And in the same survey
67% of those questioned believe the world is going to end on 21st December 2012..
Over two thirds of US mobile workers now pay for their own kit, with a further third saying that choice affects their choice of employer – making BYOD more important than ever. The numbers come from iPass, global provider of connectivity to those mobile workers, but reflects a trend where bringing your own device (BYOD) into …
How many companies who are into this stuff due to the hype and not because it simply works for them have thought about the involved risk management. Because when looking at mobile devices such as cellphones I suddenly can't help wonder: "What would happen if the employee quits"?
The reason doesn't really matter here. But if such a co-worker has been bringing and using his own mobile phone then you'd better hope that you either hired a trustworthy / respectable person and / or that you made sure to include a section in the contract what the person can and cannot do with the information he acquired during his job, especially with information which is now stored on his / her phone.
Because what if this person decides to start a company of is at another employer and now decides to use the information on his own hardware to help out his new environment?
I think you're entering a huge grey area here. Because although one could argue that the person is now (ab?)using and profiting from information which isn't specifically theirs, one could also argue that the company involved was also profiting from the person when he or she was using his own equipment for company business, effectively saving the company money.
"you made sure to include a section in the contract what the person can and cannot do with the information he acquired during his job"
There's always a section like this in your contract; even if it isn't there explicitly it is implied when a document has "Company Confidential" written on it.
You can't, 100%, stop your employees from stealing from you; most company IT "security" is just to stop them doing bone-headed stuff like installing key-loggers while they're surfing the internet looking for a new job that lets them use their own kit.
"Because although one could argue that the person is now (ab?)using and profiting from information which isn't specifically theirs, one could also argue that the company involved was also profiting from the person when he or she was using his own equipment for company business, effectively saving the company money."
BYOD does not save any money!
> BYOD does not save any money!
It may not, it almost certainly doesn't save any directly, but I am not sure that's the real point of it.
The key benefit for us is customer satisfaction, particularly with the most senior and important (for a given definition of 'important') customers, which is not the easiest thing to generate when for the most part people are oblivious to anything which works and furious about anything which doesn't.
There are more mundane wins - with wifi coverage of the site any available room can be a meeting room, any desk can be a hotdesk, and anyone who needs to be anywhere is still connected to services.
As far as data on devices goes we can require lock screens on and remote wipe phones and tablets if we need to but application virtualisation services (Citrix in our case) mean that apart from email no data is actually transferred and this does not make email any less secure than it already was (we do not prevent people forwarding mail or printing it and taking it home).
There's really no security risk that was not already present with people taking laptops outside the organisation / working from home. USB storage is a greater threat and while personally I'd be happy to lock it out altogether the business certainly would not and sees the convenience as worth the risk, which, once properly informed, is their decision to make not mine.
BYOD helps break the outdated thinking that security is maintained at a perimeter with a safe zone within the castle walls and barbarians without - if we are not already treating it differently we ought to be regardless of BYOD.
Terms and conditions of employment are a HR responsibility, not IT. In practice most contracts of employment will have this. If not, they should. Or you could be working for a very small company where trust is more mportant. Or the employer could be incompetent, in which case maybe you shouldn't be working there...
As @AutomationGeek says. Go read your contract. If you are working for a decent company it doesn't matter what device you have in your hand or not, you cannot take away data or screw up your employer. The lawyers were on this decades ago, and protecting the boss since the Borgias.
If your contract does not mention this you are working for a wank company
The companies who employee these people must have a policy of "lets recruit idiots to keep our costs down". The interview goes a little something like this..
Employer: Will you buy your own equipment?
Potential Employee: Yes!
Employer: Mug.. I mean, excellent, your hired!
To be fair though, mobile workforce does have different requirements, if your a road warrior, the last thing you want is to be carrying 2 laptops (1 for work, then 1 for personal use), but I honestly cannot believe this figure is 70%.
I suspect this is a misrepresentation of the situation - I still have not found anyone who works anywhere where the policy is that they must buy their own kit with the business thinking it will save money as a result. In all cases that I am aware of the business is permitting and enabling the use of personal devices to access business services.
So lots of people are buying their own devices but for their own reasons - they want a iPad so they get one, then they want to use it for work so if they can, they do.
So it may be that 70% of these people have bought their own choice of smartphone or fondleslab which they now use for work but I very much doubt anything like that proportion has done so at the behest of or for the benefit of their employer.
Yes. The article seems to be deliberately worded to make it appear that it's the purchase of (computer) equipment, where the reality is much more likely to be mobile phones or sat-navs, but then equipment could even include laptop bags, there's nothing to say that it's even electrical equipment. The original survey may clarify it more, but I don't have the time or inclination to go through a registration process to view it.
So it just looks like this "article" is just another BYOD sales advertorial trying to convince us that insanity is the best way forward as it's already happening and we should follow them off the cliff.
Any sane company that I've encountered recently has set of laptops for their road botherers to pick from as the size of a laptop can be quite a personal preference and tastes and requirements can vary quite drastically. Few still say "here's the one laptop model you may use" as there's little point in standardising like that because unless you buy all your laptops in one batch by the time you next come to order one your chosen model is inevitably obsolete and has been replaced.
I can see some advantages, for example we saw a VMWave solution that supplied a link/client to an Andriod phone image. You logged into that and you could see work email/corporate network in a manor similar to your phone's style. But everything remained on the corporate network.
That has great appeal and if you coupled that with a dual sim, it would make life a lot easier. An alternative would be a standard corporate VOIP client the phone registers to, that forwards office calls on to it.
Both these solutions have a cost but from an employee standpoint they would be big improvements. For a while when I had a work mobile I simply chucked the phone in a draw and put the sim in my personnal mobile phone when I needed the work number. Carrying two phones (when a man with limited pocket space) is hard work.
I mostly agree with your comment, but for the last sentence:
Few still say "here's the one laptop model you may use" as there's little point in standardising like that because unless you buy all your laptops in one batch by the time you next come to order one your chosen model is inevitably obsolete and has been replaced.
Usually laptops have some kind of inherent standardization , provided by their OS/s. At most, you have to deal with a new version of the OS, which is easier to tackle than switching to an entirely different OS. All desktop OSs (Win, Linux, OSX) are supposed to be mature enough for enterprise use, unlike mobes and tablets, that show lots of software problems that were solved years ago for desktop/laptop OSs.
Also, the life expectancy of a given desktop OS version is ~8 years, while the life expectancy of a smartphone/tablet OS is < 1 year. And, on top of that, the life expectancy of a laptop is ~5 years, while the life expectancy of a smartphone is < 2 years.
If any of you, fellow readers, is considering to deploy BYOD in your company, take these numbers, apply them to your present situation and see what they mean in terms of [staff, service quality, costs, security] for your IT department and your company.
The bright side is that if this BYOD
scam thing becomes generally accepted, lots of jobs will be generated, at least until the moment management starts getting a clue.
"I suspect this is a misrepresentation of the situation - I still have not found anyone who works anywhere where the policy is that they must buy their own kit with the business thinking it will save money as a result. In all cases that I am aware of the business is permitting and enabling the use of personal devices to access business services"
I once worked (briefly) at a company that didn't supply mobile phones to anyone below a certain grade or to any contractors (I fell within both categories). Fine you say, there's plenty of companies who do that and very few who supply mobiles to contractors. The problem with THIS company was that they were occupying temporary space (for temporary read about a year) and had NO desk phones available, so I was expected to make loads of calls including conference calls where they only supplied an 0800 number, using my personal mobile.
Yes there was the capacity to claim the costs back, but only those itemised on my bill. And as I have a contract, all the calls for the company made at the start of my billing month weren't claimable as they just said inclusive. Personal calls at the end of the billing month that cost me because I'd gone over my contract allowance making work calls naturally were also not claimable.
I'd love to pay for my own IT kit. Also: rent for my desk & chair, and (on top of accepting no salary) a monthly fee for the privilege of coming to work. Perhaps the board would also like to carve a slice of my flesh every day for their lunchtime buffet.
Exaggerate, moi? With the rise of unpaidinternships, workfare, and various other forms of indentured slavery, this is the future
> Also: rent for my desk & chair
How about paying your share of the electricity bill, doing your share of the office cleaning, making your own drinks with your own machine and tea/coffee you'd bought yourself?
If you work at home - either for yourself or as a WAH employee of a larger company - the chances are you already do all of these things for free. There are a few enlightened employers who make a token payment for your household expenses, but they are the exception rather than the norm.
I work from home, so I already pay for my chair, also the desk, the carpet it sits on, the room it's in, the electricity it uses, the lighting and heating. I also use my own two (large) monitors rather than the tiny one supplied by the company. I don't see any of this as a problem. I save hours commuting each week so the saving in time and fuel more than compensates. And no I'm not skiving, I'm available to work well before and long after office-based colleagues have arrived at or left the office which is very important when dealing with client in other countries. Security is covered with a VPN and multiple log-ins with no access to very sensitive data, although most of our client information is all in the cloud anyway (SFDC). I do still get a salary, and this is performance related, so there's no incentive to slack off.
I work from home too... If my employer turned round and said - you buy your own kit, id tell him to get bent...
As it is I have a nice i7 supplied for my use, but I still use my own equipment for the majority of my work. Its a choice that I should be allowed to make, and not one that I would like forced on me!
BYOD is fine if you can afford to replace a vital work bit of kit at an instant... If my work machine is lost, damaged or has an issue - I can be assured of a replacement or fix in a day or two... If I was relying solely on my own kit Id have to factor in enough funds to be able to fully replace my laptop at a moments notice.
Don't worry, us sales reps have a full copy of everything we can, all stored at home anyways. Also you think we don't surf porn on a works laptop whilst in a hotel?
It's amazing how many sales drones have no concept of how computers work. Regularly at $JOB, when the drones get tired of doing their jobs and pine for new opportunities, they think they can hand in their notice, and walk off to their new gig with a bunch of our customer data.
They tend to do this in the most amazing obvious ways - a mass export of their client list from salesforce, exporting all emails since 2006 and so on and so on. It has been my distinct pleasure on each occasion to provide a raft of evidence that we have then used to sue the asses off the idiots.
You can take all the company data you want, but don't squeal when we nail you to the wall for it.
>BYOD is fine as long as you are happy that someone
>with the security skills of a senior manager or sales rep;
> is keeping your confidential data and IP on the same
>machine with which they will surf for porn
>over an unsecured public network.
Firstly what is different about them using a device they have chosen themselves and a device supplied by the company? If you give a sales rep a laptop is she then not going to surf for porn?
Secondly why would you ever let them keep confidential data anywhere other than where that data belongs? BYOD is not introducing new security risks here, it is just making people think about the risks that are already present.
There's zero necessary difference between BYOD and remote working in security terms. If you do it badly then you can create problems for yourself, I expect, but you'd probably find you have those problems already.
The bit about not surfing porn on company kit but being prepared to install a 'viewer' on your own kit one is dismissable, the other an IT headache to try to defend against. Let your 3 year old play on the nicely locked down company laptop vs letting them play on your own-bought iPad? Worlds apart in terms of exposure profile.
"Let your 3 year old play on the nicely locked down company laptop vs letting them play on your own-bought iPad? Worlds apart in terms of exposure profile."
And the reason you can't lock down the BYO device . . . ?
When the connection to the services via VPN enforces proxying via the corporate web filtering service there's no difference in what they can do on the net from what they could do on a work-supplied PC at their desk.
With the VPN client enforcing antivirus installation and updates as well and operating system patches and other policies you have as much control over the state of the client they provide as you do the one you provide.
Anyone suggesting there's a serious risk here better have full NAC (and ideally physical port locks) in place within the perimeter such that unauthorised BYOD is completely impossible otherwise I'll start to suspect that people are just looking for an excuse not to do something that their clients want.
Reminds me of jobs that say "must have own car"... yeah right!
The company going to pay for business mileage insurance, the type that gives a courtesy car for breakdowns? The company going to cover the added risk to your car while you use it for their business?
And "business mileage" does not cover this.
My job is described as this, and the mileage rate (43p a mile) does cover my fuel + the extra for higher insurance/tyre wear/mechanical wear. For employees with low to medium business miles it's the sensible thing to do. For high mileage business travellers company cars/pool cars are a better bet.
Let's face it, if you are a mobile worker for an IT company, you would rather buy your own kit. Company provided IT gear tends to be lowest common denominator, ie the manager wot does a bit of eMail capable. All of my technical colleagues have their own high powered laptops that are properly protected, tuned and maintained. They all tend to be less than three years old. This compares to the company supplied IT which is low power, and up to five years old. Project kit is up to it, but is not available to everybody on demand.
My personal IT is far more capable than the companies, so I use it when it's advantageous and does not break security rules. In fact I do all my VM and Database prototyping and pre-sales on my kit and only upload the results.
Oh, and as far as what happens when someone leaves, well I suspect it's no different to the corporate only model. People tend to copy useful day to day eMails, utilities and so on, to their own backup devices anyway. BTW on our secure devices this is not possible.
I'm a mobile worker for an IT company and I can state categorically that I don't want to buy my own kit! I've been employed to do a job, and I expect the company to buy me the kit to do the job I'm employed to do. The day they tell me that I need to buy my own devices, I'm out the door. My personal IT kit is way more powerful than my employer provided kit - but I sure as hell ain't using it for their benefit. I don't mind investing a bit of time to do extra work unpaid, but I'm not spending my cash for their benefit.
The idiots in accounting keep bouncing my mobile phone bills saying that I need to use a company phone when on business in foreign parts. Ok but those same numptys keep blocking my fully signed off request for said company mobile phone on the grounds that my job title does not warrant a phone with roaming enabled.
Doh!, mega Doh.
My boss is as frustrated as I am. We have a solution now which involved telling the expense numptys (same as above) a few lies. A couple of fake Taxi rides covers the costs of local SIM cards.
Now if only dual SIM phones were more readily available in the UK I wouldn't have to carry around two phones.
BYOD is ok if everyone buys into it. Sadly the more entrenched corporates don't get it at all.
Reminds me of a friend who travels to Malaysia a lot for work. The bean counters were forever querying his expenses for meals, however they always sign off taxi fares without a murmur. As a result, he now gets a blank receipt along with the real one for every taxi journey and sticks the bulk of his meal expenses through on those.
"Now if only dual SIM phones were more readily available in the UK I wouldn't have to carry around two phones."
Sympathies for the idiot employers.
As far as dual SIM phones the right-on evil-free phone the Reg was on about the other day was supposed to have dual-active SIMs. Fairphone?
"Over two thirds of US mobile workers now pay for their own kit, with a further third saying that choice affects their choice of employer – making BYOD more important than ever."
This shift is alarming. Who is the boss here?
I don't believe these people are worth it.
If I offered BYOD as policy, I'd write in severe penalties for data loss due to BYOD for the employee, sacking and a poor reputation definately.
Where have all of the adults gone? Seems there are more petulant children!
>If I offered BYOD as policy, I'd write in severe penalties
>for data loss due to BYOD for the employee,
> sacking and a poor reputation definately.
Presumably these would be the same as the penalties for data loss due to a device you supplied yourself?
And you be taking the same steps to make this as near impossible on a device they had chosen as you would on one you had provided?
In which case it seems fair enough, barely needs a change to the existing policy.
As we're doing the beancounter expenses story here's one - I was working away and went to visit my parents who live near where I was working. Due to a clerical error on my part I did not check out of my hotel for the night I was staying with my parents so thought it only fair not to claim for that night. I had my expenses rejected several times and had to escalate to VP level because my claim was less than the amount on the receipt.
I work for a large organisation which gives all its staff laptops so ee can hot-desk.
The problem is that, as a developer, having a laptop that can run an email client, chat and excel doesn't cut it. Having your hard disk encrypted, with the 40% reduction of performance that comes with it, doesn't help either. Having a slow 5400 rpm drive sucks too. Oh, and did I mention that we also have anti-virus scanning each read and write?
The developers complained and were told that getting laptops with SSDs and a sensible amount of memory would cost an extra £200 so wasn't practical. I would gladly have written them a cheque right then and there for £200 for a dev box that wasn't the laughable joke my current laptop is.
There is light at the end of the tunnel. The developers here have risen up with torches and pitchforks and have demanded better kit and it does look like they're listening this time.
But, all this said, I can see the attraction of using something I've chosen as fit for purpose for my job instead of the pile of junk I currently have.
Wow 40% reduction in performance with encryption??!!
You might want to pay for someone to do that properly or change the encryption software.
I've fully encrypted quite a few laptops and the performance drop is negligible.
Certainly haven't seen a drop from 80MBps to 50MBps type thing. Maybe 80 to 78.
Problem is that (certainly in the cash-strapped situation many of us now work in) many organisations, especially in the public sector, have decided to standardise their IT provision on a single desktop specification (usually the cheapest system which can comfortably run Windows, Word and Excel symultaneously), which reduces both procurement (hurray - can now buy everyone's desktop in one massive purchase which attracts big bulk discounts) and support costs (everyone's hardware is now identical so support don't need to know about anything else), but the systems are woefully inadequate for anyone in a remotely specialised technical role (pittiful amount of RAM, slow processor (2 cores if you're luck), no virtualisation extensions, slow tiny harddisk).
The result, employees end up bringing in our own laptops because they're better suited to the job and more powerful than the brand new desktop "computers" supplied by our employers.
Biting the hand that feeds IT © 1998–2019