- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
Network World - It will be increasingly hard to just say ‘no’ to the growing “Bring Your Own Device” (BYOD) crowd, especially with the arrival of new tools like those rolled out last week by Nokia, Motorola, Amazon and this week, from Apple. But that was the initial reaction information manager Anthony Peters had when senior executives at the accounting firm where he works started purchasing iPhones and asking for support.
Now almost two years later, with a BYOD policy in place, "the demand comes from everyone," says Peters, who works at Burr, Pilger, Mayer. Much the same thing is happening all across the country in manufacturing, government, healthcare, high-tech and in law offices as BYOD challenges traditional security and mobile-device management practices.
At Foley & Lardner LLP, the 900 or so attorneys there are offered the option of BYOD on a voluntary basis and with a subsidy to keep it "cost-neutral" to whatever corporate-issued device that BYOD is expected to replace, says Rick Varju, director of engineering and operations there. He says this "whole consumerization of IT craze" basically got rolling because the CIO there got an iPad.
But due to concerns about security and compliance, IT departments are making their own demands on BYOD users — often asking them to agree to give IT control over their personal smartphones and tablets. They're requiring them to use corporate-issued management and security software to monitor or remote wipe — and sign off to accepted practice in BYOD policies.
John Pironti, president of consulting firm IP Architects, who has advised security association ISACA on BYOD security issues, contends the legal questions are usually harder to answer than the technology ones.
"It's about liability," when it comes to corporate data at risk, Pironti says about BYOD. In some places, BYOD should be rejected because it's too big a risk, or it's deemed a violation of the user's privacy. Either way, he warns, don't think a personally-owned BYOD device won't be subject to regulatory-driven audits just like corporate devices.
At the Burr, Pilger, Mayer firm, it is viewed that BYOD devices have to be audited just like any corporate-issued device would. So employees eager to go BYOD have to agree to use the necessary mobile-device management software and services, which includes Fiberlink MaaS360. They must adhere to specific iOS and Android types -- and definitely not 'jailbreak' their Apple smartphones to disable security (which the firm says it would know immediately if it happened). Each BYOD user also has to sign two policy documents about accepted practices and the company's requirements.
"It states you agree the firm can wipe the device," says Peters, adding the accounting firm also affirms the right to randomly monitor the device. But all these measures don't totally put to rest the uneasy feeling about the invasion of consumer devices into the corporate world.