Quite a few
people I speak to tell me that BYOD is next “big thing”, and we need to embrace
it as it will be a way of life for all IT environments. The argument is that it will reduce capital
expenditure (CAPEX) and it makes for happier employees by giving them choice,
allowing them to use a variety of devices, such as laptops and tablets, as well
as a variety of operating systems, including Windows, Apple and Android. Much as I understand these statements, I don’t
necessarily agree with them
Network Infrastructure
The common
assumption will be that a majority of your machines are desktops, but with a
BYOD policy, a majority of the devices will be laptops. One of the major technologies driven from a
domestic to commercial environments is wireless, so the expectation will be the
requirement for wireless at work with their new BYOD.
Anyone who
has felt the pain with a badly configured or deployed wireless solution will
know there will be a struggle with either getting a large number of devices on
the same wireless network, bandwidth and throughput issues, as well as
struggling with coverage in a large or distributed building.
Security
must be considered, ensuring the wireless network has the appropriate level of
encryption and access.
This can be
solved with solutions such as Xirrus, which uses innovative ways to solve the capacity,
coverage and throughput issues, while coupling this with coverage guarantee.
Endpoint
Security
I’ve read a
number of comments from the big AV companies, suggesting that AV alone will not
secure your system from malware. It
should be a layered approach, with a number of solutions working in conjunction
to tackle all the possible threat vectors.
As minimum
anti-virus software should be on the device, but how do you ensure this on a
BYOD. There are several AV solutions
that can be managed centrally, but a number of employees will not agree to this
as it is “their device” and don’t want the company controlling it. The company policy may stipulate that
anti-virus software must be installed, updated and running, but how do you
check?
Network
access
Having
implemented a wireless network, a consideration is to ensure that only the
trusted devices can access the network.
A Network Access Control (NAC) solution will be required to ensure that
the devices can be checked, and then either quarantined or allowed access.
These checks
may be the type of device, the software installed, the software running, or the
MAC address, then allowing the appropriate access, be it full access to the
network, or only internet access to allow the device to update the anti-virus
software.
IT
Support
What happens
to the IT Support function within your organisation with a BYOD policy? Do they now have to support a vast array of devices? Do you get rid of them and move the onus of
the support function to the user and their chosen solution provider? Who will ensure that the applications used by
the organisation will function on the BYODs?
The cost saving
efficiencies from the BYOD policy may be lost several fold, if the IT Support
team now have to support devices they are not familiar with. Although getting rid of the team will not
help as they are the team who have ensured that the company applications work
on the devices.
Compliancy
We have read
in the news about organisations losing personal data and run the risk of up to
a £500,000 fine from the Information Commissioners’ Office (ICO). The onus is on the organisation to prove
either the data was not on the device, that the data was wiped or that the
device is encrypted.
As the
company is responsible for the data, the “it’s my device” attitude will not
work with ensuring information security.
The viable options will be to ensure the data is not stored on the
device, effectively making the device a “dumb terminal” or to ensure the device
is encrypted.
Device Compatibility
What devices
will your users choose? It shouldn’t
matter as long as it enables them to do their job. So the device will probably be a Windows
laptop, an Apple laptop, a Linux laptop, a Windows tablet, an Apple tablet or
an Android tablet.
The issue
you will have is whether the operating system or form factor selected by your
users is compatible with the applications run by your organisation. Although there has is much talk about cloud
solutions and web-based applications, there will still be a number of
applications that will only work with Windows devices.
The only way
to make some of these Window solutions work, is to either use Terminal/Citrix
server or VDI solution. With these
solutions the application will run on the server, and the device will have a
view to either the application or a full operating system. Something to bear in mind is that these
solutions will require client software to be installed, so ensure that the
solution you use is supported by the devices that your users are using.
Conclusion
The initial
thoughts about reducing CAPEX are quickly removed, when considerations around
the network and security are taken into account. I don’t believe that BYOD is a pipedream, but
there must be a level of understanding and planning before embarking on a BYOD
policy.