BYOD | Bach Seat

Tag Archive for BYOD

RB | January 14, 2014

Comments Off

BYOD Obsoletes PBX

FierceMobileIT noted a new study from RingCentral, a provider of cloud business communications systems, which claims BYOD is now threatening the traditional business phone systems. The survey of 309 professionals within organizations who make purchasing decisions on phone systems found that personal mobile devices are so prevalent in the workplace that they are rendering traditional business phone systems obsolete.

According to FierceMobileIT, the survey’s key findings:

Half of the respondents use mobile phones even while sitting at their desk, with a traditional desk phone in front of them
88 percent of employees use their mobile phones for work purposes while on personal time, including evenings, breaks, weekends, and vacations
70 percent of respondents believe office phones will eventually be replaced by mobile phones – Millennial workers are especially likely to believe this is true

RingCentral President David Berman told the author he believes that the new wave of employee-owned mobile devices is better than a premise-based phone system.

Mobile devices are turning into true business tools and are transforming the workplace as a whole, from shifting traditional business hours to changing how employees interact via voice, video, text and other business applications. We believe that all these changes are making legacy on-premise phone systems obsolete as they do not meet modern business needs

Praful Shah, RingCentral’s VP of strategy, told FierceMobileIT that his firm has seen a “tremendous behavior change going on with BYOD.” Asked what stood out in the research to him, he says it was the degree to which employees are using their personal devices to do work. He assumed the practice to be popular, but not to the degree the survey revealed. VP Shah noted;

Eighty-eight percent of employees are using mobile phones in their personal time for work. That is a phenomenally high percentage

The result is a shift in what physical telephones organizations will need to purchase. But it will also impact the need to provide applications that enable the employee to use multiple email and telephone accounts on the device, to keep private life and professional life separate when necessary.

rb-

This study is from a firm that sells a competitive product to on-premise PBX, so they are spreading FUD for their benefit. Firms considering cloud-based services should do due diligence and question how these cloud-based service providers are going to protect their data from government spying or it disappearing with little or no notice.

Additionally firm needs to protect its own data. They need a way to protect their data on an employee’s phone. That could include the ability to completely wipe the firms and the user’s data from the phone. I wrote about how BYOD can land an employee in jail here.

The Top 5 Business PBX Providers for Q4 2013, as Ranked by Voip-Info.org (virtual-strategy.com)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2014, BYOD, Cloud, Computing, Hardware, Millennials, Mobile device, Telephony

RB | December 12, 2013

Comments Off

Is Your Data Safe From Gen Y?

Is Your Data Safe From Gen Y? Fortinet (FTNT) released a new study that says that most Gen Y staff members are thwarting their employers’ Bring Your Own Device programs. Fortinet surveyed 3,200 employees between the ages of 21 and 32 on their attitudes and practices around BYOD and found that 51 percent of respondents said they would ignore formal BYOD policies at their organization. “It’s worrying to see policy contravention so high …” Fortinet VP of Marketing John Maddison said in the study report.

Gen Y staff

The same Fortinet survey revealed that 55 percent said they have been the victims of cyberattacks on their desktops or laptops. The respondents noted that those attacks had affected their productivity and potentially cost them corporate or personal data.

FierceCIO provides another example of staff’s cavalier attitude towards data security from Symantec. According to the Mountain View, CA-based Symantec (SYMC) when it comes to corporate data, employees who feel like they live in a “finder’s keepers” environment, Robert Hamilton, Symantec director of information risk management said. The firm surveyed workers in the U.S. about taking corporate data outside of the workplace if they would use company information in another job and their views on whether that constituted stealing. FierceCIO reports the results of the survey, were not encouraging to IT security professionals and IT management.

Finder’s keepers

40% of employees download work files to personal devices,
40% of employees plan to use old company information in a new job role,
56% of employees do not believe it is a crime to use a competitor’s trade secrets,
68% of employees say their company doesn’t take proper steps to protect sensitive information.

Mr. Hamilton summarized, “The attitude is that ownership lies with the person that created it, not with the company that employs them.” He says companies need to do a better job of safeguarding data from employees, especially with the growing popularity of BYOD. Symantec noted,

Only 38 percent of employees say their managers view data protection as a business priority, and 51 percent think it is acceptable to take corporate data because their company does not strictly enforce policies

A survey by mobile file-sharing app provider Workshare provides more evidence of how employees flaunt IT policies by using free file-sharing services to store and share corporate documents from their mobile devices. FierceMobileIT reports that the firm’s survey revealed that 81% of employees access work documents from their mobile devices. A disturbing 72% of workers are using free file-sharing services without authorization from their IT departments.

Fiberlink recently conducted a survey of its customers about what apps they are blacklisting and whitelisting. DropBox appeared at the top of the blacklisted apps lists for both Android and iOS devices. Commenting on the results, Fiberlink CEO Christopher Clark told FierceMobileIT: “I think there are other ways besides DropBox or Box to do apps and content management.”

Work documents on personal devices

Another survey, conducted by Ipsos MORI for Huddle found that 91% of U.S. office workers store work documents on personal devices, such as USB drives, and 38% store documents on consumer file-sharing services.

FierceMobileIT reports that Dropbox is the most used consumer file-sharing service for work document storage and sharing.

DropBox 16%
Google (GOOG) Drive 15%
Apple (AAPL) iCloud 12%.

Patrice Perche, Fortinet’s senior Fred Donovan VP for international sales and support, said in the report:

This year’s research reveals the issues faced by organizations when attempting to enforce policies around BYOD, cloud application usage, and soon the adoption of new connected technologies. The study highlights the greater challenge IT managers face when it comes to knowing where corporate data resides and how it is being accessed.

FierceMobileIT’s Fred Donovan warns that enterprises need to educate their employees to combat the security risks of using consumer file-sharing services. He also says that employers need to offer enterprise-sanctioned file-sharing alternatives. Otherwise, employees will continue to bypass IT policies and put corporate data at risk. Symantec’s Hamilton told FierceCIO that firms need to undergo a cultural shift if they are going to win the battle of protecting their assets from their own staff.

rb-
Sharon Nelson at Ride the Lighting sums up my thoughts on the BYOD thing.

I have never understood the arrogance of this attitude or the failure to appreciate that employers have a duty to impose rules to protect client/customer/proprietary data./proprietary data.

It is common for each succeeding generation to despair of the generation that follows it, but I confess to a certain amount of despair for a generation that is so tied to their mobile devices that they cannot balance their desire to use their devices with the duty owed to the employer to keep work data secure. In a world where young folks cannot seem to keep from checking their phones at weddings and funerals, I guess it is no wonder that they see nothing wrong with willfully disobeying rules imposed at work.

What do you think? Is your data safe from Gen Y staff?

GEN Y Does Not Want to Hear About BYOD Security Measures (huffingtonpost.com)

Category: Uncategorized | Tags: 2013, BYOD, Cloud, Consumerization, Dropbox, Fortinet, FTNT, Gen Y, Information, Ipsos MORI, Security, Symantec, SYMC

RB | November 7, 2013

Comments Off

802.11ac Wi-Fi – Don’t Bother Yet

The new iPads are here! The new iPads are here! There’s no 802.11ac here! But that’s expected. Experienced Apple watchers know that Apple likes to let new radio technologies mature before they integrate them into their new idevices. So that means most enterprises can slow their plans to upgrade their Wi-Fi to the new standard according to Kevin Fitchard at GigaOM.

The latest Apple (AAPL) tablet doesn’t sport the ~~new~~ soon-to-be-completed IEEE 802.11ac standard, even though Apple’s latest generation routers, PCs, and laptops all support it. GigaOM reports Apple is providing is a speed boost to the now thoroughly established 802.11n networking standard in the form of multiple-input multiple-output (MIMO) smart antenna technology. Like many Wi-Fi routers on the market, the iPad Air has dual antennas, allowing it to wend two parallel paths over the unlicensed airwaves. The MIMO implementation will double the speeds at which the iPad can access Wi-Fi networks, according to Apple.

The Wi-Fi Alliance only began certifying commercial 802.11ac devices in June, and even those devices only incorporate partial versions of the full 802.11ac spec. The IEEE isn’t expected to fully complete the standard until 2014. Very few smartphones and tablets have ac embedded as of yet, though the technology is making its way into consumer and enterprise routers and PCs, including Apple’s newest MacBooks and iMacs.

But waiting another year for 802.11ac-enabled iPhones and iPads also means we’ll probably have to wait another year before we see wide-scale adoption of the standard in public hotspots and access points. Unlike in the home, most outdoor and public Wi-Fi connections are made over mobile devices, not PCs.

In an interview with GigaOM, Boingo VP of corporate communications Christian Gunning said it hasn’t turned up 802.11ac in any of its hundreds of thousands of owned and managed hotspots yet, simply because it’s seeing very few devices with ac radios trying to access its network.

FierceCIO‘s Paul Mah offers more reasons to delay the roll-out of 802.11ac. The advanced 802.11ac radio is more power-hungry than earlier iterations of Wi-Fi. So it will more likely need the use of the higher-powered 802.3at Power over Ethernet (PoE) to run 802.11ac with all its bells and whistles. It is possible that businesses still on 802.3af PoE (rb- Majority) may well have to incur extra infrastructure costs to deploy 802.11ac today. Mr. Mah contends that it is yet to be seen if improved 802.11ac chipsets will allow firms to stick with legacy PoE. (rb- For a refresher on PoE, check out these posts 802.3af and 802.3at)

Another consideration according to FierceCIO is clients. The handful of business-grade 802.11ac wireless APs on the market today typically support three spatial streams, which allows for a (theoretical) maximum data rate of 1.3Gbps in the 5GHz band. Though this is a significant improvement over 450 Mbps 802.11n, the dearth of 802.11ac client devices renders this a moot point. Some will argue that Apple did incorporate 802.11ac into the new MacBook Air laptops. However, they did not include it in the new iPads, or the iPhone 5S and iPhone 5C smartphones. And with no smartphones or tablets equipped with 802.11ac capabilities today, this does make deploying it a rather pointless strategy for BYOD.

Finally, Mr. Mah points out that while 1.3Gbps is a good speed to have, we should keep in mind that 802.11ac does have a theoretical maximum speed of 7 Gbps. A “second wave” of 802.11ac that implements four or more data streams for much faster speeds should be arriving in the second half of 2014. He says current signs are that this second wave of 802.11ac devices might need new processor chips–which means you will have to buy new 802.11ac hardware to benefit.

GigaOM’s Fitchard stresses Apple’s influence when it comes to popularizing new technology, he says the iPhone and the iPad’s reach shouldn’t be underestimated. As an example, new Passpoint-certified phones have been out for more than a year, but it wasn’t until Apple started offering support for Passpoint’s automatic login technology in iOS7 that the wireless industry took notice. It was only after Apple made iOS7 publicly available, that Boingo started Passpoint trials.

rb-

I’m not saying 802.11ac is a bad thing, but enterprises need to ignore the hype cycle and make decisions that are best for them and not the multi-billion dollar networking industry. IMHO 802.11ac is still immature, there are few devices out there that can fully take advantage, the full feature set is not fully implemented in silicon and you finished the upgrade to 802.11n yet?

What to do?

What does your wired network look like? Are you still connecting your AP’s at 100 Mbps? That is a bottleneck with 802.11n.

Do you have enough juice? What is your PoE status? Do you have enough PoE+ ports? Are they being used for just an access port – wasting the extra costs of a PoE port?

Both switches cost money, is there a budget available for these items or is IT going to spend an operational budget to address a structural issue?

Category: wi-fi | Tags: 2013, 802.11ac, 802.11n, 802.3af, 802.3at, AAPL, Apple, BYOD, IEEE, iPad, iPhone, MIMO, Tablet, Wi-Fi

RB | October 3, 2013

Comments Off

BYOD Could Land Employees in Jail

Agreeing to a BYOD policy could land an employee in jail. Courts can go after employee personal phones in litigation involving companies. Michael Kassner, an information security consultant told FierceMobileIT that employees could be dragged into civil or criminal litigation.

Employees could be required to give up their personal device to the courts or even have all the data on the device searched, with possible legal ramifications for the owner. According to Mr. Kassner, “There is legal precedence involving e-discovery and plain-view doctrine that allows the seizure of evidence whether it is related to the case under investigation or not.” There are three possible legal scenarios involving BYOD, says Mr. Kassner who consulted with Tyler Pitchford, with the law firm of Brannock and Humphries.

The first scenario outlined in the article involves an employee who has signed a BYOD end-user license agreement, having his personal data wiped along with the corporate data. If the end-user agreement includes the clause enabling the wiping of all data on the personal device, the employee is out of luck.

“In the above scenario we’re talking about a legal contract, which means if the employee signed the contract, he agreed to its terms, granting his employer the right to reset the employee’s phone,” comments lawyer Pitchford.

In the second scenario, the enterprise becomes involved in a civil lawsuit and a subpoena is issued for the employee’s smartphone. During the legal discovery process, sensitive personal information is publicly disclosed.

“Since the employee co-mingled work and personal data, she has turned her smartphone into discoverable evidence …The employee can seek an order quashing the subpoena or an order sealing the discovered information, but that’s unlikely in this circumstance,” Mr. Pitchford observes.

In the third scenario brought up in the article, the employee’s company does business with a firm that is the subject of a criminal proceeding. Authorities issue a warrant for the employee’s phone because the employee has done work for the targeted firm. Incriminating evidence is found on the employee’s phone and the employee is now under criminal investigation.

“Assuming the warrant is valid, then anything the government located in plain view within the scope of the warrant is admissible against the employee in another proceeding,” Mr. Pitchford notes.

Mr. Kassner concludes: “Until case-law or new technologies decide which way the legal winds are blowing about BYOD, it might be in your best interest to avoid BYOD and its alluring convenience.”

rb-

I am not a lawyer and you should consult your own legal counsel but as I have said this before – ummm Acceptable Use Policy?

BYOD: Like inviting your boss into your house when you’re not home (zdnet.com)

Category: Uncategorized | Tags: 2013, AUP, Business, BYOD, Device, Employment, Law, Mobile, PII, Security

RB | September 24, 2013

Comments Off

BYOD Love Affair Waning?

Tom Kaneshige at CIO.com warns that the “Bring Your Own Device” love affair is coming to an abrupt and bitter end, and the lawyers are circling. He argues that in the early days of BYOD, say, last year, employees, especially Millennials, fell madly in love with the idea of using their own Apple (AAPL) iPhones, Google (GOOG) Android smartphones, and newfangled tablets for work. Finally, they could finally ditch corporate-issued BlackBerrys (BBRY).

BYOD ushered in a new era of consumer tech in the enterprise, one that promised employees and employers will live happily ever after. But the BYOD romance has suddenly turned sour. Employees are questioning corporate intrusion on their personal devices. Did IT turn their beloved smartphone into a spy that tracks their whereabouts? The article says employees are beginning to sense companies taking advantage of BYOD by intruding on personal time to get free work time.

Now they’re thinking about suing. John Marshall, CEO at AirWatch, an enterprise mobile device management (MDM) vendor with 6,500 customers, told CIO, “I anticipate a bunch of little [lawsuits], then something big will happen that’ll be a class action and become headline news.”

CEO Marshall reports that the suits have already started. A federal case in Chicago is winding its way through the courts which claims that the city owes some 200 police officers millions of dollars in overtime back pay. The case centers on allegations that the city pressured officers into answering work-related calls and emails over department-issued BlackBerrys during off-hours.

There’s no question BYOD blurs the line even more between work life and personal life. The Airwatch CEO not surprisingly recommends a Mobile Device Management (MDM) application to control email delivery to BYOD devices. This way an employer can set a business rule that won’t allow delivery of corporate email to a subset of users during off-hours. Or a CIO can address this issue in the BYOD terms-of-use agreement. (rb– Both would be best)

Smashed BYOD The CIO article offers up another legal nightmare scenario: Lacking MDM tools to block out what can and cannot be seen on a BYOD smartphone, a help desk technician notices that an employee’s device has a lot of personal apps about a health problem—and mentions his concern to the employee in the cafeteria.

“The employee can say, ‘How in the world did you know that?‘” Mr. Marshall says. “All of a sudden, something that’s very benign and innocuous turns into something that’s blown out of proportion.” (rb- Help Net Security cites recent U.S. DHSS seven-figure settlements from healthcare institutions that failed to protect patients’ health information under HIPAA regs.)

Mr. Marshall recommends a comprehensive BYOD terms-of-use agreement, along with transparency about the capabilities and limitations of the technology, will help ward off such scenarios. The IT staff also needs to be educated about their role in a BYOD environment.

However, this doesn’t mean problems won’t crop up. Part of the problem, the article indicates, is that BYOD often puts business unit managers who aren’t well-versed in technical user agreements in a leadership position with mobile apps. They’re likely to give the green light to rogue mobile apps that violate such agreements.

For instance, employees are chiefly concerned about privacy and especially location-based services with BYOD, and so many user agreements stipulate that apps will not collect location-based information. But someone who wants to be helpful, builds a map app for the corporate campus that allows employees to schedule conference rooms and find safety information, such as where to go if there’s a tornado. Airwatch’s Marshall explains:

Maybe there’s also a button on there that says where you are in the campus … All of a sudden people wake up and realize that every single device using that app is collecting location-based information—that’s an issue. These are really plausible scenarios … There’s so much copy and paste and reuse of all these components that these things can happen very innocently.

Then there’s the dreaded remote wipe, which can land a company in some legal hot water according to the article. Help Net Security says there is little to no case law in this area. CIO.com reports that just last year, CIOs said they felt comfortable with BYOD because they held security’s holy grail: remote wipe, a scorched-earth capability for wiping all data on a mobile device.

But employees weren’t happy with the idea that the company can wipe personal data on their personal device. Some employees refused to take part in the BYOD program for this reason. Others waited days or weeks before reporting a lost or stolen device so that IT wouldn’t wipe it.

waited days or weeks before reporting a lost or stolen device MDM software advanced quickly and seemed to come up with a fix. Now companies can wipe only corporate apps from a BYOD smartphone or tablet, leaving personal apps untouched. In fact, AirWatch won’t even allow a full device wipe anymore for legal reasons. While this helps tremendously, it doesn’t completely solve the problem.

Mr. Marshall proposed a scenario where a company buys the popular productivity app, Evernote, for employees to put on their BYOD smartphones. Since the company paid for the app, the company can remove it at any time. The note-taking app collects company data but also might store personal data, too. An employee can use Evernote to create a shopping list, recipes, vacation plans, or perhaps something more critical to their job.

Guess what happens to this personal data when the employee leaves the company? The app, along with all the data, is wiped from the device and account. If the BYOD terms-of-use agreement about Evernote wasn’t spelled out clearly, who is liable for the lost data?

The bloom is off the BYOD rose, and so companies had better add protections against employee lawsuits in the BYOD terms-of-use agreement and leverage MDM to make sure the agreement is followed.

Truth is, employees tend to get a bit emotional when their privacy is violated or their location is tracked via a mobile device that they personally own. They don’t like their personal data to be wiped, either. When these things happen, companies can expect the wrath of a scorned employee. “That’s where it gets tricky,” Mr. Marshall told CIO.com.

Tony Busseri, CEO of Canadian digital security firm Route1, told Help Net Security:

Along with security concerns, BYOD has brought the potential of major legal issues for the Enterprise … Many current BYOD corporate policies leave enterprise data unprotected in the event of a security breach and during an employee’s exit from the company. The policy of tracking and wiping an employee’s personal device opens the enterprise up to the potential for mass litigation.

rb-

Misco in the UK reported that the majority of employees will not cooperate with employers’ BYOD efforts. According to the data:

82% of the survey participants viewed their employer’s ability to track their location as an invasion of privacy;
82% are concerned or extremely concerned about having their browsing history monitored;
76% stated that they would not allow their company to view the applications installed on their personal mobile devices;
75% said they would not go along with an installation made by their employer;
Only 15% had no concerns about employers tracking activities.

Category: Uncategorized | Tags: 2013, AirWatch, BYOD, Device, Evernote, iPad, iPhone, Legal, Management, MDM, Mobile, Risk, Security

« Older Entries Recent Entries »

Bach Seat

Tag Archive for BYOD

802.11ac Wi-Fi – Don’t Bother Yet

BYOD Could Land Employees in Jail

Related articles

BYOD Love Affair Waning?

Meta