Dave Iverson: Senior manager, Grant Thornton
The bring-your-own-device-to-work phenomenon continues to grow in popularity as businesses look to streamline costs and have a happy workforce. After all, who wouldn't enjoy using a device they're already familiar with for work purposes? However, bringing one's own device to work is not without perils – for both the end user and the business.
From a business perspective, the business needs to concern itself with issues of risk. What sensitive information would be exposed if the device, containing business data, were to be misplaced? What damage to the business' reputation and goodwill would be involved? Would this open the business up to potential litigation? And what controls does the business need to have in place to monitor and secure access to sensitive information?
End users, on the other hand, might have concerns of their own. For example, the co-mingling of data might be an issue. Can the end users easily distinguish their contacts from those of the business? If end users decide to leave the business, what steps will be taken to clean the device of data that belongs to the company, and who will make the determination that the device is clean? And finally, in the case of mobile devices, who owns the phone number?
Businesses and end users can protect themselves by each signing an agreed-upon data-use policy. The policy will outline, among other things, how terminations will be handled, what rights users have to their private information and what rights the business will have to monitor and deploy work-related tools on the device. The data-use policy should be reviewed and signed annually, allowing each party to stay current with changes in the technology landscape.
John Livingston: Chairman and CEO, Absolute Software
BYOD is a reflection of the increasingly mobile nature of both the workplace and workers. First, the CEO walked in with an iPad and told IT to make it work. From there, other employees followed suit. Then, the new generation of workers – millennials, who have grown up in a connected society – insisted they use their own devices. Now employees are calling the shots when it comes to the type of device they use. And although it started as a trend, BYOD is a reality for most IT departments with a deployments now including PCs, Macs, tablets, iOS devices and a variety of smartphones.
Today, device types and operating systems can no longer be supported with asset management point solutions. Device management needs to be streamlined: one solution for different devices and operating systems.
These are the questions you should ask yourself as you evaluate IT management systems and your needs:
•What devices and operating systems do we support? What's out there that isn't on the list? What are the needs of our employees?
•Do we use multiple asset management systems? If so, what is the ROI if we consolidate to a single system?
•If we use a single system, how easily can it incorporate new device types and operating systems?
When assessing solutions, consider these questions:
•How has the asset management solution evolved to provide multiple platform support?
•Do you intend to support a BYOD policy? If so, does the asset management solution help reinforce that policy? This could include the ability to segregate personal from corporate data, including the security of corporately owned data on an employee-owned device.
Properly managed, BYOD can lower IT burdens while increasing worker productivity and responsibility. In the end, the business and worker will benefit.
Dale Jackaman: President, Amuleta Computer Security
In the vernacular of those of us who have to protect corporate computer networks, BYOD is more aptly called "bring your own nightmare." It is truly bad news for employees and employers. To reduce risks to computer networks, we must maintain and monitor all devices to the point where privacy issues for personal devices become a real concern.
Companies legally own their data, including company data located on personal devices. Employees might be liable for the protection of that data and any damage their devices may inflict on the company's network. The legal ramifications are staggering.
I'm a licensed private investigator, and I work in the field of cybercrime prevention, protection and people investigations. It's not the device that commits the offence but the person(s) controlling it. While doing employee investigations we often seize devices and go through them using forensic tools. If this is a business device with only business applications and files, it's not a problem, but a personal device may expose privacy and liability issues to both employee and employer.
A smartphone or a personal laptop is a mobile operating system with the ability to hack into internal corporate systems either by the device's owner or some remote controlled or automated malware. Would you like to be the owner of a phone or laptop that takes down your employer's network and/or steals its intellectual property and causes the firm to go out of business?
It's possible to isolate personal devices from corporate networks and to give some degree of protection, but the possible scenarios and solutions are far too complex to include here. However, the cost and the risks for doing so might negate any savings or productivity the company thinks it might accrue, and the legal and liability ramifications are largely uncharted minefields.
