https://www.excelacom.com/resources/blog/no-thanks-ive-got-my-own-preparing-the-workplace-for-byox/

Mar 05, 2015

No Thanks, I've Got My Own: Preparing the Workplace for BYOx

By David Krhut

"Bring Your Own Everything"

A few years ago, no one would have thought that both the employee and employer would agree on the usage of personally owned IT equipment for work. But as the classic crows, "times are changing and stones (devices) are rolling…."

The spearheads of this movement are "Bring Your Own Device," or BYOD, and the newly coined term "Bring Your Own Cloud," or BYOC. Both of these BYOs are practically reality, depending only on the IT/Security departments' decision to either take initiative to control this phenomenon in a supervised fashion or to try to stay completely out of it.

While the procurement team is happily high-fiving everybody for the lower amount of hardware and software that needs to be ordered and paid for, the IT and security teams’ faces are hidden in a cloud of worry and despair – the possibility of accidentally or even willingly exposing company secrets through these “unmanaged” devices is always very high.

ReducedOperatingExpenses

Bring Your Own Device

BYOD is probably the more "classic," more known and the easiest to handle of the two. Given the cheap prices of consumer electronics, their monthly updated selections and the limited budgets of most of the companies, it was only a matter of time before employees started using their own desktop PCs, laptops, mobile phones, tablets and other gadgets for work.

Companies are of course still issuing IT equipment to their employees, but this hardware is usually just enough for the job and might not be up to the standards, expectations or liking of some employees. Hence, if employees are issued a basic mobile phone only suitable for handling calls and emails, they will usually drift towards the use of their own IT gadgets whether it be for the better specs, a more fashionable "Hello Kitty" cover, or both. These personal devices are usually able to handle much more, are faster and don't create embarrassment for employees during business meetings (ok, I'm not sure about that "Hello Kitty" cover in this case).

But while the procurement team is happily high-fiving everybody for the lower amount of hardware and software that needs to be ordered and paid for, the IT and security teams' faces are hidden in a cloud of worry and despair – the possibility of accidentally or even willingly exposing company secrets through these "unmanaged" devices is always very high.

Fortunately, the handling of BYOD IT management and security is relatively easy thanks to the commercial solutions and the nature of these IT assets; this is also the area where the Cloud infrastructure came partially to the rescue.

The IT managers and their teams should have a lot of available options to handle the eventually lost or stolen personal equipment on which sensitive company information might be stored. Examples include: profile separation, remote control/wipe/tracking/monitoring, encryption and putting everything in Cloud.

The same goes for managing the BYOD devices in the company network. There are readily available commercial IT solutions and guidelines to competently manage external devices in internal network; it only depends on the IT department of given companies to determine how much room and leeway they give these alien devices in their IT kingdoms.

BRING YOUR OWN CLOUD

Cloudicons-01

The situation is not so optimistic in the case of the BYOC when the employees (no matter whether internal or also external "hired guns") use their own personal Clouds for work.

This probably sounds very familiar. Your task expects you to collaborate with a team of fellow co-workers (both on- and off-site), and during the course of this teamwork you also need to store, edit and share a significant amount of various documents of various sizes and formats.

Unfortunately, your organization offers you only the usual, outdated methods to collaborate on these documents, such as via email, FTP, shared network directories or the worst case, a USB stick.

These early collaboration technologies were great a few years ago, but they are no match to Dropbox or Google Docs/Drive functionalities that offer instant synch, active collaboration of multiple users on a single document and automatic versioning. These are only a few functionalities that a simple USB stick is not able to fulfill.

But the named services have one crucial drawback that instantly disqualifies them from work with internal and sensitive information. These Clouds are operated by third parties with data centers in completely different countries and jurisdictions, so there might be very high chance that your company's secrets are no longer so secret anymore (despite strong assurances regarding confidentiality, security and encryption).

Top Three Options for BYOx Implementation

There are three possible ways to handle this situation:

  • Pretend that there isn't any problem with BYOC. Users will be able to freely use any publicly available collaboration service for their work duties without any restrictions. This option is probably already happening now as most companies still haven't incorporated the Cloud opportunities/threats into their IT strategies. If this option is "chosen" (i.e., passively accepted), the IT department and directors must be aware that this "head-in-the-sand" decision comes with very high risk. Some employees could leak something very sensitive, and then put the company at risk.
  • Completely block these public collaboration services and leave employees with outdated means of collaboration. This solution is probably better (and faster!) in general for the overall security of the organization, but the efficiency of your employees will significantly suffer. In addition, employees may still try to use any "not-yet-banned" third party collaboration services.
  • Simultaneously embrace the private Cloud, and ban the access to external public Clouds. This option is the most complex from the IT point of view, but it should bring the most benefit to both the organization and its employees. To elaborate, the external Cloud/collaboration providers shall be blocked. There is no question about it if a company wants to keep its priceless information secure. However, this prohibitive measure must be compensated by implementation of a private Cloud/collaboration solution. It does not have to be as great or flashy as the leading third party public Cloud solutions, but it should be good enough to use so employees are not tempted towards those shiny, but unsecure, public Clouds.

Luckily, for every threat there is always an available countermeasure that can be deployed, and it only depends on company policies to decide how strict these arrangements will be.

It's hard to imagine next evolution of the BYO. Employees are already allowed to work from home ("Use Your Own Office"), and use their own machines (BYOD) through company deployed private Clouds (BYOC-not).

BYO capabilities and related technology have somehow propelled themselves to the attention of the IT specialists. This new addition to IT support can be painful to IT teams that are still reacting in ad-hoc mode to cover the exposed gaps in the old IT structures and approaches.

Luckily, for every threat there is always an available countermeasure that can be deployed, and it only depends on company policies to decide how strict these arrangements will be. With a solid BYOx policy in place, BYOD and BYOC can be a win-win for both the enterprise and the employee.

For information on how Excelacom can help Communications and Media Providers address – and conquer – these BYOx challenges and unleash their opportunities, email us at marketing@excelacom.com.

 
comments powered by Disqus

Innovation meets performance.