Tuesday, April 01, 2014

BYOD. Be careful what you wish for.

Although we didn’t as yet have a name for it, BYOD was starting to creep into corporate just as I was starting to creeping out.

For those not familiar with corporate-tech jargon, BYOD  is not about bring your daughter to work week. It stands for Bring Your Own Device.

It all started when folks began using PDA’s like Palm Pilots and mobile phones, and found that they were useful for work. Ditto the home computer. (Hey, I can get work done on weekends without having to drag into the office.)

Anyway, some companies began issuing mobile phones – mostly to sales folks and executives - and even those who didn’t get a blessed company device started using their own gear. And then, all of a sudden, the distinction between work and personal time became completely blurred. And all of a sudden, workers were so grateful to be able to take off the afternoon for a kindergarten graduation that they were willing to work an extra ten or twenty hours a week in return. (Fair’s fair.)

Then mobile phones got smarter.

So who wanted the clunky corporate flip phone (or its successor device, the Blackberry) and a separate PDA when they’d gotten an iPhone or an Android something-or-other for Christmas?

And your Apple was cooler than the HP laptop that the company had assigned you.

And then there was the iPad and the rest of the tablets nestled in colorful tissue pape under the Christmas tree.

A device that people actually wanted to use for not just personal stuff like filling in their NCAA brackets, selling off their parents’ attics on eBay, and updating Instagram. But for work-work.

So somewhere in corporate a light bulb went off. Say, we can get employees to pay for their own equipment, and even if we subsidize this somewhat, we’re still saving a boatload of money, and – get this – they’ll be so happy that they might not even realize that, heh, heh, they may be getting exploited or even, heh, heh, a bit screwed.

Of course, from the corporate perspective, employees were clamoring to use their shiny new toys. And corporate really did need to get a grip on things, given that, all of a sudden, those clamoring, iPad-bearing employee masses were clamoring for access to corporate everything on their personal devices.

Oh, the security!

Anyway, the buzz about BYOD made a recent article in Venture Beat good reading.

It seems, in fact, that employees, so eager to bring their own devices, may not have read the fine print in the corporate BYOD policy, or noticed what exactly IT had done to that device to make it corporate-ready.

One morning you wake up, reach for your iPad to check the email but it doesn’t turn on. Your iPad is dead. Totally bricked. After a quick family investigation you realize that the little one tried to guess your password to play Angry Birds before you would wake up. Too bad the security policy enforced by the corporate email account triggered your iPad self-destruction to prevent sensitive corporate data from unauthorized access.

Angrier than those famous birds? Wait until you realize that the device itself can be brought back to life and your corporate data restored. But that your pictures, videos and songs are gone. Forever. (Note: the case above is based on a true story, my son’s name is Luca.) (Source: Luca’s father, Cesare Garlati , in Venture Beat.)

It gets worse.

Many employees who use their personal devices for work are shocked to find out that their smartphones, tablets, and laptops may be subject to discovery request in the context of a litigation involving their company.

See you in court!

Meanwhile, IT may be able to track your location, and monitor all of your online activity. (Where’s Edward Snowden when we need him?)

And back to the loss of personal data: “remote delete [may be] part of the standard employee termination process,” and the software that does the remote deletion is not likely to make any distinction between what data is yours, mine, and ours.

BYOD used to sound so appealing, didn’t it? If only I could use my Galaxy for work…

Be careful what you wish for.


Just occurred to me that I access a couple of client networks from my very own personal devices. Could get ugly…

No comments: