A Balanced BYOD Policy is Better All Round | News | ChannelWorld.in

PARTNER HOTLINES

A Balanced BYOD Policy is Better All Round

Added on Nov 28, 2012 by Nick Booth, CIO (UK)

The addiction for tablets has gone right to the head of many organisations, with even hard-headed CEOs of global corporations falling for the style and convenience of tablet computing.

One analyst tells of a client whose CEO summoned the CIO to his office one day and demanded his iPad be supported -- right now. It was no use explaining that a Windows gadget would better fit in with the existing infrastructure and workflows -- the CIO had come face-to-face with the unmovable desire by CEOs and their staff to switch to using tablets for every business process, driving a coach and horses through all the CIO's defences -- the firewall, the codes of conduct, and the mutual concessions made when the CIO consented to letting users bring their own devices into work.

The tragedy is that CIOs will still be held responsible should personal or company information be leaked. It's not entirely their fault that a user downloaded Dropbox then unwittingly started distributing sensitive data all over the place, nor that a lawyer left his iPad in a bar and that confidential client information is now in the hands of a newspaper. But the CIO will be held legally responsible.

On the other hand, strict enforcement of company policy can put you in an equally tricky position. Wiping the boss's family photos off a mislaid iPad, though understandable from a compliance standpoint, could leave you open to legal action. Especially if they subsequently discover that their daughter borrowed it and change their story to say it was never reported lost in the first place. If you didn't record the conversation, how do you prove it wasn't your negligence that destroyed their personal property? In short, you could either face an FSA rap for compliance irregularities, or a civil case for damages from your boss.

"Until the legalities of device wiping are tested in the courts it will remain an area of uncertainty. It's one of the main factors that deters CIOs from implementing BYOD policies," says Paul Vlissidis, technical director at NCC Group.

Will the IT industry come up with an answer to this problem? Rob Sheppard, business client marketing manager at Intel, seems hopeful that the evolution of mobile technology will offer some answers.

"Towards the end of the year, when all the Android and Windows 8 devices come out, there should be much better choices available to the end user," says Sheppard of the Intel-powered devices. A shift in sentiment could help the CIO persuade users to rally around Windows, which could help the IT department regain control.

"We could see the IT department get a chance to put their foot down and specify a particular device that fits in with company workflows," says Sheppard.

Aside from raising their game on touch and user experience, Intel-based Windows tablet and smartphones could tighten up security controls with a new range of options. Lost devices could in future be stunned from the bootup process, the chipset paralysed by a remote command that would effectively turn any device into a brick. Anti-theft support developed by Intel will offer CIOs a more subtle range of options, says Sheppard. You could become a lot more selective about what you delete from a tablet, so that a departing employee wouldn't have to have their entire personal life deleted. Deep Defender technology, loaded at sub-operating system level, will identify destructive and dangerous behaviour a lot earlier too.

According to Andy Dancer, CTO at Trend Micro, the IT department's baseline security should be a combination of encryption, device partitioning and remote wiping, with users encouraged to back up personal information.

In future, promises Dancer, encryption will become part of the operating system, which will make enforcing company policy a lot easier.

Risking user revolt

The big danger is that the user experience will change, and that is when you lose the goodwill of the users. "Consumerisation and Apple's dominance of the tablet market should have taught us that user experience is everything. If we try to take the user backwards to a less optimal experience then I think they will look to find ways round it," warns Dancer.

Partitioning, while it is a logical solution, fails this usability test. Creating two devices in one, on the same hardware, means the user has to think which one they're in - which inevitably means some work will be done in the wrong part of the device. By definition it won't be easy to move your work from one device partition to the other, so there will be corporate information in the wrong place over which the company will have no control.

Education is essential for a successful mobile usage policy, says Christopher Davies, employment lawyer at national law firm Gateley. The problem is that few people understand that the content of their phone is the company's intellectual property.

"Employees' gadgets remain their property, but anything created on them for work purposes belongs to the company. That may sound obvious, but, if it is not clearly set out in a policy document it may lead to later disputes," says Davies.

You need to communicate, in as friendly a way as possible via presentations, awareness events of even by making a short film, the concept that any information created at work for work, whether documents, photos, notes or similar content, becomes the intellectual property of the company.

Mark Webber, a partner and head of technology at law firm Osborne Clarke, which specialises in advising digital businesses, has some pointers for devising policy.

Most legal traps associated with BYOD can be dealt with if there is good communication and consistent policy as long as the policy is communicated up-front, says Webber. Interfering with the end user's devices is the legal minefield you have to be wary of, and it's especially scary for those whose users are covered by European law.

"It is all too easy to fall foul of laws which prevent interception and the use of an individual's location without their consent," says Webber. "This consent ought to extend to all the possible interventions. It's not just about deleting information, it's about routine maintenance and updating software."

Any access to an employee's device ought to be subject to obtaining the prior informed consent of the employee. This should be given freely and voluntarily and employees should be fully informed up-front in a well prepared BYOD Policy.

Honest and up-front

You can protect yourself from the potential liability of wiping the boss's iPad if you have notified them up-front of aspects of BYOD policy, reminding them that the employer may exercise certain control rights like mandating strong passwords or auto-wipe of devices after a prescribed number of failed password attempts. Put it in writing that there will be no compensation in the event of loss of personal data or information from the device as a result of the employer's actions and remind people that it would be prudent to regularly back up device contents and data.

If a company allows their data to be transferred to another machine, they are responsible for it, says Norman Shaw, MD of ExactTrak. "The Information Commissioner is quite clear on this. The CIO will be ultimately held responsible for data which is lost via an employee's personal device," says Shaw.

"It is surprising that so few businesses alter their employees' contracts to reflect the BYOD trend and iron out any ambiguity over data security responsibility," says Shaw. "If employees are aware that transferring certain files onto their devices breaks their contracts, it may make them think twice before doing so."

EDITOR'S PICK

Forecast 2015: IT Spending On An Upswing

As purse strings loosen up, CIOs blend innovation into 2015 IT budgets, but security and cost containment remain top priorities.

‘Security Compliance is Not a Proactive Phenomenon in India’

Pavan Duggal, Cyber Law Expert at the Supreme Court of India, explains why channel partners need to look beyond the IT Act 2000 as the security standards, given today’s fast-changing threat landscape, rapidly evolve.

IT is Indispensable for Business Optimization: David Aires, Intel

David L. Aires, VP, Information Technology Group, and GM, Information Technology Operations, believes security to be the biggest challenge in the current IT environment.

Is the CIO Role Nearing Extinction?

New technologies are shifting power to the hands of the user, endangering the CIO role. But do Indian CIOs consider that a threat or an opportunity? 

The Authentication Market is Big Play for Channels: Gaurav Chawla, Gemalto

We are building a partner network to address the increased demand for authentication solutions across India, says Gaurav Chawla, Director, IAM, Gemalto India.

Versatile Infosecurity: Riding the Security Wave

It takes vision and persistence to stay on top of the security curve. Versatile Infosecurity has mastered that art.

How Futurenet Technologies Helped Sterlite Copper Adopt Next-gen Client Computing

Sterlite Copper was able to successfully adopt next-gen client computing facilities with hand-in-hand assistance from Chennai-based Futurenet Technologies.

DigitalTrack Solutions: Right on the Security Track

DigitalTrack is keeping pace with the changes in the IT security space through DDoS and WAF solutions and is pushing security audits as part of its next move.

SLIDESHOWS

6 Leaders Who Headed for an Abrupt Exit

The abrupt exit of top leaders of Indian and global tech companies this year, with many of them citing ambiguous reasons, surprised the technology world.

Gartner Executive Summary Survey 2014

Gartner's Annual CIO Survey highlights the trends that will drive organizational IT spend in 2014.

10 Overhyped Tech Products That Crashed and Burned

The demos blew everyone away. Then reality hit.

Gartner Executive Summary Survey 2014

Gartner's Annual CIO Survey highlights the trends that will drive organizational IT spend in 2014.

ChannelWorld Survey: State of the Market 2014

Partners poll their sentiments, expectations, pain points, and challenges for the coming year.

FAST TRACK

Mudra Electronics

A vendor-agnostic strategy helped us sustain business, says Bharat Shetty, CMD, Mudra Electronics.

Systematix Technologies

Our USP is a customer-friendly approach backed by services, says Akhilesh Khandelwal, Director, Systematix Technologies.

CorporateServe Solutions

Our ability to turnaround complex ERP projects in record time is what gets us customer referral, says Vinay Vohra, Founder & CEO, CorporateServe Solutions.

KernelSphere Technologies

We are emerging as an end-to-end systems integrator, says Vinod Kumar, MD, KernelSphere Technologies.

Uniware Systems

We constantly validate emerging technologies for first-mover advantage, says Vergis K.R., CEO, Uniware Systems.

Astek Networking & Solutions

An innovative approach helps us stay successful, says Ashish Agarwal, CEO, Astek Networking & Solutions.

CSM Technologies

Our approach is backed by innovation and simplicity, says Priyadarshi Nanu Pany, CEO, CSM Technologies.

ETSC Computers

We want to be recognized as a complete solution provider, says Kailash Gupta, Director, ETSC Computers.

VIDEOS

Arun Parameswaran on VMware’s Cloud, Mobile, SDx Strategy

Arun Parameswaran, MD, VMware India, talks about transformation, strategy, roadmap, and VMware’s role in driving the shift to cloud, mobile, and SDx.

Parag Arora, Citrix: Our Portfolio Will Augment Our Strategy

Parag Arora, Area Vice President, Citrix India, elaborates on his action plan for the company after taking over operations in India.

Shibu Paul, Array Networks: ADN is a Great Business Opportunity for Channels

Shibu Paul elaborates on how Array Networks is empowering its partner ecosystem to address the modern datacenter challenges in India.

Scott Robertson, WatchGuard: We are an End-to-End Security Solutions Company

Scott Robertson of WatchGuard elaborates on the company’s partner roadmap in India and its subsequent shift in the security space.

Gaurav Ahluwalia, R&M: Channels Will Accelerate Our Datacenter Business

Gaurav Ahluwalia of R&M speaks on the company’s renewed focus to build its channel ecosystem and address the datacenter demands of India Inc.

Venkat Murthy, 22by7 Solutions: Real Value is in Solutions

Venkat Murthy, Prime Mover, 22by7 Solutions, elaborates on the need to look at a solutions approach rather than a mere hardware approach.

What Channel Partners Can Learn from a Sahara Adventurer

Steve Donahue, a desert adventurer and a best-selling author, takes experiences from this travels in the Sahara and turns them into lessons for channel partners, as they navigate the shifting sands of today's business and IT environment.

Rahul Agarwal, Lenovo: Profitability and Value Proposition are Vital

Rahul Agarwal, executive director, Commercial Business Segment, Lenovo India, talks about Lenovo’s renewed channel strategy and why the company is now an attractive proposition for its partners.

EMC PARTNER SHOWCASE

Partnering for Profitability

Atul H. Gosar, Director, Network Techlab, shares how the company’s association with EMC has provided it with a competitive edge and a wide customer base, leading to increased profitability.

Sponsored Content

Promising Pipeline

Venkat Murthy, Prime Mover, 22by7 Solutions, shares how EMC brings in competitive edge by enabling technology, GTM and lead generation, helping 22by7 acquire new customers and retain old ones.

Sponsored Content

Powerful Performance

Deepak Jadhav, Director, VDA Infosolutions, says initiatives by EMC around training and certification have helped the company’s staff improve its performance and enhance customer experience.

Sponsored Content

Performance Booster

Rajiv Kumar, CEO, Proactive Data Systems, says that the solution provider’s association with EMC has helped expand its customer base and added value to existing offerings.

Sponsored Content

Pursuit of Profitability

Santosh Agrawal, CEO, Esconet Technologies, shares insights on how the systems integrator’s association with EMC has spelled sustained success over the years.

Sponsored Content

Non-Performance is Not an Option

Nitin Aggarwal, Director, Trifin Technologies, shares insights on how the association with EMC has helped the system integrator stand out and empowered its personnel to deliver consistent performance.

Sponsored Content

STRATEGIC DIRECTIONS 2014

Driving IT to Make an Impact: IDC

IT is being increasingly viewed as something which would help drive revenue rather than just another cost line-item.

Software-Defined Infrastructure: Forrester

Firms must invest in transforming infrastructure to eradicate complex infrastructure to keep pace with business needs.

Better Safe Than Sorry: PwC

Organizations should create a culture of security that starts with commitment of top executives and cascades to all employees and third parties.

New Skills for a New Era: Gartner

A new talent strategy is required—one that is a key part of the evolving IT strategy and one that focuses on a blend of business and modern IT skills.

The Rise and Growth of Big Data: Ernst & Young

Leading organizations are reaping rich rewards on their investment in big data even as competition struggles to keep pace.

SOCIAL MEDIA @ CW India
SIGNUP FOR OUR NEWSLETTER

Signup for our newsletter and get regular updates.