Is BYOD Good or Bad for Your Business?

[Guest]

The way we work is changing. Employees want, or even expect, the freedom and ability to work from anywhere, anytime, on any device. But what are the risks?

Is BYOD Good or Bad for Your Business? : Read more

 

[nobspls]

The problem is not the devices. The problem is always the people, (a.k.a the select few idiots) and hopefully not some malicious bad actors (paid moles, spys, etc. like by Russia, China, or commerical/industrial competitors) that makes BYOD a serious security problem.

 

[popatim]

It makes things challenging that's for sure. Not only do you need additional security, which certainly isn't free nor cheap, you wind up with the added workload supporting the myriad of users and their oddball devices which they believe you have to resolve all their issues even if it doesn't pertain to the company software. We even had to try installing our security software on old things like ipad 1's that cannot even run a current version of iOS much less our software. Then there are the people that think you have to train them on how to use their chosen device. I must get at least 2 calls a night of users wanting to connect their new device and have n clue on how to even download an app from the app store; and if it's an apple they usually have no idea what their iCloud password is to further complicate the issue.

I'm not saying I don't enjoy what I do, because I do, its that sometimes when you are very busy the neophyte calls are not what you want to get right then. LoL

 

[nobspls]

... paid moles, spys, etc. like by US, United State, or US allies) that makes BYOD a serious security problem.

Oh come on why hate on the U.S? The most ubiquitous BYOD device is a USB thumb drive. Stuxnet by the U.S. worked wonders on Iran.

 

[jakjawagon]

The device should be configured to use complex passwords that expire after three to six months to ensure the employee [strike]changes[/strike] forgets their password regularly

ftfy

 

[pug_s]

I work in IT and it is much cheaper for BYOD than the company owning your device. 1) They don't have to pay for your device. A new iphone cost $800-1000 and the cost savings is huge. 2) Paying your monthly bill for your cell phone service is peanuts compared to them buying the cell phone service and having insurance for your device. They don't have to keep extra device in case if you break yours. 3) Companies can easily manage your device by paying for an MDM (mobile device Management) solution like Maas360 (fiberlink), Airwatch or mobileiron.

 

[nobspls]

I do software development and provide support for our IT. The thing is bottom line there is no cheap security. You can go cheaper and be less secure, or you got to pay more for more. BYOD can be substantially cheaper, but it is also substantially less secure. The place I work has taken the policy of not even allowing USB thumb drives the most common place BYOD device, that little thing your key chain is strictly verboten! You are also not allowed to attach your phone to the machines at your desk, not even for charging. They are so freaked out about that next "STUXNET" that can jump the air gap and send data out of the network.

 

[mischon123]

Hardening IT means less IT on island and IT free business processes. Like this:

http://i0.wp.com/www.ebonheart.net/view/bird-toy-famous-alms-inspirational-lovely-drinking-desk-typing-keyboard-birds-executive-style-bobbing-dimensions-of-a-aetna-pharmacy-help-pne-number-vintage-water-novelty.jpg?resize=890,700&strip=all

No need for execs to have a phone or laptop.

 

[anushua.gorai]

BYOD involves some security risks. But, over a period of time, it offers significant revenue gains and productivity increase. It is advisable for enterprises to filter the benefits and costs through a lens of risk. The true benefit of BYOD lies in improving employee experience. For any BYOD policy, to start giving returns, takes atleast 3 years.

 

[pdxitgirl]

I constantly have issues with BYOD devices, due to Apple's moronic inability to allow their devices to be properly managed in an enterprise environment. Even the best MDMs are still far too limited, and often prevented from doing their job by iOS overpowering them, resetting things we explicitly set, and the like. I really detest having to support personal & mobile devices of any type. At least keeping the personal devices on a VLAN-separated Guest wireless network, and not allowing company data on them, helps. But even company-owned iPads are nearly impossible to cleanly manage properly, regardless of the MDM we employ.

 

[pdxitgirl]

NOBSPLS wrote:
"The problem is not the devices. The problem is always the people, (a.k.a the select few idiots) and hopefully not some malicious bad actors (paid moles, spys, etc. like by Russia, China, or commerical/industrial competitors) that makes BYOD a serious security problem."

No, the problem is most definitely the devices in my experience. We can train our users, and they do pretty well. But there are so many problems getting mobile devices to behave properly on our corporate network, whether personal or company-owned. Android is a little better about respecting the MDMs, but both Android and iOS are atrocious at simply doing what we ask them to. Even Windows & macOS seem to cause more and more issues as they both veer away from corporate and into this consumer, mobile touchscreen mindset that just drives me up the wall. "Professional" or "Enterprise" doesn't mean crap anymore in the Microsoft world, for example, it still comes bundled with crap that should never exist on a corporate OS and for some inane reason, you often can't disable.

When my startup actually launches, employees' personal devices WON'T TOUCH the company network OR any of its files!!

 

[pdxitgirl]

ANUSHUA.GORAI said:
"BYOD involves some security risks. But, over a period of time, it offers significant revenue gains and productivity increase. It is advisable for enterprises to filter the benefits and costs through a lens of risk. The true benefit of BYOD lies in improving employee experience. For any BYOD policy, to start giving returns, takes atleast 3 years."

I find this VERY hard to believe. How on earth does this give revenue or productivity gains!?! If the company needs to provide an employee with a phone to get hold of them, then even a basic smartphone SHOULD work fine. They aren't at work for fun or games, and the trend of allowing employees to play on their phone during the day is NOT a good one to allow to continue. Most employees at most companies, however, shouldn't be expected to be "available" after hours, nor should they be required to be checking their email after hours, thus there really should not be a need for a company-provided smartphone. And again, if it's being able to get hold of them in emergencies, they can either call their personal phone, or provide a cheap smartphone. Otherwise, personal phones should exist on an isolated Guest wifi network WITHOUT access to company data or email.

If they need to get work done outside of the office, they should be able to use their company laptop. If they are a road warrior (a big IF -- most employees at most companies aren't), then MAYBE they justify the expense of a reasonably-priced smartphone. But only if they NEED access to email on-the-go. "Improving employee experience??!" I do hope this isn't giving in to the young people who THINK they need fancy smartphones to do their jobs.

And as NOBSPLS stated, there is no cheap security. I disagree STRONGLY with PUG_S. Most MDMs I've used don't manage mobile devices well, especially on iOS which is so strongly aimed at consumer that it just doesn't play well with enterprise-minded policies or lockdowns. And who wants to allow their employer to take control of their expensive, PERSONAL smartphone?? Few do. These things should never mix.

I see personal, BYOD devices as far too problematic and risky for business / work use. Especially given what people do on their personal phones. IF they truly need to access email and work files on the go, and their company laptop won't suffice, then the company should provide a reasonably-priced smartphone. Doesn't need to be top end. Otherwise, the idea that an employee must be reachable after hours is wrong and needs to stop, unless they're in IT and on call. Thus there should NOT be a need for a smartphone for each employee. They can use their own phones on segmented, Guest WiFi while at work **on breaks or lunch only**, otherwise **it has no reason to be used during work, or accessing company data.** And even Guest WiFi is being generous -- they're there to work, not play online.

People THINK they need all sorts of things, especially younger people. Heck, security-wise, they should be locking up their personal devices before entering the office, in my eyes. It's just not worth the security risk for BYOD. The added expense should be worth it where needed, and nowhere else.

It's time we stopped this nonsense.