Options
BYOD - Size Does Not Matter
Hello friends, I recently decided to write up an article/blog on BYOD and this is what I came up with... Any feedback or discussion?
( Conquering Ghosts in the System One Day at a Time...: BYOD - Size Does Not Matter )
_____________________________________________________________________________________________
We all know the wonderful term BYOB. We also know the term BYOD. While the acronym BYOD is only one letter different, it’s not nearly as fun yet it’s equally as necessary.
Let’s discuss the current state and movement of the IT industry. Over the past few years tablets have grown to become an additional necessity to our lives, smartphones have gotten bigger and smarter, and operating systems that once catered to the workstation lifestyle now cater to the mobile device lifestyle. The once known “personal computer” is slowly evolving to become the “personal device”. Today, we do still have a line between smartphone, tablet and PC but that line is extremely blurry. Only one day a week when the moon and sun align just right can we see that this line exists.
What’s the problem with that? We all love our big screens and skinny tablets. The problem comes when attempting to write any sort of BYOD policy for a company. This blurry line does not line up well with the well-defined, black and white line that policies draw in the sand. This device evolution makes the attempt to declare what a device is, and how you can use it in the enterprise more difficult every day… or does it?
A common thought is that a smartphone poses less risk than a tablet, and a tablet poses less risk than a laptop. Why do we think this and where did it come from? Size. Our subconscious makes us think that “hey, this little thing in my hand is so tiny, it’s not nearly as powerful of a device as that laptop sitting over there… you can do ANYTHING with that laptop, this phone is limited”. Organizations need to understand that in order to keep ahead of this we need to be more vague and encompassing in our policies. No matter what electronic device: smartphone, laptop, tablet, smartablet, laphone, tabletop… you get the idea; it is in the end, a device. Size does not matter. A smartphone can be loaded with all the hacker tools that a laptop can. In fact, maybe we should consider smartphones a larger risk than laptops. Who’s going to stop a stranger looking down at their smartphone walking around your building? How about a laptop? Yeah, that’s right… the laptop looks more suspicious.
Let’s go back to how the evolution in mobile devices makes writing policies more difficult. A lot of the time people go at this from the wrong angle. They ask the question: “What kind of devices do we want to address? Smartphones and tablets? Only laptops?” What we need to be doing is classify devices not by what they are or who owns them but what do we know about them? If we take the policy and instead of making tons of classification buckets (personal phone, company phone, personal tablet, company tablet, personally purchased company tablet… etc…) we make two: managed and unmanaged. Stop trying to quantify the risk differences in these devices and keep them all under the same tree as a “device”. This in fact is why it’s called “BYOD” and not BYOPC, BYOT, BYOSP, BYOLT.
If we stop thinking about the risk associated with your smartphones and instead think about the risk associated with unmanaged devices it will put us in a position to weather the mobile device evolution. If someone wants to bring in their own device and gain access to your network; that device must be moved from the unmanaged classification to the managed classification. You and your company’s requirements determine what those two categories mean.
( Conquering Ghosts in the System One Day at a Time...: BYOD - Size Does Not Matter )
_____________________________________________________________________________________________
We all know the wonderful term BYOB. We also know the term BYOD. While the acronym BYOD is only one letter different, it’s not nearly as fun yet it’s equally as necessary.
Let’s discuss the current state and movement of the IT industry. Over the past few years tablets have grown to become an additional necessity to our lives, smartphones have gotten bigger and smarter, and operating systems that once catered to the workstation lifestyle now cater to the mobile device lifestyle. The once known “personal computer” is slowly evolving to become the “personal device”. Today, we do still have a line between smartphone, tablet and PC but that line is extremely blurry. Only one day a week when the moon and sun align just right can we see that this line exists.
What’s the problem with that? We all love our big screens and skinny tablets. The problem comes when attempting to write any sort of BYOD policy for a company. This blurry line does not line up well with the well-defined, black and white line that policies draw in the sand. This device evolution makes the attempt to declare what a device is, and how you can use it in the enterprise more difficult every day… or does it?
A common thought is that a smartphone poses less risk than a tablet, and a tablet poses less risk than a laptop. Why do we think this and where did it come from? Size. Our subconscious makes us think that “hey, this little thing in my hand is so tiny, it’s not nearly as powerful of a device as that laptop sitting over there… you can do ANYTHING with that laptop, this phone is limited”. Organizations need to understand that in order to keep ahead of this we need to be more vague and encompassing in our policies. No matter what electronic device: smartphone, laptop, tablet, smartablet, laphone, tabletop… you get the idea; it is in the end, a device. Size does not matter. A smartphone can be loaded with all the hacker tools that a laptop can. In fact, maybe we should consider smartphones a larger risk than laptops. Who’s going to stop a stranger looking down at their smartphone walking around your building? How about a laptop? Yeah, that’s right… the laptop looks more suspicious.
Let’s go back to how the evolution in mobile devices makes writing policies more difficult. A lot of the time people go at this from the wrong angle. They ask the question: “What kind of devices do we want to address? Smartphones and tablets? Only laptops?” What we need to be doing is classify devices not by what they are or who owns them but what do we know about them? If we take the policy and instead of making tons of classification buckets (personal phone, company phone, personal tablet, company tablet, personally purchased company tablet… etc…) we make two: managed and unmanaged. Stop trying to quantify the risk differences in these devices and keep them all under the same tree as a “device”. This in fact is why it’s called “BYOD” and not BYOPC, BYOT, BYOSP, BYOLT.
If we stop thinking about the risk associated with your smartphones and instead think about the risk associated with unmanaged devices it will put us in a position to weather the mobile device evolution. If someone wants to bring in their own device and gain access to your network; that device must be moved from the unmanaged classification to the managed classification. You and your company’s requirements determine what those two categories mean.