Tag Archives: security policy

To BYOD or not to BYOD

shutterstock_128593868Bring Your Own Device or BYOD is a hot topic these days, but what’s the big deal? It seems that everyone has their own smartphone/pocket computer. We learned to deal with the Blackberry years ago. Why not blur the lines between consumer technology and business technology? Can’t we all just get along? While it may seem that your IT department is the very embodiment of Dilbert’s Mordac, The Preventer of Information Services, there is a very good reason why they are cautious and you should be too.


The device belongs to the employee but the data belongs to the company. Mobile devices are great for extending our workflow, our workday, and for keeping us in constant contact. In the midst of all of this work, wherever it may happen, an employee will most likely pass company data through their mobile device, either for viewing, editing or storing. Company confidential information is worrisome enough but what about personally identifiable information (PII) belonging to your customers? Is every mobile device protected by a PIN? Is data encrypted on your device while at rest? Is data always encrypted while transiting over the network? How are employees sharing data? Over the cloud? Whose cloud? There is a lot to think about when deciding on a BYOD policy and deciding whether to allow personal devices to access your network. Bill Ho, president of Biscom has created a list of security items to consider when creating a BYOD security policy.


As the number of IT personnel has shrunk through cost cutting and rightsizing, the number of smart devices and platforms has exploded. Blackberry used to be the only game in town, but now we have Apple iOS, Android, Windows Phone, WebOS and other platforms with fun version names like Ice Cream Sandwich and Jellybean. Further up the stack, there are apps that have their own security issues. The sheer combinatorics of it all would cause any IT professional to run screaming for the network closet. To do justice to a solid BYOD policy, an organization would need at least one full time person to monitor platforms and applications that are accessing the enterprise systems. Do you have that kind of manpower? Is there a middle ground without compromising information security mentioned above?


Another consideration is the compatibility of all of these different devices and platforms and mobile applications and your corporate applications. Will X always talk to Y? Does it cause the IT department to scramble to get your unique permutation working for you? Is it worth the effort for your personal productivity?

Good News

There is a lot to consider when deciding to embrace BYOD. On the upside, it can extend the productivity of employees as long as security and compatibility concerns are adequately addressed. The good news is that there are tools available to help you manage mobile devices. You can find solutions from IT service providers such as IBM and Dell or from security providers such as Symantec and others. These applications can help you reach the right level of availability, convenience, and security in order for your employees to maximize their productivity and help you sleep at night.

Do you have a comprehensive BYOD plan? Is it working? What keeps you up at night?


About Kelly Brown

Kelly Brown is an IT professional, adjunct faculty for the University of Oregon, and academic director of the UO Applied Information Management Master’s Degree Program. He writes about IT topics that keep him up at night.