Ride the Lightning

BYOD: Time to Fall Out of Love With It – Here’s Why

November 14, 2017

We spend a lot of time trying to disabuse businesses of the notion that Bring Your Own Device (BYOD) is a good idea. They tend to think it will save them money, but they can't seem to grasp the total cost of ownership.

So we were pleased to see an article in The Register by Dave Cartwright, a veteran administrator of BYOD management, stating that he has fallen out of love with BYOD.

The notion that it is less expensive turned out to be fallacious. If the equipment belongs to the user, it will belly up or malfunction from time to time and the user will be without it while it is repaired. So you need to have spare equipment around to loan out – and of course it won't be exactly what the employee had nor will it have the same software so they will be less productive and unhappy.

Sometimes employers provide the support – and that costs money too.

In some detail, Cartwright talks about the many hassles of securing connecting personal devices to a corporate network.

"First is the concept of a "quarantine" VLAN. The idea's simple: when anything accesses the network for the first time in a session, the infrastructure puts it in a VLAN that can't see much – generally it can't see anything but the internet and a server that deals with network admission. The admission server won't let the device join the proper LAN unless it's convinced that the device's OS is up-to-date with patches, that it's running a suitable anti-malware package, and that the latter is also current with regard to its patches and virus signature files. Now, although it's a simple idea it's also relatively complex to implement and has a non-trivial cost: so unless your BYOD world is extensive, it may not be worth it.

An alternative is to decide that anything BYOD needs to stay outside the network completely, and act simply as a dumb terminal to the corporate system. You generally achieve this using some kind of virtual desktop à la Citrix or VMware. Again this is non-trivial and not cheap: it needs hardware, software, knowledge and maintenance. Getting the kit to talk to the network is non-trivial too, then."

As for managing the devices securely, Cartwright has a lot to say. Policies clearly don't work all the time so technology has to manage it. There is good technology to do so, but it's expensive.

As he says, BYOD sounded like a great idea. But it opened a whole new world of complexity in terms of support and device management that had not been foreseen beforehand. Accidental deletion of personal files during an application update, for instance, didn't sit well with employees.

In the end, Cartwright concludes, as we have, that it is much better to bring back control over the ownership and supply of devices. To quote him, " Owning the device brings back some much-needed control to proceedings: If you own the device you can be totally black-and-white about what users are allowed to do and what they're not. If there's an application update, it's not their files that get wiped and if it is then their files shouldn't have been on there in the first place.

Ultimately, ownership means you can end up on the right side of a term that seems to have fallen into disuse these days: Total Cost of Ownership. Reversing out of the unknown and unforeseen costs of BYOD for the known knowns of supplying your own: of controlling support and management and containing the risks – while getting benefits of mobile, of course."

That "total cost of ownership" argument is one we use too. There's also risk management – if you fail to properly manage all these personal devices, you are enhancing the risk of contracting malware or having a data breach. If those things happen, your total cost of ownership will skyrocket. Not bloody worth it.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson