Bring your own device (BYOD)

The 10 Danger Signs of a Failing IT Project – webinar on Oct. 30

Learn the red flags you should watch for in major IT projects.  I’ll share with you insights about identifying and responding to problems in management of IT projects.

Join me in this free one-hour webinar on October 30 at 10 AM Pacific time.

Register here

 

“Bring your own device” (BYOD) is the latest watchword in corporate IT.  For mid-sized companies and organizations, how should we think about mobile Apps?  Are we ready to embrace them?

Back in the good old days (before the iPhone, for example), companies only worried about laptops and their applications, and about lost BlackBerrys.  Applications did not change more than once every 3 to 6 months at the most frequent, so IT departments could spend a fair amount of time vetting the applications before deploying them for use at the office and away from the office.

Now, everyone has a smartphone and everyone wants to use one for access to the company’s databases.  This opens up a lot of security and usability issues.  Here are some of them:

SecurityCan unauthorized people get access to the databases?

PortabilityWill access from a smartphone compromise the effectiveness of the data because input is less reliable?

AccessibilityWill access from a smartphone make it difficult for the user to read or use the information?

Now that the Apps are in a small portable device, we have to worry about both old and new threats to security:

Spam – unwanted messages coming into our network

Phishing – malware injected into portable devices and crooks getting access to valuable data or login information

Data leaks – loss of valuable data by accident

Lost devices –  loss of the mobile device itself, together with its data and login information

Should I try to control the Apps?  The answer is yes and no.  Yes, make sure that you thoroughly test Apps that are to be used to access corporate data.   And no, don’t prevent people from downloading what works for them.  If and when you run into problems with a particular App, you can always ban its use.  Of course, this means that you should monitor which Apps are being used.

How can I avoid disaster?  Here are a few general principles:

Develop a list of trusted partners & suppliers for mobile Apps.  Also develop an in-house capability for testing and verification of operation (and problems).

Also develop a program of training for everyone who uses a mobile device for accessing corporate databases.  Make sure they understand the company policies about access and sharing of data.

Perform regular review of security policies and procedures.  The policies don’t have to be extensive, but they should be clear and enforceable.  Don’t try to enforce policies related to activities that you can’t monitor.

When introducing new capabilities, start by rolling out a new App on a small group first.  Monitor the new App more closely than you do for mature Apps, and make quick corrections when there are problems.

We are at the beginning of the mobile device era. PCs will have less and less influence on the future of IT interactions, while mobile devices will have more and more influence.  There is no way to stem this tide, so you may as well embrace the mobile devices and their Apps.

Be Sociable, Share!
About John Levy

John Levy, Ph.D. is an expert in computers, software and storage who is available for consulting in patent litigation.

For more information, email him at johnlevyexpert.com, or call 415 269-4096.
And check out John's profile on LinkedIn!