Information Security in the Real World. Confidentiality, Availability, Integrity, Practicality.

Thursday, 15 March 2012

BYOD - not if, but when.

If your business is still locked into the "corporate desktop" model, you are losing competitive advantage over more creative approaches to device management in your organisation such as "Bring Your Own Device", while also ignoring the risk of BYOD already happening "under the radar" right now.

According to IBM, "Forbidding these devices from the enterprise might seem like a great option, but it's rarely effective. No matter how stringent the rules, some employees will fail to comply and put the organization at risk."

But the most telling rebuke for the CIOs that still think they are doing their business a favour by resisting own devices in the workplace is this survey from Decisive Analytics which says "Almost half of the [440] IT executives questioned in this study said BYOD gave their firm a competitive advantage, while almost 70 percent of CEOs were sure of the competitive advantage." Part of this competitive advantage comes from not paying for the devices, for staff training in the corporate apps, and from IT support savings; But more importantly some is down to the capabilities of the devices themselves, and the productivity that comes from letting the user select the device and apps that they like best. If someone can knock up a slideshow using Keynote on an iPad during a 1 hour train journey, why force them to spend 2 days wrestling with Powerpoint on their work laptop?

But if you're still wedded to the idea that a managed corporate desktop is more secure than a solution that involves your salesforce using their own iPads and Netbooks, think again. Polymorphic malware is making traditional anti-virus and anti-spyware controls inneffectual and the software to defend against it is becoming bloated and slowing down old PCs. There's nothing worse than security software that visibly slows the workstation. Except for security software that visibly slows the workstation and doesn't catch the malware anyway.

A new approach to IT architecture involving cloud-delivered services accessed via approved apps on the users own devices can deliver cost savings and increased security. But more importantly, the business wants it. So we'd better stop holding on to 90s thinking and figure out how to deliver it securely.