10/08/2012

By Barry Gill, Enterprise Consultant, Mimecast

All I hear these days is “talk to them about BYOD (Bring Your Own Device)” and “how does it impact corporate networks and CIOs’ decision making processes”.

Employees are already bringing their own devices into work and using them to access work email and documents remotely, so a good CIO – especially one aware of the risks involved in many devices accessing the network without surveillance – should enable the workforce to work as they need. Recent research has shown that IT departments are increasingly concerned about the security implications of mobile email and remote access to emails in particular, 39% and 41% respectively cite it as a concern. However, organisations are still more concerned about email-based viruses (55%) and email security breaches in general (55%).

But is there any difference between using your favourite tablet for work on your commute and bringing your own Parker pen to the office in 1989?

Take Microsoft Exchange and the iPhone – if you connect your iPhone to the corporate Exchange server you are forced into having a pin lock so that you can’t let others view corporate sensitive data when you leave your phone at the bar to take a comfort break. Sure, remote wipe exists, but even that base level pin lock is enough to let corporates feel a little more comfortable that their security concerns are noted and at least partially actionable. BYOD actually impacts CIOs far less than many would have them believe, as there have been elements of this happening in corporate networks for a long time and the risks are easily combated.

To represent it in a more Galactic way, the story of Darth Vader’s fight against the Rebellion – while not a true and accurate representation of the average organisation – lends some parallels. How would Darth Vader have reacted if he was told he could only use a standard issue Empire phaser gun and had to leave his lightsaber at home? Especially difficult for him as all the spaceships he travelled in were part of the Imperial Fleet and thus work vessels!

There are numerous instances of senior staffers coming from one project to another and bringing with them the tools that made them successful in their previous projects – probably the very tools that made them attractive to the organisation in the first place. These tools are tried and tested in those individual’s work processes, and get brought along because those people know beyond any shadow of a doubt that those tools make them more effective. As long as the IT department is informed of any new devices or apps then all should be well, if correctly managed.

Many agree that consumerisation of IT is being augmented (if not exactly driven) by organisational leadership acquiring new tablets, smartphones or other technological widgets that allow them to become just a little bit more mobile. So, unsurprisingly, just as Darth Vader clearly made all the Imperial commanders secretly wish they’d trained as Jedi (if for nothing else than to mentally combat the imminent threat of choking), ‘special’ devices will inevitably be noticed and coveted by staff. Moreover, as these devices are clearly useful and enable a more flexible and efficient work-style, people will assume that they are acceptable pieces of technology… so the spread of similar technology begins.

Sure, Darth Vader could have run the Death Star and fought the Rebel Alliance without a lightsaber, but it would most certainly have made it more difficult and less visually stimulating. His minions would have feared his use of the dark side of the Force, with or without lightsaber, but his ability to fend off attacks by people with similar training would have been severely hampered. In much the same way, employees arriving with personal tablets that are configured with all the right apps and processes for them to be super-efficient at what they do are equipped to fight the competition or drive value much better.

To come back to Earth, take countries like South Africa, where it is not the norm to be provided with a company mobile. Sure, companies pay their staff for work-related usage or they provide an allowance, but in most cases it is a system that relies on the user having a mobile device to begin with. In that economy, CIOs and IT managers have been dealing with user choices in device purchases for many years and they have simply been getting on with it because it is not a scary new thing for them to contemplate.

In the UK, a large number of people walk around awkwardly with multiple devices – one for our personal use and one for work. We segregate our communications this way because we don’t want to tell everyone we know that our number has changed every time we move jobs, a problem that doesn’t exist for our South African counterparts.

Since workers have been provided with corporate communications as a standard for so many organisations for so long, CIOs and IT managers have invested and understood how to best manage the risks and control the environment for their situation. Understandably they are now loath to change their stance and allow a whole new set of unknown challenges to enter their organisations, but – as Darth would undoubtedly agree – the pros way outweigh the cons and, if CIOs in South Africa can manage it, then so should we.