Last week at Interop, New York’s Javits Center was abuzz with IT professionals seeking practical advice on IT management good practices (and the technology to support them). The conference element included the following tracks:
This BYOD* and mobility-related blog is the first of a number of SysAid blogs based on the Interop sessions – with the intention of spreading the Interop advice and good practice wider than its physical attendees.
Michele Chubirka, a security architect and best practice researcher, presented on “BYOD: Beating IT’s Kobayashi Maru.” For those of you not up on their Star Trek folklore, Kobayashi Maru refers to a no-win situation, or the need to redefine the problem. In this case, that in Michele’s opinion: “The answer to BYOD cannot be, “No,” but a qualified “Yes, and….””
The point is that BYOD is not something that can be prevented, bar situations where industry legislation or regulations limit the use of certain technology – corporate or otherwise – in the workplace. And, instead of fighting BYOD, corporate IT organizations should be looking to ensure that they are ready for, and accommodating to, BYOD – and both protecting business assets and operations, and optimizing employee productivity.
Michele stated that organizations need to have the following in place for BYOD:
And that organizations don’t need to reinvent the wheel here. Instead they should use Google to find existing examples of the above, which can be tailored to suit their own needs. For example, the White House’s BYOD guidance for government, or SANS’s AUP.
Michele also offered the following security-flavored advice, that:
But it’s not just about security.
No IT support organization could realistically support every BYOD device, personally-acquired application, or personally-chosen use case. So organizations need to be very clear on what they will and will not support. Michele's three key support points were that:
She also pointed out that a resource matrix should be used, based on data classification and the level of risk the organization will accept, to document which applications and facilities are approved, provided, and supported for corporately owned devices, employee BYOD devices, and office guests.
Michele finished with a short list of BYOD misconceptions:
And some key takeaways for the audience (and now you):
So there’s a lot to consider from a BYOD management and service delivery perspective. But, importantly for us at SysAid, one has to remember that mobility isn’t really about mobile devices and apps. Rather, it’s really about supporting employees and customers while they are on the go – it’s about service delivery and service experience, and the pursuit of business over IT outcomes.
If you want to hear more from Michele Chubirka you can find her on Twitter as @MrsYisWhy.
* BYOD = bring your own device, the use of personally owned devices in the workplace
** And not forgetting mobile virtualization options such as Nubo.