BYOD or Bring Your Own Device is popular with users because they can use familiar systems which they chose. It’s popular with management because it can reduce hardware expenses. Let the employees buy the equipment, they figure.
But this reduction in capital cost can lead to an increase in operational cost when the largely uncontrolled devices cause unexpected problems on enterprise networks.
One organization had a user’s Apple device update itself and immediately cause a flood of logging activity on the corporate Exchange server. The initial description reported 50 gigabytes of log data created by that one device aggressively checking and re-checking for stored calendar events on the Exchange server.
Microsoft’s trouble analysis showed that this was caused when an iOS 6.1 or 6.1.1 based Apple device synchronized a mailbox against Microsoft Exchange Server 2010.
Microsoft eventually released a service pack handling this problem, and Apple’s release of iOS 6.1.2 also fixed it. But in the meantime, the workaround was to reconfigure the Exchange server to block requests from devices running iOS 6.1 and 6.1.1. This became a widespread corporate workaround.
You could bring your own device, it just wouldn’t work.
An IT department wants to know what is going on and to predict what is going to happen. You can never predict everything, but BYOD makes the situation a lot worse. Especially when the devices being introduced are configured to automatically download and install updates with no user intervention. There was no way to revert those updated iPads and iPhones back to an earlier version once they had gone to iOS 6.1.
In Learning Tree’s Cloud Security Essentials course we discuss how cloud computing is not an option for many potential customers due to the loss of control. But you don’t have to send your operation “into the cloud” to lose control, BYOD can cause that on its own.
How can you allow BYOD while still maintaining some control? Here are my suggestions.
Remember that “Bring Your Own Device” doesn’t imply “Sneak It In.” You need to know what is being introduced into your network, both hardware and OS (including version).
Disable automated updates.
You will need to keep an eye on all the operating systems run on those personal devices. When an update comes out, do some qualification testing. The most enthusiastic of the BYOD crowd will probably be interested in helping with the testing, and the technical minded ones will most likely be your best qualified testers.
Once you have verified that the update is safe in your environment, let your people know that this specific update is approved.
Yes, this is a lot of operational effort corresponding to cost. But what made you think BYOD was going to be a huge benefit for free?