Time to get serious about BYOD

By Gabey Goh November 8, 2012

Unless the organization is a secret government agency, companies should embrace the BYOD trend
As BYOD is still in infancy, organizations must constantly review their programs

Time to get serious about BYOD WHEN the results of Citrix Systems’ Workplace of the Future study were released earlier this year, Malaysia topped the global table as the country with the highest number of devices accessing the corporate network, with an average of six devices per employee.

Despite knowing that Asia had a higher rate of devices purchases and refreshes, the results still surprised the company’s chief security strategist, Kurt Roemer (pic).

“To really use six devices? That surprised me as we typically use between three to four in the United States,” he told Digital News Asia during a recent trip to Kuala Lumpur.

The onus then, is on organizations and their chief information officers (CIOs) or chief technology officers (CTOs) to handle the added complexities of a workforce accustomed to the bring your own device (BYOD) option.

Roemer said that there is a gap between senior IT management who have lived through the entire mainframe, distributed computing transition and are used to doing things in a more regimented fashion, versus the younger workforce using BYOD and bringing innovative technology into the workplace.

“The gap can be fairly large. The new workforce is very willing to throw things out and try something new to get some gains. But the viewpoint of the older generation is more ‘let’s keep what we have and try and make it last as long as possible.' And the two are often at odds,” he said.

According to Roemer, organizations which house a progressive senior management team that understands how users are doing work tend to catch up and use technology in new and innovative ways.

“Conversely we see some of them being very stolid and locking down the environments, not change anything and they’re really losing out,” he added.

To BYOD or not

The Workplace study also found that 19% of organizations in Malaysia have no plans for a mobile workstyle implementation.

In situations where organizations are still hesitant about BYOD, Roemer said that the question should be “who is responding to those hesitations within the company?”

He added that there are some who don’t want to allow BYOD, preferring to lock company systems down, but most coming in to the workforce want BYOD, having purchased their own devices and “really love and interact with them.”

“Unless there is a really solid reason for an organization for not allowing BYOD, for example if you are a secret government agency which doesn’t allow cameras or recording devices in, then I understand that. They should not have a BYOD program,” he said.

In addition, certain people within an organization with access to very sensitive information -- such as merger and acquisitions plans, legal or human resource information -- should not participant in BYOD either.

“But for the most part, organizations should not be afraid of BYOD, they should be embracing it,” he said.

When asked if banks and financial institutions were one such vertical opposed to BYOD due to the high volume of sensitive financial data being handled, Roemer pointed out that the sector has actually been leading the way in the promotion of BYOD.

“Oddly it hasn’t been the case. This is because within banking and finance, there is very well understood fraud management processes and their customers are also walking around with handheld devices and doing banking via them, with banks encouraging it. So how can they tell their customers that ‘yes these devices are secured for banking transactions’ but tell their employees that they can’t BYOD? They would be hypocrites,” he said.

The curious case of SMEs

One would assume that small and medium enterprises (SMEs), with fewer resources and less manpower would have difficulties adapting to the shifts in IT trends. However Roemer points out that this class of businesses has actually reaped the most benefits.

“You would think cloud computing and BYOD would make SMEs more vulnerable but that’s proven to be exactly the opposite,” he said, adding that many SMEs don’t have the resources from a personnel, network and facilities perspective to really provide for advance security in most cases.

“But by moving to the cloud, they immediately inherit a professionally managed environment that is managed 24/7 around the globe. Many SMEs couldn’t afford that before and now they are able to get to a much higher level of service and security for lower cost,” he said.

The BYOD trend has also eased the burden on SMEs with little to no in-house IT expertise.

“As a smaller enterprise, you can’t always put an IT person right in front of those who need help. With BYOD, most people manage their own devices, they know how to do that on their own very well, and when someone needs help you just connect with something like GoToAssist which will be able to give them quick expert advice,” he said.

For smaller companies, this means the responsibility for endpoint security is split between the employee and a very skilled IT person who can provide support but doesn’t have to be everywhere.

Roemer added that he also sees startups that are not encumbered by legacy infrastructure grow very quickly and do some very amazing innovations with computing.

“Legacy environments aren’t able to leverage on these new technologies as easily. So these changes have prompted a different way of thinking and using resources,” he said.

For those thinking about embracing BYOD and incorporating it into existing IT environments, Roemer shared his top three tips:

Make sure you’re thinking outside the organization’s environment with the needs of employees and globally. How can this BYOD program continue to expand and provide benefits to employees?
Constantly revisit policies and protocols because BYOD is still in its infancy. Don’t rest on the laurels of your current program. Revisit and make sure it continues to be relevant.
Constantly learn from people who are bringing in innovative technologies, even from other industries.

“It may seem funny but go out and try some of the new gaming platforms and new consumer technologies. They might have absolutely no applicability to work but brainstorm about how they might have that applicability because guess what, someone is probably going to be bringing it in and trying to use it,” he said.

Next up: Citrix’s Roemer shares his thoughts on the security readiness of today’s mobile platforms and what organizations should be thinking about with the cyber arms race now in full swing.