Bring Your Own Device (BYOD) has crossed the chasm from a bleeding edge to an early adopter technology. According to IDC, more than half the companies they recently surveyed already let employees use their own smart devices within the enterprise environment, and the IT organization is currently supporting them to a certain degree.
Despite all of the predictions of gloom and doom, the adoption of BYOD in the enterprise environment appears to be moving forward fairly quickly and somewhat blindly. The adoption of BYOD has brought another disruptive player to the enterprise environment – BYOS (Bring Your Own Service, also called Bring Your Own Software in some environments ). Both of these transformative technologies change the standard paradigm of enterprise security, requiring thoughtful and significant changes in your enterprise security policies to adequately secure enterprise data and intellectual property.
BYOS: The productivity booster
BYOS can drive significant productivity gains, as well as competitive advantage in the marketplace. Using platforms such as Google Cloud Compute and Salesforce.com to increase productivity and drive competitive advantage is quickly becoming one of the primary drivers of the transition to BYOS. In light of the proliferation of public and private cloud services, the drive toward consumerization of the IT infrastructure, and the utilization of “Big Data” analytics, BYOS is now poised for even more rapid adoption in the enterprise environment.
For those of you who may think that BYOS is not an issue, ask yourself one question: how many of your users are using iCloud and Dropbox? If they are using them for their iPads and other smart devices, you have BYOS in your environment. And corporate data is probably being stored within those environments.
What you don’t know can hurt you
How is this data secured? How do you retrieve or destroy the data from the service or device when the user leaves your company or retires? How can you insure that this data is secured in motion as well as at rest?a
Before we all jump on the BYOS bandwagon, let’s take a moment to think about the implications. First and foremost, the inclusion of these services is an implicit acceptance of the service provider’s terms and conditions, including service level agreements (SLAs) and security policies. Are those security polices consistent and appropriate for your corporate data? Secondly, does your current corporate acceptable use policy apply to smart devices? Have you reserved the right to inspect and/or modify those devices and services if they are used in your environment? Last, but not least, how are you monitoring those devices to insure that valid software licenses are deployed on the devices?
How can you potentially indemnify yourself against the potential liability of unlicensed software use on those devices and services? What other things should you consider to manage BYOS at your organization? In my next post, we’ll take a look at five tasks to consider as you extend support to BYOS.