Wednesday 2 November 2011

Embracing the “Bring Your Own Device” (BYOD) culture?


Quite a few people I speak to tell me that BYOD is next “big thing”, and we need to embrace it as it will be a way of life for all IT environments.  The argument is that it will reduce capital expenditure (CAPEX) and it makes for happier employees by giving them choice, allowing them to use a variety of devices, such as laptops and tablets, as well as a variety of operating systems, including Windows, Apple and Android.  Much as I understand these statements, I don’t necessarily agree with them

Network Infrastructure
The common assumption will be that a majority of your machines are desktops, but with a BYOD policy, a majority of the devices will be laptops.  One of the major technologies driven from a domestic to commercial environments is wireless, so the expectation will be the requirement for wireless at work with their new BYOD.

Anyone who has felt the pain with a badly configured or deployed wireless solution will know there will be a struggle with either getting a large number of devices on the same wireless network, bandwidth and throughput issues, as well as struggling with coverage in a large or distributed building.

Security must be considered, ensuring the wireless network has the appropriate level of encryption and access.

This can be solved with solutions such as Xirrus, which uses innovative ways to solve the capacity, coverage and throughput issues, while coupling this with coverage guarantee.

Endpoint Security
I’ve read a number of comments from the big AV companies, suggesting that AV alone will not secure your system from malware.  It should be a layered approach, with a number of solutions working in conjunction to tackle all the possible threat vectors.

As minimum anti-virus software should be on the device, but how do you ensure this on a BYOD.  There are several AV solutions that can be managed centrally, but a number of employees will not agree to this as it is “their device” and don’t want the company controlling it.  The company policy may stipulate that anti-virus software must be installed, updated and running, but how do you check?

Network access
Having implemented a wireless network, a consideration is to ensure that only the trusted devices can access the network.  A Network Access Control (NAC) solution will be required to ensure that the devices can be checked, and then either quarantined or allowed access. 

These checks may be the type of device, the software installed, the software running, or the MAC address, then allowing the appropriate access, be it full access to the network, or only internet access to allow the device to update the anti-virus software.

IT Support
What happens to the IT Support function within your organisation with a BYOD policy?  Do they now have to support a vast array of devices?  Do you get rid of them and move the onus of the support function to the user and their chosen solution provider?  Who will ensure that the applications used by the organisation will function on the BYODs?

The cost saving efficiencies from the BYOD policy may be lost several fold, if the IT Support team now have to support devices they are not familiar with.  Although getting rid of the team will not help as they are the team who have ensured that the company applications work on the devices.

Compliancy
We have read in the news about organisations losing personal data and run the risk of up to a £500,000 fine from the Information Commissioners’ Office (ICO).  The onus is on the organisation to prove either the data was not on the device, that the data was wiped or that the device is encrypted. 

As the company is responsible for the data, the “it’s my device” attitude will not work with ensuring information security.  The viable options will be to ensure the data is not stored on the device, effectively making the device a “dumb terminal” or to ensure the device is encrypted.

Device Compatibility
What devices will your users choose?  It shouldn’t matter as long as it enables them to do their job.  So the device will probably be a Windows laptop, an Apple laptop, a Linux laptop, a Windows tablet, an Apple tablet or an Android tablet.

The issue you will have is whether the operating system or form factor selected by your users is compatible with the applications run by your organisation.  Although there has is much talk about cloud solutions and web-based applications, there will still be a number of applications that will only work with Windows devices.

The only way to make some of these Window solutions work, is to either use Terminal/Citrix server or VDI solution.  With these solutions the application will run on the server, and the device will have a view to either the application or a full operating system.  Something to bear in mind is that these solutions will require client software to be installed, so ensure that the solution you use is supported by the devices that your users are using.

Conclusion
The initial thoughts about reducing CAPEX are quickly removed, when considerations around the network and security are taken into account.  I don’t believe that BYOD is a pipedream, but there must be a level of understanding and planning before embarking on a BYOD policy.