For midsize businesses, there is a new way to spell risk: BYOD
- — 04 December, 2012 21:00
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.
Online and offline, in IT departments and across organizations, the bring your own device (BYOD) debate is raging.
Bring your own device, the business policy of allowing employees to use personal mobile devices for work purposes -- accessing privileged, private and proprietary company information and resources -- is gaining increasing traction and adoption. For smaller businesses without the resources to purchase company devices, it is probably a necessity. Enterprise-size companies generally have the staff and bandwidth to manage the challenges it presents.
IN DEPTH: 7 BYOD policy essentials
BYOD TREND: Contain the data, not the device
But make no mistake: For midsize businesses, BYOD is the new way to spell risk. And often, that risk could be substantial. Proponents and advocates of the policy are quick to cite the efficiency it drives. It is also true that jumping out the window is far more efficient than walking down all those stairs. The real question is not what allows something to happen more quickly or easily, it is about the overall result -- and potential damage -- of the actions taken.
For the already harried IT staffs at midsize businesses, BYOD presents an exponential increase in new and troubling issues and challenges. Consequently, more and more of them are raising the red flag about the security risks, time management and ethical concerns that BYOD brings to bear at companies already racing to keep pace with their expanding data, storage and infrastructure needs.
Regardless, advocates and detractors are split nearly down the middle. With social and mobile already blurring the lines between work and home, breathless adoption of each new, must-have mobile platform iteration (iPhone 5?), and the continuing need to drive greater efficiency and business results, it is highly unlikely that BYOD is going away anytime soon. Not without a serious, highly public business disaster, that is. [Also see: "The 14 most influential smartphones ever"]
Which could/will happen. As more and more employees use their own devices for work and their work devices for personal use, security breaches and ethical lapses in judgment are pretty much certain. For many organizations, it is not whether it will happen -- it is when and how much damage will ensue. That will be entirely determined by how conscientiously a company has prepared itself and what safeguards have been put into place.
To best assess how much resource and effort should be put into preparation, it is good to consider just how high the stakes are and what infrastructure already exists.
Think of how much time and human and capital expense most midsize businesses have invested in creating a secure network to protect their private and proprietary information. Now imagine that information being left, via a mobile device with password protection turned off, in a taxi. In a bar. In an airport returning from a highly competitive pitch for a new client. Imagine an employee's personal laptop contracting a virus that quickly spreads throughout the organization -- even into the server.
With an unchecked and unregulated, nothing-we-can-do-about-it approach to BYOD, some companies are not just gambling a lot -- they are gambling everything.
This is particularly true for midsize businesses, which not only must contend with both the expense and disruption of deploying stretched-thin resources to address issues brought on by BYOD, but also must absorb the losses that result from systems being taken offline and the ensuing catch-up that happens after an issue has been addressed.
For CIOs and IT managers at midsize businesses in particular, it is critical to build the right kind of shared IT data infrastructure to manage and secure the data that employees can access with a mobile or personal device. The veritable lifeblood of a company can often be found or accessed from a laptop or mobile device. Making sure they are secure is of paramount importance -- but those security efforts must also be balanced with enough flexibility and ease of use to ensure that employees are not limited or unduly burdened in their ability to do their jobs.
Unfortunately, many employees don't fully understand that protecting information is part of their job -- an important part. Any infrastructure additions or improvements must be made in parallel with a process of employee education that clearly explains the risks and responsibilities employees take when they utilize their own devices for work.
At NetApp, all employees are expected to complete training that addresses and plainly clarifies what is expected of us to ensure that we are protecting our assets and ensuring we are keeping the company secure. There are things that technology can do, but technology alone will not be able to protect everyone in all cases -- especially when people are not careful.
With that critical cooperation in place, companies can then put in place the type of agile data infrastructure that scales to meet the needs of devices as they are brought on, and enables quick response to any issues that arise. This ensures that as data grows, companies can manage it from an efficiency standpoint, while taking advantage of some very simple tools to protect that data within the infrastructure. This also dramatically limits potential downtime, by allowing upgrades or issues to be addressed non-disruptively.
While the complexities of disaster recovery and backup often prove to be challenging for midsize businesses, the use of snapshot technology and mirroring to a local site or a host site can efficiently and effectively protect the data and make it available to all employees who need to access it. In such situations, the ability to deploy desktop or laptop images to maintain consistency is key, so midsize firms with BYOD policies would do well to consider adopting the use of cloning technology that will allow them to copy hundreds of images simply, making deployment and testing of upgrades much more efficient.
While many see BYOD as a solution to some of the challenges, in truth it can greatly exacerbate them. As users increasingly tax their organizations' technology infrastructures with greater levels and types of devices, they can quickly overwhelm their IT department and put their companies at risk. Despite any claims of convenience or efficiency, a simple fact remains: If devices are not managed appropriately and deployed efficiently, it places a business in jeopardy.
Read more about anti-malware in Network World's Anti-malware section.