Bring your own device (BYOD) is not new to IT. Most companies are allowing employee-owned devices access on the corporate network. It may lead to cost-savings to the management and a fair deal of employee convenience, but, for IT, it is certainly an uphill task with a boatload of management headaches. While there are known security issues and lack of management capabilities due to increasing device endpoints (thanks to BYOD!), organizations are making their BYOD policies more stringent and pushing IT departments to ensure security, compliance, and optimized IT resource utilization.
What most companies have been overlooking with the BYOD trend is that, this has given rise to greater personalization and consumerization of IT services than anticipated. Employees are starting to feel comfortable using their own devices – which is fine – but they have also started leveraging shadow IT services wherein they are bringing into the enterprise network their own applications (aka BYOA), collaboration systems, and cloud storage. This practice is gaining popularity and is called bring your own IT (BYOIT) – which not only includes mobile devices, tablets and laptops, but a host of other IT services and third-party applications that IT teams have no control on. To make it more arduous for IT teams, BYOIT is happening from employee-owned devices which already IT has less visibility into. To name a few, employees are
- Installing applications from the Internet to resolve issues
- Leveraging third-party cloud services for data storage
- Using insecure file transfer methods to share data
- Connecting mass storage devices to enterprise workstations
- Using antivirus and antimalware software that are not IT-approved
- Using collaboration systems and instant messengers for communication outside the firewall
- Utilizing network bandwidth for personal use – streaming videos and downloading apps
Besides the obvious security and compliance implications, there are many IT management headaches such as:
- Maintaining inventory of connected devices and tracking BYOD assets to employees
- Inconsistent IT approach to patch management and upgrades
- Difficulty to enforce policies due to different device platforms and operating systems
- Difficulty in handling IT tickets, and more time spent investigating issues and troubleshooting them
- Difficulty to spread IT awareness as different users are using different devices and platforms
Do you face this challenge in your organization? If you are in IT, how do you control this situation and put reins on BYO-anything?