The IT Melting Pot!

This is a really good article by Gene Marks!

Social media.  Cloud computing.  Gamification.  SaaS.  Social CRM. Virtualization.  Mobile.  Every year we hear of the latest technology issues facing small business owners like me.   And now it’s BYOD (Bring Your Own Device).  Everywhere I read in the tech world it’s BYOD.  That’s because with the proliferation of smartphones, tablets and mini-laptops it’s become the hot tech security issue.  Whitepapers are written.  Seminars are conducted. Roundtables are moderated.  It’s a BYOD year.

I have 10 people in my company.  And a half dozen other contractors.  These people are using smartphones, tablets and laptops to access our data.  We do not have a BYOD policy.  Do I really need one?  Do all businesses, big or small, need to really worry about this?  Or is just another scare tactic from a bunch of IT guys looking to put fear into their clients’ minds and generate additional billable hours.

Hmmm.

The fact that everyone in my company has a different smartphone is of no concern to me.  Why should I care if Sam prefers his iPhone but Josh likes his Droid?  They are using their phones to call clients on Verizon or AT&T or whatever so I’m not exposed to any risk there.  The same with texting.  But uh oh…then there’s email.  Am I exposed to security issues when they send and retrieve email from our server?  No.  That’s because we have a hosted mail server and each employee has their own login to their email account.  They set up their email on their own with instructions we gave them.  Viruses, spam and all the other evil things that could happen via email are (hopefully) controlled by the security software running at the server level.

But what about devices like tablets and laptops?  Should I be requiring everyone to use an iPad?  A Galaxy?  A Surface?  I’m not sure why I would do this either.  As of now we don’t have any type of customized mobile application that we’re using as a company.  Instead we, like most of our clients, are using these devices to connect into our server via Remote Desktop.  Some people prefer Citrix.  To me, it’s all the same.  Mobile devices are more and more subject to viruses and other security issues.  And these things can be passed on to a corporate network if not secured properly.  So I’m not downplaying that.  But in most cases the device is nothing more than a dumb terminal.  All the work is being done on the server.  The connection is secure.  A setup process was required to get the client application installed and configured.  But the connection is made through our Virtual Private Network so it’s a secure tunnel.  No data is stored on the device either.  If anything, the biggest concern we’ve had (as have our clients) is that the screen on the typical tablet it just too small to really do effective work.   But from a security standpoint, I’m not seeing the need for a small company like mine to establish a BYOD policy.

But there are legitimate issues about all these devices.

For example, synching of company data to a device is a good reason to have a BYOD policy.  Anyone with a good customer relationship or contact management system will likely want to bring their contacts and calendar down to their device to look at offline.  How this is done will vary depending on the device and could eat up support time.  Securing this data is also a headache, and although most of that is normally done at the application level it’s right to be concerned about company data that’s out and about with an employee.  Particularly if that employee ups and leaves the company.   Every business, big or small, should be worried about that.

And larger companies have larger support problems.  I have a friend who’s a partner in a 200 employee law firm.  The firm has a strict BYOD policy and the IT department only supports certain devices.  In fact, he has to carry around a BlackBerry for business along with his personal iPhone.  It’s a royal pain…

Continue reading here!

//Richard