Upcoming Webinar: TelemetryTV Lunch and Learn

BYOD’s Big Lie

By Microserve
Facebook
Twitter
LinkedIn
BYODS big lie
BYOD's Big Lie

BYOD isn’t the panacea we thought. More like Pandora’s Box.

I will fully admit that I’ve been a big proponent of BYOD in the past. It’s pretty simple to see why. One I’ve been a Mac user for a long time (like almost 30 years) and you didn’t see many Macs in offices until recently. And two, I’m generally self-supporting for most IT issues. So I’d much rather pick my own machine, tune it without hindrance from IT, and go on my merry way. This is where BYOD sounds great. But…

I’m an exception to the rule. Big exception. When people talk about letting everyone bring their own machines to work, they conveniently forget the big issues that need to be addressed: software, support, confidential information, and security. This is the big BYOD lie, just because someone brings their own machine to work, doesn’t make a company less responsible for the technology.

Software, who owns it and who buys it?

I’m betting you have Microsoft Office installed on the computer in front of you. If you’re at home and reading this on your own machine, you probably bought it. If you’re at work, the company bought it. Now, what if it’s your machine, but you’re using it for work, who buys that license for Office? A company should give you the tools to do your job, but come on, who doesn’t need Office so you’ll just buy it right?

And that’s the problem. So does a company buy a ton of one-off licenses for people or take advantage of bulk pricing for several hundred licenses? Then when someone leaves the company and take their machine with them, how is that license freed up for another person? How do you make sure that everyone has the right software when machines just wandering into and out of the company? How do you even make sure every computer has a baseline of virus protection so the company isn’t put at risk?

There are solutions for this, but implementing them means that the employee has to give up some control of their machine to the company. Which defeats the purpose of BYOD in the first place.

My computer is broken. Who you gonna call?

Not Ghostbusters that’s for sure. If your company has an IT department, that “Gee I don’t know how my laptop got latte on the keyboard, can’t you just wipe it off and fix it?” call. Being in IT is bad enough, but it gets decidedly trickier when you have a mixed bag of computers in the office. Just knowing the tricks to troubleshooting a Dell versus an HP or a ThinkPad is hard enough, but start throwing in Macs, tablets, and whole new computing devices that folks have never seen before, that’s a recipe for disaster. No IT department can effectively manage a diverse technology environment. You need some consistency to make it easier for support, purchasing, and replacements.

If you don’t have official IT people and you’re just going ad hoc, read my post about being the unofficial office IT guy. This is where BYOD can start getting really ugly. Imagine trying to fix a bunch of different machines, all set up differently, when you’re job isn’t really to fix machines in the first place? Right and do that after to figure out why the printer is jamming and the website isn’t working. It’s hard enough to be ad hoc IT, but to be ad hoc IT in an environment where nothing is the same…that’s nuts.

Psst, want some secret company files?

In these days of hacks and leaks and corporate data theft, why would you let confidential company information sit on computers that you don’t own and don’t have oversight of? Making sure company files (contact lists, contracts, payroll info) don’t leave with an employee is a whole lot easier when the company owns the machine. A person leaves, you get the machine back. A person leaves and in the BYOD world and you’d have to sit there and watch the person delete the files from their system. And then what about access to company sites and accounts? Sure people can copy down passwords and such, but it’s a lot easier to get into all those systems if you don’t have to copy anything to begin with.

Just having sensitive company files on a personal device is problematic. How is that device protected? Is it secured with a passcode? Does the person download every free app on the planet? While digital/mobile device management systems can help with smartphones and tablets, you might not be able to do the same with laptops.

Is That Laptop Bringing a Cold Into the Office?

I don’t think I’ve ever seen a company machine in the last 20 years that didn’t have anti-virus software on it. So, who’s installing the anti-virus on those bargain laptops people are bringing in? Who’s setting up the firewall and access rules? Do you know which machines should and shouldn’t be on your network? BYOD is a real risk to network security. You don’t know if people have installed (on purpose or through phishing) spyware or key loggers or even network penetration software on their machines. Sure there is the same risk that a company-owned laptop could pick up a nasty file, but your suite of pre-installed anti-virus and intrusion software will pick that up before damage is done.

When you have machines just coming into the office and connecting to the network you just don’t know what you might get. There isn’t a standard for encrypting drives. You don’t know if everyone has the right firewall settings. You don’t know if they are running anti-virus, not to mention if it’s even up to date. Unknown computers on a network is a big risk, that’s why companies have cordoned off guest networks for visiting computers. You just don’t know what someone might be bringing into the office.

Is Convenience Worth the Risk?

The selling point for BYOD is letting people feel like they have more control and can have a computer that fits their needs and tastes. I bought into it. Makes total sense. But it only makes sense when you have a few people who can all support themselves. Essentially, a small start up. Once you get to more than a few people you need to buy in bulk to save money. You need to make sure all computers have the same software, and valid licenses for the software. You need to make sure all the computers on the network use the same level of security. If everyone is free to bring in the machine of their choice…the system breaks down and a disaster will happen.

BYOD should really be Bring Your Own Disaster. It’s not an if, it’s a when.

Computer photo by Raymond Shobe from Flickr.

Back To Posts

You might also like

Detect Security Blog Banner

How to Detect Security Incidents 

To protect your organization and its assets against security incidents, you need to be able to detect cybersecurity threats. The faster you can detect security