Monday, December 19, 2011

Unraveling BYOD/T

The one trend that everyone is talking about and which figures on every list (priorities, trends, technology, whatever) is Bring Your Own Device/Technology. It has had proponents and opponents from various quarters within and outside the enterprise. Opinions and views, recommendations and pitfalls, management tools and security concerns, the list is endless and continues to keep the CIO bewildered irrespective of whether s/he embraces BYOT or not.

From what I recollect, it all started with the iPhone and then extended to tablets, laptops, and what have you. Not that earlier personal devices did not connect to the corporate network; they did on the wire and then over the air, if you will remember devices with a technology called “activesync”. The early phones offered limited connectivity and as the network improved and so did the technology, browser based apps started appearing. The resident app followed soon enough.

I don’t remember all the devices that I used over the last decade and longer being provided by the company; which would imply that we did have a lenient policy even before the BYOT buzz appeared and started haunting every technology professional. The early PDA which eventually integrated the phone had limited use and was not widely prevalent due to unwieldy size and interface. Except for the early large form factor devices, it was not a statement to make.

Evolution of the device and the network created new possibilities and the scattered raindrops became a flood; apps for everything and power in the hands of the executive with no constraint on time. Business impatience became the hallmark of new technology deployment to swamp all available and unavailable time. The CIO built layers of infrastructure, applications and security to manage the demand. It did not matter who or how many used it; if it was possible, then it had to be available.

The democratization of information worried only the CIO until stories of compromise started spreading. Compromise not always by the external world, but bits of information scattered across slowly fading away with exits, ignorant employees losing devices or passing hands within the family. Enterprise liability driven by law and governance suddenly finds itself at loggerheads with BYOT.

Depending on the country of incorporation and most probably operation, the laws require stringent compliance. BYOT contravenes some with liability creation for not just the CIO but the CEO and even the global HQ. A cyber law expert thrust the fear of the law of the land to listening CIOs who cringed with every clause and interpretation of impact to the executives and the enterprise.

So what are the choices available ? Will the CEO not want the next new device on the block to be connected to the corporate infrastructure ? Does s/he not evaluate the ramifications to the enterprise ? Is ignorance a good excuse ? I believe that the CIO needs to raise the bar with heightened awareness starting with the Board and then cascading downwards. It takes only once incidence to create collective pain. CIOs can address the contingent liability with reasonable due diligence, control and documentation to dampen down the impact.

It is not going away, but what it means to you is up to you. BYOT = Bring Your Own Trouble, or BYOD = Bring Your Own Demise, or BYOD = Bring Your Own Destiny, or BYOT = Bring Your Own Tension, or BYOT = Bring Your Own Threat, or BYOD/T = ? You decide !

1 comment:

  1. The flexibility of BYOD's should be limited within the boundaries of the Information Security Policy of the organization. Organizations allowing BYOD's without sufficient security implementations are definitely offering a better opportunity for malicious persons in this competitive world.