How to assist my staff wanting to bring their own devices to work?
Phil, for this very reason cloud computing/hosted desktop becomes a very strong argument. Let me explain, as everything is stored on the servers in the datacentre by your cloud provider it alleviates a number of issues. Let's start with concerns about loss of data, computer or notebook breaks down or even if it gets stolen or the employee leaves. The beauty about having it all in the cloud is that data is always secure and backed up, as all you're doing is accessing it via secure Citrix connection through your web browser. The employee is able to log via any machine even if it is a old one that you have lying around at your office and be up and running in a matter of minutes. It also prevents the employee from copying all the data onto their own machine when they leave, as you can prevent this from happening through policies in Citrix. Having it hosted also means that you can run it on any make of machine as long as it has a web browser. Another major advantage here is that if you have a new starter there is no need to wait to have the new machine / device configured for the local network and all the software installed. Again is just two clicks one to open the browser and the other one is to install Citrix client and off they go as long as they have a username and password. Viruses, again you are protected against local viruses as your hosted environment is cocooned and is well protected from attacks. It is recommended that the local machine have it's antivirus product up-to-date and running on the machine. A very good product is the Microsoft antivirus which is free and very easy to keep up-to-date and on a Mac you can use Sophos which is also free. I'm not sure that this is a case for all cloud providers but what you will find is that your support costs of managing the hosted environment are all included in the monthly fee. Which means that your support costs for that device are minimised to almost zero. The reason is that the person that has brought in the device will be responsible for maintaining the hardware and needs to accept that responsibility before you allow them to bring the device to work. The rest of it is taken care of by your cloud / hosting provider. Therefore your policies governing BYOD become a lot more simple and much easier to manage. This is one of the major drivers for a lot of small to medium businesses to move into the cloud. Hope that helps and gives you food for thought.
The second major concern with BYOD (or Bring Your Own Device) is your actual support costs. Many businesses (especially once they start to become structured and controlled enterprise-based organisations) have a very specific set of software, processes and configurations.
Once your team start bringing their own equipment to the workplace, what happens if it doesn't work? Who is responsible for it, you or them? If they are responsible for it but it's incompatible with some of your systems or software, what happens then? Do you have a pool of spare devices for those who BYOD and it doesn't work?
What if your in-house IT team do some work to make it work and as a result the employee loses data, or the computer breaks down. Will you then be accepting responsibility, or will you just tell your IT support members not to fix personal devices? (In which case your employees may then need to involve an external provider who can fix it for them, but at the same time potentially gain access to, or knowledge of, your network.)
BYOD isn't something that should be avoided, but it's also not a solution for every business. You need to weigh up the potential cost of lost productivity time, as well as the cost of having IT support look after the devices, or making sure your infrastructure is capable of handling BYOD devices.
You might also need a hard and fast set of rules, as outlined in the first response above - "all windows computers must have valid antivirus subscription and be up to date within 2 days of definitions and within 7 days of Windows patches." Then use system health validators to firewall the devices off from your network if they don't meet those requirements.
Your dream is no longer a dream :) In a hosted desktop environment everything is kept separate, no company data on the BOYD and therefore no personal data on the company servers. In the Windows environment all you need to do is ALT-TAB between the to environments and this applies to the Windows mobile devices as well. In the Mac world you would move between spaces and again this applies to the Ipad and even the Google tablets. I have a Mac and when I am at work or for that matter at home working I have my personal environment open in Desktop 1 (spaces) and my work environment open in Desktop 2 (if you have a mac you will have a better understanding of this). When I am in the hosted desktop environment I have access to all my company data and printers etc no matter where I am traveling. For example I was in NZ traveling from the South Island to the North Island on the ferry. I was able to log into my hosted desktop on my Google tablet via 3G and was able proof read a document in Word make the changes (attach a diagram from Visio) and email it off. Close down the work environment and return to sending off a picture of the scenery to my family from my personal email using the native email client.
Skeeve - the new Blackberry OS offers this. It has distinct "corporate" and "personal" partitions (for lack of a better word) that allows the enterprise side to be controlled by the enterprise, and the personal side to be offlimits to enterprise. This means the enterprise could wipe all the corporate data when an employee leaves, without damaging their personal information.
to my understanding, there obvioulsy has to be some communication between the two sides but it's kept fairly separate..
Skeeve Stevens Chief Network Architect and Founder at eintellego Networks
This is a post I did in December... reposted due to the topic. From: http://network-ceo.net/2012/12/01/the-future-of-byod-a-vision/ --- BYOD was a long time coming. Microsoft had Windows NT and Windows 95, one business and one consumer. It took them a long time to realise that people want to use the same thing at work that they use at home. So the BYOD really has been growing under the radar for some 15 years now… IT just didn’t realise it. It is how the Apple iPhone is making itself a dominant force in the business world, without actually approaching the business world. Win the hearts and minds of actual consumers, and they will rise up against the corporate dictatorships eventually… and surprise, we now have the BYOD revolution. I think that BYOD won’t succeed in the end. Not that BYOD won’t changing things dramatically, but big business can’t afford the risks that come with BYOD. A few massive breaches attributed to BYOD and it will be put back in the box to a certain degree. I don’t mean this will kill BYOD, but what I am thinking is a future with smarter devices – not smart phones, but genius phones (can I trademark this term!?), where there is some sort of virtualisation/personalities on phones that control information flow, enhance security, etc… Businesses will be able to insist on a range of advanced devices in which they will be able to control ‘part’ on the device relating to business. Imagine a device with 2 phone numbers… two email accounts, two evernote/dropbox/sugersysnc/twitter/etc etc etc. You load a policy and give the business control of your ‘business’ personality – with being able to manage/wipe/etc remotely – but just the business part. Imagine losing your advanced device, you report it to the company, they send out a signal and the business personality is gone… or they fire you and do the same. I imagine a phone where a new employee starts, is issued a business ‘number’ that you load onto your advanced device and can begin receiving calls, emails, etc. It will be a single device, but will support the BYOD philosophy, save businesses money on hardware, and make the users comfortable with the emotional attachment they have to their devices. If Apple or Google made this happen, or collaborated on some standards, there would be a massive revolution in the BYOD space. Imagine if tablets, laptops, etc could do the same? I’m getting myself excited just dreaming about it. …Skeeve
The model you're suggesting is actually more or less exactly the way it should work.... although whether or not it needs to be cloud-based is a different issue :)
Micha Wotton Head of Development at SavvySME
As Nick said, security is the major concern. Most devices will be running one of a fairly limited range of operating systems, so configuring the devices to work with your particular network design and the services on that network should not be too difficult.
Take into account the possibility for these devices to be carrying some malicious payloads, and you'll not only be providing for the needs of your employees, but you will also be forced to boost your defences against attacks from the internal network, thus improving your overall network security.
Nick Chernih Founder at LinkBuildSEO
I think the most important thing to consider is security of the devices. I think it's great that you are thinking of allowing your employees to bring their own devices to work but it may be a good idea to establish a good set of ground rules. If information leaks out, how to deal with it. It may be as simple as having your employee create a separate account on their laptop for work and a separate one for home.