terms like ‘ iPhone Death-Grip’ in reference to their product, even when the implication is bad, I don’t know if I stand a chance. Hmmmm – iPhone 4 up against IT Services hot topics - what the heck could I possibly blog about – let me just take a minute to compose my thoughts before I jot them down for the world to see.
I guess I should be happy that I have the opportunity to compose a document that is all mine to create, revise, pick apart and finally complete before I submit for all others to see. Alright , enough with the lame horse puckey and even worse a lame segue into my blog topic – what if I am not alone when I am writing my thoughts –what if I am being watched and don’t even know it?? Ah, the shoe drops.
I am talking about my PC activities being recorded by a Keylogger software application and monitored by someone else. This poses a moral and ethical dilemma on many levels. For the sake of this exercise, let’s entertain the notion of using a Technology Solution to address a Business Process issue. The argument can be made that unethical employee behavior and misuse of a company asset, i.e. your PC, would necessitate some other type of control to be implemented to help track employee activities, notate trends and substantiate the argument when corrective action is taken against said unethical employee. However, I challenge the argument for using Technology to address what is clearly not a technological short coming but rather a clear issue with employee behavior.
I cannot disagree to any extent that the technology solution shouldn’t be considered in a worst case scenario, but I can hold fast to the idea that trying to address the issue in a very indirect and ‘sneaky’ way is taking the path of least resistance. If the issue is an employee misusing company property or misrepresenting the time that they are being paid for, why would the choice be made to implement a technology solution to address the issue, rather than addressing the issue head on. A clearly documented Business Process presented to employees when they accept a position with your company, I feel, would serve the same purpose as trying to deal with a problem child on the back end through various sly and underhanded methods. If nothing else, addressing the problem head on would be less labor intensive and be less expensive. I haven’t even begun to delve in to the argument as to whether or not the Keylogger software implementation would need to be disclosed to the end user in order for it to be fully legit (ah ha a topic for my next blog!)
I suppose that for me to say that I recognize the value of a Technology Solution, such as a Keylogger Software application or Browser Monitoring Software application, would be speaking out of both sides of my mouth, but I am willing to roll the dice and take the chance. However, I do not think that technology should ever take the place of a well thought out, well implemented and well maintained Business Process. While there is a necessity for state of the art equipment and a sound IT foundation, your PC’s will not make or break your success in business, your employees on the other hand . . . .