Personally, I have never been a big fan of acronyms, as I can usually never remember what they mean. I don’t even use any when I send a text message; instead, I write out each word in longhand. So, naturally, we have more acronyms coming our way.
We have only just gotten to the point where everyone knows that BYOD stands for bring your own device and it is not necessary to spell it out each time. But I suppose that life would be too easy to stop there.
Let us try this one on for size: BYOS. A logical progression would suggest that this stands for bring your own software. In fact, Patrick White wrote just that phrase in Wired. Well, how about bring your own services? That is what Rachel Delacour blogged about on Information Management.
I’m sure that if we thought about for just a few seconds we could all come up with an “s” word that would fit in and make sense. I believe that the bottom line is that not only would employees bring their own devices to work, but also their own software.
We are seeing that BYOD does, in most cases, lead to work being accomplished more efficiently, which is beneficial to the company. So if it is easier to use their own devices, doesn’t it stand to reason that it would also be easier and therefore quicker if they used their own software or services?
From what I see, this comes about because many users are beginning to utilize their own cloud services since they are linked to their smartphones and tablets. According to ABI Research (News - Alert), the personal cloud market nearly doubled to $1 billion over the past year and is on pace to top $3.5 billion by 2018.
Delacour points out that many of the services like storage, social and cloud computing services that are personally being used by employees are now used by organizations. However, as is usually the case, there is always the question of security. While it may be more convenient for employees to BYO“X”, if there is a lack of security, then it benefits no one.
According to an article in Know It Information Systems, employees are just a service app away from a Big Data laboratory. Loads of big data about companies, not currently in the corporate database, is available, and vendors are entering the fray to provide this virtual lab space. On the corporate side, companies like IBM (News - Alert) recently purchased Cloudant, thereby getting into the virtual lab game.
The word security can never be stressed enough, especially when it comes to the concept of bring your own “anything.” Below are five network security management protocols that should be taken into consideration when you put that X after BYO:
Establish full network visibility – Take a benchmark snapshot via firewall logs and reports for insight into what devices are actually connected to the network and what applications are being used. Continuously monitor for vulnerabilities, exploit attempts, misuse, and devices that have gone offline.
Application Access Control is an essential technology – Application Access Control plays a pivotal role in making a BYOX policy secure and efficient. Get visibility and control over shadow IT apps running across your network by identifying specific applications and functions that are acceptable, as well as others that are not. With application access control in place, the network becomes agnostic to the device, and can enforce policies based on specific, acceptable applications.
Apply policy to a segmented network – Sensitive data should always reside on a different network than that which is open to guests, contractors, or other non-employees. With a segmented network, IT can apply one set of policies for employees and another set for guests.
Enforce strong access control passcodes – Far too often, businesses resort to user-generated passwords, which are more susceptible to compromise. Password policies for BYOD devices should be as robust as they are for traditional IT assets, such as laptops or desktop computers.
Establish a policy – We harp a lot about setting IT policy, but that’s because while simple in nature, it’s often missing or lax. IT should focus on a policy to “keep BYOD/BYOX simple.” Consider making a broad list (a meta-table) of acceptable devices that can access the corporate network and state which devices/operating systems that IT will and will not support. With device sprawl becoming a more palpable concern for IT departments, it makes sense to centrally manage policy per user, rather than having a separate policy per device that each user may use. A device-agnostic policy approach makes the platform less important than the needs of the user—and makes network security management easier for IT. When employees access the corporate network on their own device, they should agree to adherence of company acceptable-use policies, as well as IT monitoring and risk management tools. Make sure you have tools in place to measure compliance. Finally, your BYOD/BYOX policy should be regularly communicated to all employees.
This information is nothing new; in fact, it was mentioned in
Smart Security almost a year ago. As you can see, these are the types of concepts that constantly need to be looked at and slightly updated to meet the changing technology that everyone is slowly but surely bringing into the workforce.
Edited by Rory J. Thompson