Cloud, General, Security

Donate Your Own Device: Both IT & Employees Agree that BYOD is DUMB (Continued)

Note: To read Part 1 of this article, please click HERE.

  • No BYOD at Local Government (continued)
  • Private Sector, Revisited
  • Connected Home & Office – The Final Frontier?
  • Bring Your Own Caution with Cloud VMs

Wilkinson says that his hesitation with BYOD in a government setting is not that high-quality security systems do not exist; rather, the issue is that they are cost-prohibitive.

“But there has to be a middle ground,” he explains, “and at the moment that’s two devices in your pocket.”

What about partitioning information, so that only professional content would have to be deleted if the device were lost? Shropshire Council explored the possibility of distinctly separating personal files, but the solutions they surveyed were unconvincing.

Although Wilkinson isn’t comfortable with letting every employee integrate whatever personal device they choose with the county’s network, he does believe it’s critical to consistently assess the user-friendliness of phones and tablets provided to employees. Shropshire is a Microsoft-based organization, so it uses Surface tablets and Lumia phones, both based on the Windows OS.

Wilkinson says that he is seeing employees resetting their passwords and accessing the government systems from home, suggesting that the company is becoming less firmly rooted in the traditional business day. He says that individuals are integrating their work into their lives as desired, and he sees that as positive.

“If working from home doesn’t become the default,” he argues, “people will never be able to integrate home working into a flexible lifestyle that can work around life events such as hospital visits.”

Well, sure. You know what also will be great? People will be expected to get projects done when they are at home. That’s kind of how it works. It’s a way to get people to work 60 hours a week rather than 40, because you’ve now enabled them to work 12 hours a day. Earth to Wilkinson: No one wants to be fooling around with their depressing government job on a Sunday. You have apparently been drinking Kool-Aid supplied to you by the UK’s Bureaucratic Productivity Agency. I hope it was the cherry flavor, which is delicious and makes it easier to stomach all the manipulation.

Private Sector, Revisited

Although we can argue about whether the “work from home” trend is about optimizing employee freedom or trapping them inside an Orwellian nightmare, the third CIO interviewed by Computing remains consistent with the anti-BYOD attitudes of Reed.co.uk and Shropshire Council.

Martin Davies of UK-based gambling company Bet365 does not understand what is supposed to be so positive about BYOD. With a broader set of devices, you get a broader set of security concerns. It’s that simple.

The developers at Bet365 are given all the computing equipment they need when they come onboard at the company, explains Davies, who also notes that he does not expect employees to EVER be able to connect with whatever devices they want.

Many financial transactions flow through Bet365, so Davies’ concern with precautionary measures is wise.

“Wireless is just another extension of your attack surface from a security perspective,” he comments. “We’ve started allowing it, but it is very segregated from the main network and it is very tightly controlled.”

What exactly does he mean by tight controls? Well, Wi-Fi is used purely by developers to test mobile apps. The only way for the company to responsibly provide mobile use to its customers is to check everything out themselves. Employee convenience and flexibility are moot points given the increasingly treacherous threat landscape. The only situation in which Bet365 uses wireless is when there is no other option.

In order to properly test the applications, wireless is necessary, says Davies. Since client cash is flowing in and out of the firm consistently, losses could be astronomical if a breach occurred. Even with its Wi-Fi network, Bet365 has numerous access point controls and immediately shuts down any connections that look suspicious.

Connected Home & Office – The Final Frontier?

Whereas Bet365 takes a hard line toward accessibility, assuming a future in which everything will remain tightly contained, Ridley (the Reed CIO) says that home computing will eventually need to be incorporated into business environments.

Even though Ridley sees his company gradually allowing more personal devices into its network, he knows that security is a daunting task that requires adherence to universally accepted standards.

“Where we are now, we have a hybrid model,” he mentions, “but making sure there are compliance models is a big thing, and is becoming big business.”

Ridley actually doesn’t seem to really understand the BYOD debate, saying that it’s already as ubiquitous as the requirement for workplace parking. The obvious question then, is, why is it not a policy at Reed?

Bring Your Own Caution with Cloud VMs

BYOD is not really that great of an idea. In fact, it’s an awful one.

Employees don’t want to have to donate their own device to their workplace. IT leaders don’t want to have to conquer the exponentially more complex security challenges. Convenience and flexibility should always take backseats to security. Saving a few bucks on mobile devices for employees is also not a valid reason to adopt this policy.

Look at all the recent high-profile hacks. Security is critical throughout all aspects of IT.

When you want a cloud virtual machine, make sure it is governed by internationally recognized standards, as ours are.

By Kent Roberts