Sorry, IT: These 5 Technologies Belong To Users 348
GMGruman writes "The BYOD (bring your own device) phenomenon hasn't been easy on IT, which has seen its control slip. But for these five technologies — mobile devices, cloud computing services, social technology, exploratory analytics, and specialty apps — it has already slipped, and Forrester and others argue IT needs to let go of them. That also means not investing time and money in all the management apps that vendors are happy to sell to IT shops afraid of BYOD — as this post shows, many just won't deliver what IT hopes."
Re:Speaking as a customer (Score:4, Informative)
We actually had an incident during the fall but it was not a 20-something hipsters. A few of our mobile users left their work laptops in a company vehicle in a bag in plain sight on the back seat. The bags are purchased by the individuals or their departments and they purchased very obvious computer bags. The car was stolen in a sketchy part of town along with all three bags. It turns out one of them left a car key inside their coat pocket inside the car.. Fortunately for us, all the laptops fully encrypted AES256 with preboot authentication. The laptops were later recovered from the suspect's home along with the vehicle. One of the laptops did log about a dozen unsuccessful log in attempts but nothing further than that.
Our organization does allow remote access from personally owned computers, but only through Citrix to minimize data loss because nothing is stored locally and all the computing takes place at the Citrix farm in a controlled environment. I think the last I heard, there is Citrix applications available for Apple Ipad.
Fucking GMGruman (Score:5, Informative)
This article is written by the same braindead PHB who wrote the "high priests of IT" article. He's trolling Slashdot for cash (page hits). I say the editors should be at least considering blacklisting his submissions at this point. He's one of the biggest submission trolls on Slashdot right now, and the only one doing it for money.
Why are you linking to his articles? (Score:5, Informative)
He's going on about the same bullshit. But he doesn't interview anyone in IT at any company that is actually IMPLEMENTING his claims.
This guy cannot even tell the difference between a "device" that is "owned" by an employee of Company X and a service provided to Company X by Company Y.
No. There's a HUGE difference between using a outside company to provide a service and allowing people to bring their own laptops into the company to connect to the company's private data.
And you STILL don't see the difference.
Why is /. linking to his articles?
mobile devices
cloud computing services
social technology
exploratory analytics
specialty apps
And STILL not a single interview with an IT VP from any health care company allowing user-owned devices to connect to private data.
Why is /. still linking to his articles?
Re:i would hate for you to see what really goes (Score:4, Informative)
think about the HIPPA law. companies that deal with HIPPA actually do take precautions. why? because the HIPPA law says they can get sued for a ton of money.
there is no HIPPA for credit cards or your purchase history. why? financial companies own congress. they literally own congressmen.
That's not exactly true. While there's no law governing credit cards, the credit card industry themselves have organized a PCI council that sets security standards that all companies that accept credit cards have to follow to protect the credit card data. Fines can be levied by issuing banks for merchants that fail to achieve and maintain compliance.
Slightly different phrasing. (Score:5, Informative)
The purpose of corporate IT is to ...
allow company approved people to
access company data
using company approved apps
on company approved hardware
at company approved locations
with company mandated security methods
on the company approved IT budget and staffing level
to keep the company in business and out of court.
If you want different apps - build a business case for them.
If you want different hardware - build a business case for it.
If you want different access - build a business case for it.
If you want different X - build a business case for X.
Re:Sigh (Score:4, Informative)
And when the lawyers come to your dept because of a lawsuit, who will get in trouble for all the missing data? And when someone breaks into your network because of a lost Mac with password to your VPN stored on the primary partition, who will have to clean up the security mess? And when a virus hits those machines (yes, it will happen, even to Mac's) and spreads to the rest of your network, who will get in trouble. When someone loses a super critical file that will cost the company tens of thousands of dollars, who will take th heat?
BYOD has some advantages, especially if you use a client side hypervisor and keep a 2nd image on the machine which is the'personal' image. Have a pristine virtual machine for work and non pristine for play. Create an isolated guest wireless network for personal devices. I have no problem with these types of models.
But the cowboy model of IT management will never be smart. is just not ever going to be smart.
Re:Sigh (Score:2, Informative)
The problem comes in with small companies who simply don't have it in their budget to get a phone or a tablet for each user, yet insist that those users monitor company mail and answer business calls. That pretty much forces the user to surrender their own device to company policy.
I'm a telecommuter for a small company, and they never got me a phone, so I use my own phone for business. I imagine they might buy me a company phone if I insisted, as they had no trouble buying me tons of other equipment to keep in my home office (laptop, wireless sniffer, etc.), but I never insisted because I don't feel like carrying around a second device, and in practice it's rare that I even use it for work (usually only the once-per-month conference call, or when I travel for work and need to consult with colleagues about something). I've never had to deal with "company policy" in regards to my personal cellphone. Then again, my company doesn't even have an "IT department", unless you consider one guy to be a department.
As for 47 applicants, you need to specify what industry you're talking about, because it's obviously not software development as companies can't find enough software developers these days. There's no unemployment in the computer industries these days. All that unemployment we hear about in the news is in other industries, such as retail.
Re:Hardly. (Score:3, Informative)
IT security has to be about risk management, not absolute risk avoidance. I've worked in organizations where security paranoia dominated all IT decision-making and it cost them dearly: tons and tons of money spent on IT and all it really did for the end-users was email and the Office suite. The organization had enterprise licenses for Visio, the Adobe Creative Suite, Visual Studio, CASE tools, and all kinds of other goodies, but it effectively took an act of god to get them installed on your machine, so most people just gave up. IT spent all its time resetting people's ridiculously long, impossible to remember, and always-expiring passwords. Right after Windows 7 came out, they finally "upgraded" to Vista. We probably would have been better off with a notepad, a bunch of inter-office mailers, and a nice mechanical pencil.
The cat, however, is out of the bag. The managers and executives who had a little vision (almost all in the business side, almost none from IT) leave the office, use all this cool tech in their personal lives, and start asking questions:
"Why does Quicken give me more insight into my personal finances than SAP gives me into my company's finances?"
"How come I have to send my people to a week of training on SAP anyway? Nobody came to my house and showed me how to use Quicken."
"How come I've never had a virus infection on my PC at home? All I do is keep the OS and apps updated and run a decent, up-to-date anti-virus package that cost me like $50. We spend a small fortune on anti-virus software at work, IT has gotten so paranoid they've disabled flash drives, and we still get viruses all the time!"
I understand that losing thousands of credit card numbers is a Bad Thing. But very few end-point devices, users, or applications should have access to that kind of data. Not even the CEO needs it and a sane CEO wouldn't even want it. For that matter, do you REALLY have to be storing credit card numbers?
Of course, there are other kinds of confidential data. But it would seem to me (as a developer, admittedly not a security guy) that there should be different levels of security for different kinds of data and different applications. Truly confidential data could, for example, require two-factor authentication with a smartcard, biometrics, or whatever. You could require digital signatures and encryption on confidential email. But giving every user a crippled Blackberry to carry around when what they really want to be able to do is see their (unencrypted) work email and calendar on the iPhone or Android device that they love and already own is just not acceptable any more.
Both sides are going to have meet in the middle. Freedom and responsibility go together. Users are going to have to step up, get educated, take more responsibility for their IT, and exercise the common sense that stops the vast majority of common threats like virus infections. IT is going to have to figure out how to be responsive to the users and add value to the business. Otherwise, it's just going to be bypassed, have its budget cut, and, as an AC below said, the business will just go "to the cloud."