Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Handhelds IT

Businesses Now Driving "Bring Your Own Device" Trend 232

snydeq writes "Companies are no longer waiting for users to bring in their own smartphones and tablets into business environments, they're encouraging it, InfoWorld reports. 'Two of the most highly regulated industries — financial services and health care (including life sciences) — are most likely to support BYOD. So are professional services and consulting, which are "well" regulated. ... The reason is devilishly simple, Herrema says: These businesses are very much based on using information, both as the service itself and to facilitate the delivery of their products and services. Mobile devices make it easier to work with information during more hours and at more locations. That means employees are more productive, which helps the company's bottom line.' Even those companies who haven't yet embraced bring your own device policies yet already have one in place, but don't know it, according to recent surveys."
This discussion has been archived. No new comments can be posted.

Businesses Now Driving "Bring Your Own Device" Trend

Comments Filter:
  • by Trepidity ( 597 ) <delirium-slashdot@nosPAM.hackish.org> on Monday December 19, 2011 @12:21PM (#38423908)

    Adds some information-security problems, but reduces a huge IT problem with procuring/managing/repairing the devices.

    • by sycodon ( 149926 ) on Monday December 19, 2011 @12:38PM (#38423968)

      This will not end well.

      • by AliasMarlowe ( 1042386 ) on Monday December 19, 2011 @01:47PM (#38424520) Journal

        This will not end well.

        Indeed; there would be no escape from work-related calls, for instance. One reason I don't volunteer my personal phone for work purposes is because I ignore the work phone outside work hours (except by prior agreement such as a conference call with people in the US or Asia). I leave my personal phone on, and don't get any work-related calls on it.

        • If you're on call it makes it easier to carry one phone at a time. The IT department where I work got mad because I had my blackberry forwarding to my personal cell, so we compromised by just using a Google Voice number for my work number. With that I can set hours to accept calls, easier to manage voicemail, and incoming calls. Also means that I can just turn it off when I'm on PTO.

      • by hb253 ( 764272 )
        Agreed. It may or may not be beneficial to the business, but if upper management wants it, there's no point in fighting it. Pesky details such as the need for new policies, new infrastructure, ongoing support costs, etc, are meaningless. Oh, and if you can't implement in 1 month using your already overburdened staff, they'll outsource and eventually get rid of you.
        • by EdIII ( 1114411 ) on Monday December 19, 2011 @04:51PM (#38426730)

          Then in the end they get their asses handed to them hard, and by hard, I mean reaalllly hard .

          No competent IT person will ever agree to allow BYOD to propagate through the workplace. Not with access to any kind of sensitive data whatsoever that is not already passing through secured portals.

          Secured websites that allow access, that they themselves are limited in what they can show, is one thing. That allows functionality not just in the workplace, but in the field. It also allows a lot more freedom in what kind of devices can be used. Tablets, phones, computers, etc. Freedom in operating systems is great too. If the employee can get everything done in a web browser, then you don't need the expensive Windows fat clients.

          Bring your own personal computer in to work? Only the executives would think of something so "full-retard" like that.

          I have always locked corporate down harder than East Germany. Nobody even knows the wireless passwords to access the corporate network, and executives who demand business laptops, get them configured by IT. Some places even get the Ethernet locked down further so that unauthorized devices cannot connect. They don't know the passwords either. No stupid Facebook, Twitter, etc. from within the corporate network.

          To make it easier, I just provide a public wireless network with a simple password for all the employees to use. Separate IP address space, and not even remotely connected to the corporate network and VPNs. If they want Facebook, Twitter, and all the Social Media crap plus media streaming of YouTube, Pandora, etc. they can do it on another network that won't impact corporate operations. I make it a clear policy that they can use the public network with their own devices in any way they want because it is safer. The only thing they are not allowed to do is directly transfer or connect their devices to corporate hardware. You make it reasonable like that, and the vast majority of employees are happy and not trying to bypass your corporate security to get to Facebook while on break.

          Security and Usability is a balancing act.

          If the company execs want to shove Usability down IT's throat, despite common sense and valid warnings, and at the expense of security, just to gain some perceived ability to work employees harder for the bottom line ... then get your resume ready to jump ship.

          You will have to jump ship. I have to be skeptical about this. Financial institutions and highly regulated companies doing this? I have to doubt this. Any security company that comes in to audit them or evaluate their security is going to have a field day killing several trees with reports to the execs about how insecure and vulnerable their network is. Would it pass PCI compliance? Doubtful.

          All it takes is one really bad screwup. Lose a half million credit numbers (with full info) and then the executives might really understand the cost of letting employees bring in their tainted malware infested, porn overloaded, crap equipment from home.

          I write this while downloading an ISO to fix an executives business laptop that they crapped up with malware.

          It's already a never ending battle for IT to keep the corporate network and assets from being owned by hackers and malware. Handcuffing us and force marching us down a path to the 9th level of IT hell is just an oh-so-good idea. There is a really really good reason why IT has to control all hardware connected up to corporate. Any hardware we don't control is not just a point of failure, but a security vulnerability waiting to be exploited.

          How many hacking groups out there are just waiting for that "big fat gold nugget" that is a laptop being connected up to a major financial institution from the inside?

          • Woah, easy there...you should get out more.

            There's a continuum of security and usability that is akin to the continuum of alcoholism and prohibition...problem is, your post is so far out there, it is off the scale somewhere beyond prohibition, going full circle and coming back towards alcoholism.

            • by EdIII ( 1114411 )

              Not really. It depends on your point of view and where you see yourself in the balance between security and usability.

              Remember, we are talking about corporations here. Not just small businesses here either, but large ones implied by the term "financial institutions".

              Medium sized businesses to Enterprise businesses have serious security issues to address. Fail to address them, or to even understand them, is what leads to security "incidents" that compromise your customers, impact your current operations,

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        One danger to watch for, courtesy of my company's policy - I can put my iPhone on the network, but it requires allowing them to modify (and wipe!) the device whenever they like, including any backups. So when you leave the company, kiss all your other data goodbye as well.

        Make sure you're not screwing yourself when you let them play with your personal equipment. (Or as our local folks say - we don't trust them to keep their own equipment working right, why would we give them our own stuff to fsck up?)

        • by sjames ( 1099 )

          Give them a choice, give you a work phone or respect the autonomy of your personal phone if you allow it to be used for work.

          • Give them a choice, give you a work phone or respect the autonomy of your personal phone if you allow it to be used for work.

            You aren't respecting the "autonomy of your personal phone" if you allow it to be used for work, why should they? You've given it away for free, why should the company buy the milk?

            Of course, a phone cannot have autonomy, but we'll overlook that...

            • by Grishnakh ( 216268 ) on Monday December 19, 2011 @04:40PM (#38426626)

              You're thinking too black-and-white. If the company wants to save the cost of giving you a work phone, then you're allowing them to "borrow" your personal phone for work purposes, but only if they adhere to certain rules; this is basically a contract, though you really should get it in writing if you do any such thing. Why would you do this? Mainly so you don't have to bother with carrying around a second phone everywhere, having to manage that second phone, etc. Why would they? So they don't have to manage your work phone, so they don't have to pay for it (and the expensive monthly service), etc. In some situations, it can work out fine, as long as both parties respect the boundaries. You don't have to go whole-hog and refuse to use your personal phone for anything work-related; there is a middle ground, as long as the other side respects this.

              Personally, I use my personal phone for work, but my situation's a little different as I'm a telecommuter. My company has provided all my other equipment, but my phone is my own. In practice, I almost never use it for work (we do everything over email and Skype most of the time, except for the occasional conference call), except for those rare occasions I have to travel for work, in which case I end up using it quite a bit for talking to coworkers while I'm at a customer site, for instance. Since my company's never abused it, I don't see any downside to this arrangement.

      • by jbolden ( 176878 )

        It will end with recentralization, a push back towards higher IT budgets. As less and less of a company's crucial systems are under its control the fragmented IT maintenance costs skyrocket to keep systems in sinc with one another. Suddenly centralization becomes a source of obvious savings....

      • This will not end well.

        ...for those with years of self-preserving A+/Net+ style certifications... Thankfully. Now we can move forward as an information society, as opposed to being limited to what that-guy-with-the-certification-recommends-based-on-his-own-job-security.

    • by vlm ( 69642 ) on Monday December 19, 2011 @12:45PM (#38423990)

      Doesn't add any problems if you were already accessing software as a service over the internet, or if you were already providing software as a service to outsource partners etc.

      Merely allowing employees access to the courtesy wifi internet access doesn't create new problems. Merely allowing employees to log into "internet" apps just like the contractors already do doesn't create any new problems.

      Basically, its just a concept of getting rid of the "trusted" LAN and everyone and everything lives in the DMZ, both servers and clients. Once you reach the tipping point of moving your "IT" stuff into the internet DMZ, the process accelerates until its all there, and you are basically a colocated software as a service shop and a really small time ISP.

    • Re: (Score:2, Insightful)

      once the first IT manager is fired for a data breach caused by a mismanaged virus-laden "bring your own" device, the regulations will return.
      • by rickb928 ( 945187 ) on Monday December 19, 2011 @01:05PM (#38424072) Homepage Journal

        Ditto. We've had one virus infestation here in six years. All it cost me was two weeks reduced productivity as I rebuilt my notebook, finding 'latent' backups of source code and such to replace what was damaged and rendered unusable by the infestation, and a few customer complaints about delays. Overall, for me, I probably lost 20-30 hours of useful time.

        Times >3500 other users similarly affected. For that shared drive only.

        And they know how it got in. Not a BYOD, but a corporate device, misused. Unfortunate.

        Had this been a BYOD, more people over in the security group would have been on the carpet then already were.

        • by vlm ( 69642 )

          Sounds like you brought your own source code management server, and apparently no backup policy (whoops). In the model in the article, employees were supposed to act like contractors. So IT would have been responsible for running a GIT server, having it available 24x7 over the internet via SSH keys vetted by their security group, and backing it up daily, all you need is a new box to run "git clone" on and keep on running, worst case you also have to submit your new SSH key to them via their internet acces

    • by crow_t_robot ( 528562 ) on Monday December 19, 2011 @12:52PM (#38424028)
      This reduces cost in the short-term but it will be a cost increase in the long-term.

      It just takes 1 piece of malware on your network or one security event to loose all the financial benefit. Or how about when someone has a piece of pirated software on their personal machine that they are doing company work on? Or how about when someone loses a personal laptop without WDE that holds sensitive company information?

      It just takes one event.
      • by Belial6 ( 794905 )
        Which is why we should all ditch our PCs and go back to green screens on the mainframe?
        • A.K.A "To the Cloud!" into today's marketing lingo...
        • "Green screens on the mainframe"? Surely you mean "Hicolor screens on Citrix server"? They are already here and easiest possible way to let them tablet-lovers on the net.

      • by lgw ( 121541 ) on Monday December 19, 2011 @04:35PM (#38426556) Journal

        It just takes 1 piece of malware on your network or one security event to loose all the financial benefit.

        But BYOD is better from a security perspective - those deveice are never on your network! The whole point is to move everything a user can pohysically touch into the DMZ, and limit the "trusted LAN" to the datacenter itself. It's a far, far better security model.

        And if these BYODs actually hold any sensitive informaiton, you're doing it wrong. The end-user devices get only pixels! All the email and documents stay in the datacenter, the end-user devices only ever see a remote desktop.

    • by khasim ( 1285 ) <brandioch.conner@gmail.com> on Monday December 19, 2011 @01:01PM (#38424062)

      First off, those articles are very badly written. And they seem to be linked to InfoWorld's recent run of articles about how IT is PREVENTING such "adoption". Strange.

      Secondly, he's quoting a guy from a firm that sells products to manage phones. He is NOT quoting ANYONE from ANY company in the health care industry.

      In 2010 and for much of 2011, many in IT got scared when they saw iPhones, iPads, and Android in the office, fearful these heretical devices would cause corporate collapse as the BlackBerry sanctum was sacked and untold evils followed.


      OK, so most companies today have moved past that initial fear and made peace with the notion that modern mobile devices were now part of their technology fabric, though driven by user demand.

      It is DECEMBER 2011. That's some fast action by "most companies" in a few months.

      There's a HUGE difference between allowing such devices on the UNSECURED WIRELESS NETWORK and connecting them to the servers that hold private data.

      He doesn't seem to be covering that difference.
      And he doesn't have any quotes from companies that are doing what he claims.

      • by SlippyToad ( 240532 ) on Monday December 19, 2011 @02:01PM (#38424696)

        And he doesn't have any quotes from companies that are doing what he claims.

        I work for a largish healthcare firm. $6b fortune 500 company. We are doing it. The magic is Citrix, which insulates you from your end user's environment. We aren't yet to bring your own laptop except for a few folks in IT, but I see it coming soon.

      • by jbolden ( 176878 )

        I worked with companies that had untrusted client machines working with servers. The servers just have to be hardened. Instead of a perimeter defense model, typical corporate security, you move to a interior defense model where client facing machines are individually hardened and secured. Someone else mentioned a typical DMZ, that's a good analogy. Just imagine a huge DMZ, a small secure area and a small fully external area. What you do today inside the DMZ is what you have to do over the bulk of your

        • Someone else mentioned a typical DMZ, that's a good analogy. Just imagine a huge DMZ, a small secure area and a small fully external area. What you do today inside the DMZ is what you have to do over the bulk of your network.

          Normally, the DMZ has additional attention (and software and hardware) dedicated to it because it is so vulnerable.

          You might be one really smart guy ... but once you put a box in the DMZ you are defending against every other person in the world with an Internet connection.

          And even with

          • by jbolden ( 176878 )

            You had asked for people who had done it. I don't see the cost savings either.

            Your DMZ style servers are shattered. That's why they are imaged and easy to restore. Your servers aren't your security layer.
            Where you want security you use much more secure OSes. For example a mainframe, i-Series. Solaris 10+ using Trusted Solaris. I did it with VMS but that was years ago. I've used hardened Linuxes, but it is still risky since x86 hardware doesn't handle security well. You wouldn't use Windows or a typ

  • by crath ( 80215 ) on Monday December 19, 2011 @12:22PM (#38423912) Homepage
    Unless the employer provides ongoing cash payments to compensate the employee for use of thier device, this is a way of offloading IT cost onto the shoulders of employees. Add to that the fact that here in Canada, an employee of a company is not allowed to treat the cost fo a computer as a business expense (for tax purpoes), and the reduction in salary experienced by the employee is even greater than the benefit received by the employer.
    • by vlm ( 69642 ) on Monday December 19, 2011 @12:35PM (#38423958)

      The way I've personally seen it work out is the company provides junk, if you want to bring your own, better stuff, thats OK.

      I love it. The company doesn't buy me clothes, or shoes, or my commuter car, either. Where I work, I can get "company clothing" but its fairly hideous, I do much better at Target and don't have to look like a corporate advertising billboard.

      The junkiest computer I use on a regular basis, is, no surprise, at work. The junkiest keyboard I use on a regular basis, is, no surprise, at work. The junkiest mouse, monitor, desk, chair, lighting, blah blah is all at work. Even climate control is better at home, seriously. Everyone seems to know someone who gets great smartphones paid for by work, but the rest of us get no phone at all, or a hideous recertified featurephone from the 90s, or at best a monthly $25 "cell phone use credit". One of my employers offered either $20/month flat rate for my own cell phone bill, or I could bring in an itemized detailed bill and collect the exact amount (handy if I spent hours on the phone talking to Kenya that month, otherwise I just took the default $20 for the month)

      This is business as usual in the "real world", my diesel mechanic cousin owns all his tools... That wrench is his, not his bosses. Same with my electrician buddy and his tools. Its just how grown-ups do things.

      In a way it all makes sense. If you provide a firewalled, isolated internet connection for your onsite contractors to VPN back to their home office over, why not let your own employees use that connection for their own purposes? If you provide your internal ticketing system / CMS / fileserver as a "software as a service" over the internet for your outsource partners, does it really matter if your employees access the same SaS apps over the internet instead of the LAN? Combine them both, and you got the guy bringing his ipad into work, connecting to your locally provided internet access, using the SaS ticketing system, no big deal.

      • by ottothecow ( 600101 ) on Monday December 19, 2011 @01:18PM (#38424132) Homepage
        You need to find a new job. If they are only willing to provide you junk (unless you don't actually require computers specifically to do your job), they probably don't value you much more than junk.

        My company provides us good computers and takes requests if you need something (e.g. I wanted to switch to a MS ergonomic keyboard so they ordered me one).

        They used to provide phones for the higher-ups, but now they do it for everyone with a business need (which is basically everyone except the mail room). The way it works is like this: If you don't want to deal with it, they buy you whatever the latest blackberry is and cover the service. The phone is yours to use as you please and you never even have to see a bill (although a lot of people who go this route just have a work phone and a personal phone which seems like a PITA).

        If you want to handle the billing yourself, you get a $200 purchase allowance towards any smartphone that can synch with an exchange server plus a max of $100 a month towards the bill. You have to submit your bill every month for reimbursement but you don't have to carry a blackberry (and people who *really* want an iphone don't have to carry 2 phones).

        It doesn't save the company money...they still pay the costs and if anything support costs might go up since they now support ios/android/blackberry/etc...but it makes the workers happy (though it does make them more available).

        The situation is a little different than a mechanic with his tools...when I worked at a dealership, they owned their own tools (often with a small allowance and a huge discount though) but they also owned wrenches that they had been using for their entire 30 year career. Given a reasonable upgrade cycle on my laptop(plus lots of $$$ in software)/monitor/phone, you far exceed what would be reasonable for any employee to personally pay for. Plus, unlike tools which I could use at home or at other similar jobs, a lot of expensive software licenses that I need for my job would be replaced with different expensive licenses at another similar job (and unlike a case of snap-on, most of those licenses have zero resale value).

        • by vlm ( 69642 )

          Plus, unlike tools which I could use at home or at other similar jobs, a lot of expensive software licenses that I need for my job would be replaced with different expensive licenses at another similar job (and unlike a case of snap-on, most of those licenses have zero resale value).

          Ah yes my wife has a similar experience where their IT dept is responsible for keeping some microsoft remote desktop server machine for her up and operational and backed up and software updated and accessible via the internet VPN 24x7. That's the demarc point between IT and her. Its got some weird VOIP PBX software on it that's like five (maybe six?) digits cost. They do not care what hardware she uses, or how she accesses it, as long as it speaks "cisco vpn" at the network level and this funky microsof

          • I frequently use arcgis (mapping software, not really any less graphic intensive than cad I shouldn't think...not 3d but constantly changing visuals) over RDP.

            I think it actually works better over remote desktop...the computer I connect to is a couple of xeons faster than my laptop and has a shorter hop and fatter pipe to the fileserver that stores most of the shared mapping data. Of course that is straight RDP over 100mbps ethernet. When I do it from my home computer and cable modem (first connecting to

      • by Lumpy ( 12016 )

        Your cousin wont have his tools stolen from him when he leaves, IT will confiscate your laptop as it holds company secrets.

        Also your cousins tools are not locked from him, your laptop you will join it to the domain and give up admin control of it.

        Work wants me to have a laptop of my own? they either buy it and control it, or compensate me every paycheck for it for trying to control it.

        • Have you forgotten about virtualization and SaaS? Why would your computer have to be on a corporate domain to connect to a VMware View session or load an app through Citrix? This comes down to corporations controlling data, not devices, which was their primary concern all along.
        • by jbolden ( 176878 )

          IT will confiscate your laptop as it holds company secrets.

          That's called theft, he can call the police and get it back. IT has to request the secrets be disposed of properly they can't sieze the laptop anymore than they could break into his house and steal files he kept at home.

      • by s73v3r ( 963317 )

        No. If they are going to expect you to do work, then they should either provide you with an excellent machine to do said work on (not "junk"), or they should compensate you for the use of your device.

        This is business as usual in the "real world"/quote.

        Offloading costs to employees should not be seen as "business as usual", but rather of employers trying to fuck their workers one more time.

      • Just because vocational trade jobs like your diesel mechanic own their own tools (in some anglo saxon countries) does not follow across into the professional / white collar world.
      • This is business as usual in the "real world", my diesel mechanic cousin owns all his tools... That wrench is his, not his bosses. Same with my electrician buddy and his tools. Its just how grown-ups do things.

        What you're describing here...sounds very much like 'contracting'.

        And, if you're gonna be contracting, you'd better be doing it for contractor rates to balance out the risks.

        Not that I mind it, I prefer that method, gives good tax breaks, more automy, etc.

        But once you start having to provide your

    • by Mojo66 ( 1131579 )
      This fits nicely into the discussion we had here yesterday: How To Thwart the High Priests In IT [slashdot.org]. From TFA:

      As the 'consumerization of IT' phenomenon grows, such IT people are increasingly clashing with users, who bring in their own smartphones, use cloud apps, and work at home on their own equipment.

    • by cdrguru ( 88047 ) on Monday December 19, 2011 @12:48PM (#38424008) Homepage

      If the business has a clear policy of not providing tools, such as a lot of auto repair shops, then US income tax deductions are possible. Just barely possible but there can be complications.

      In the usual commercial business world if you want to buy an iPhone for use at work there is no way it is going to be tax deductible unless you get the company to give you a letter stating it is a requirement of your job to buy the iPhone and that it will be used only for business purposes.

      Absolutely the reason this is popular is cost shifting. You have 50 employees that you want to have iPhones... so the company can spend $25,000 or nothing. Gosh, who would have thought of that?

      Now, if everyone buys iPhones there is very little problem with IT support. If 30 people buy iPhones, 10 people buy Android phones and the remaining buy a mix of Windows phones, Open Moko phones and something new that came out last week the IT job will be a nightmare. Same kind of problem happens where everyone buys a different tablet device brings them all to a meeting and someone has instructions for using some iPad-only app for displaying something important. Guess what? The help desk may not be able to resolve this to everyone's satisfaction.

      This sounds like a lot of short-term thinking that saves some direct money immediately with a lot of long-term consequences and long-term expense. Mostly, it is really dumb move.

      • by vlm ( 69642 ) on Monday December 19, 2011 @01:04PM (#38424070)

        Now, if everyone buys iPhones there is very little problem with IT support. If 30 people buy iPhones, 10 people buy Android phones and the remaining buy a mix of Windows phones, Open Moko phones and something new that came out last week the IT job will be a nightmare. Same kind of problem happens where everyone buys a different tablet device brings them all to a meeting and someone has instructions for using some iPad-only app for displaying something important. Guess what? The help desk may not be able to resolve this to everyone's satisfaction.

        It creates a contractor relationship. We do not provide equipment to our contractors, and we do not care what they use as long as it works and they don't hurt anyone else. We also demand they wear clothes and occasionally bathe, but we do not buy them clothes nor hose them down if they cannot handle it themselves. We assume they are big boys and they can take care of themselves. IT makes our things work, they do not teach you how to use your things. Much as the janitor is paid to keep the toilets unclogged, not teach us how to unclog. WRT contractors, the only help desk interaction is verifying our courtesy internet access is up for them, and our internet accessible apps such as webmail are available to them. The days of hand holding people who don't know which side of a mouse is up, are over.

        We provide a courtesy wifi internet connection for contractors to use at our workplace as they see fit. The apps the contractors need access to are already internet accessible because we sure as heck are not giving contractors access to our internal LAN. Allowing the employees the same freedoms the contractors already have for many years, is not a big stretch.

        It turns out that most (although perhaps not all) employees job requirements "fit" with the contractor IT model.

        • by s73v3r ( 963317 )

          We also demand they wear clothes and occasionally bathe, but we do not buy them clothes nor hose them down if they cannot handle it themselves

          That is just a plain stupid argument.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Add to that the fact that here in Canada, an employee of a company is not allowed to treat the cost fo a computer as a business expense (for tax purpoes), and the reduction in salary experienced by the employee is even greater than the benefit received by the employer.

      Actually, Canadian tax law says that almost all expenses incurred by an employee and not reimbursed by their employer are not deductible, even if they are related to their job.

      There are some exceptions, such as if the employer requires the emp

      • Actually, Canadian tax law says that almost all expenses incurred by an employee and not reimbursed by their employer are not deductible, even if they are related to their job.
        Wow. I guess there ARE pluses to the US's tax system.
        Although, I would say there should be no need for this. No one should ever have to file anything under "unreimbursed business expense." It should instead be filed in a police report.
    • by ATestR ( 1060586 )

      Not only does this dump the IT costs on the employee, it often interferes with the employees private usage of the equipment. Eg: tech hardware that interfaces with the systems at work have to be locked down with the company security software, and all data on those systems is subject to inspection/audit by the company. This is at my wife's company (fortunately not mine). Needless to say, she doesn't bring any equipment to work. (I have, on occasion.)

    • Your horribly, horribly wrong. This is not a cost shift to employees, not even remotely. When you buy a device you think, I paid $600, it costs $600. When IT buys the device they think, I paid $600, it's going to cost me another $1200 to support it - if it's one we already have the support hammered out for.

      If you bring in your own random device that isn't yet supported than support costs rise even further. You see if everyone has an iToy than the IT department knows how to support it, has the software to ma

    • The other problem is it changes the nature of the employee relationship providing your own tools is an strong indicator that you are a contractor and not an employee - so there are lots of legal issues.
      Oh and if you want me to provide the tools cool but you will be paying a 25% arrangement fee, the $500 month management fee and and hers the lease agreement you will sign (equal to the cost over 3 years) and the tax indemnity in case the tax people decide after the fact that I owe them tax :-)
    • How is it a cost for people who would own the devices anyway? I have an iPhone and and iPad on my own accord. It's nice that I can use them for work as well. Otherwise, you get the dumb companies like the one I used to work for that would buy me an iPad and an iPhone, even though I already owned one each, all in the name of 'security'.

  • Buy your own devices (Score:5, Informative)

    by betterunixthanunix ( 980855 ) on Monday December 19, 2011 @12:22PM (#38423914)

    Really, why buy equipment for your employees when you can just make them buy it on their own?
    • by 0123456 ( 636235 ) on Monday December 19, 2011 @12:27PM (#38423934)

      Really, why buy equipment for your employees when you can just make them buy it on their own?

      And get them to work for free in their own time because they're now 'mobile'.


      One day all those people demanding that the IT department let them connect their phone to the network will be feeling nostalgic for the days when they didn't have to.

      Though perhaps it would allow the Slashdot admins to build a site that works; I've had to turn Javascript off because of randomly vanishing 'Reply' buttons that do nothing other than say 'Working' when I press them.

      • Though perhaps it would allow the Slashdot admins to build a site that works

        By my recollection, we had such a site just a few years ago. Somehow, we were not dealing with a bunch of 503 errors, javascript issues, and other failures that make the new /. a pain in the ass to use. I guess all that code was deleted or something...

      • by Lumpy ( 12016 ) on Monday December 19, 2011 @01:37PM (#38424386) Homepage

        My employer knows that the second I leave the office my work iPhone is set to mute. it will be unmuted when I arrive the next day. IF I am on call then it does not get muted.

        I got a call on my personal phone once from a manager at 11:00pm one night about a stupid question, the next morning, I billed his department for 1 day of On call tech and the hours from 5pm to 11:30pm as well as added that to my timesheet.

        He freaked out but was told that once again he was supposed to call the NOC like he had been told 20 times before and they will have the on call guy call him back. Every time he calls someone other than the NOC his department will be charged for the emergency on call even and all the hours from 5pm until the call was resolved.

        Solved the problem instantly. Once in a while we get another nimrod in the company that finds someone's cellphone number and bugs them after hours... the guys enjoy the once or twice a year $300.00 bonus in their check for answering a phone off duty because an idiot manager cant follow the rules.

        • Been there. I got a call at 2AM from an operator. To report? "It says there were 0 disc errors in the backup. What should I do?" I very much enjoyed (in a malicious way) highlighting this occurrence with his boss Myrna, at the Thursday VP meeting. Crap stopped when they instituted cross department billing.
    • Who works in tech that already doesn't have a bunch of personal tech that is most likely better than the crap their companies will provide?

      In my last two jobs, I wish they HAD made me buy my own gear...I'd probably still be working there.

  • by who_stole_my_kidneys ( 1956012 ) on Monday December 19, 2011 @12:32PM (#38423948)
    with users bringing their own devices and loading sensitive data on them , customer data is lost in so many directions, its hard to point out the who actually "lost" the data in the first place.
  • Productivity = profit, and profit is more important than looking after customer data.

  • Anything required for work, the employer pays for, or I simply wont buy it. Not my business, not my problem.

    • The problem is that there is undoubtedly someone at your job who does not feel that way, and who is willing to buy their own equipment -- and then they are going to get promoted while you are being laid off. This assumes, of course, that you are not a member of union or that if you are in a union the union does not have the backbone needed to stand up to your employer, which I think is a fair assumption in this day and age.
  • The article discusses health care as the main industry that's important to have 24hr information connection, and by utilizing mobile devices that information and connectivity can be available 24/7. This is then generalized, saying because it works there all companies should utilize this opportunity to get a high ROI on employee efficiency. While we've all seen these posts before, what other industries require 24 hr access from all employees? I know managers and the like in most all businesses often are requ
  • You bring it yourself. Yeah. Brought in my own software so I could get things done. It's not just smartphones, people.

  • by Kamiza Ikioi ( 893310 ) on Monday December 19, 2011 @12:49PM (#38424014)

    Slashdot just posted this other Galen Gruman story based on how to get your user devices into your business behind IT's backs: http://it.slashdot.org/story/11/12/18/2154224/how-to-thwart-the-high-priests-in-it [slashdot.org]

    Now another story about user devices getting into business behind IT's backs, also by Galen Gruman.

    Enough already!

    • Strange, isn't it? (Score:5, Insightful)

      by khasim ( 1285 ) <brandioch.conner@gmail.com> on Monday December 19, 2011 @01:15PM (#38424100)

      He's writing about how "most companies" are allowing users to bring in their own equipment ... while writing about how IT "priests" are preventing users from bringing in their own equipment.

      But he isn't doing interviews with companies that are allowing users to connect to private. company data (the kind that would cause problems if leaked) via the users' own devices. Particularly companies covered by specific regulations such as health care.

      Wouldn't at least one interview with the IT VP of a major hospital be appropriate by now? If nothing else, just to provide support for his claims.

      Strange how that isn't happening.

      • That would be too much work. Welcome to the new century, where no one wants to do hard, unpleasant things.
      • He's become the new Jon Katz, how on earth did this guy ever get approved to write for an IT magazine? Your point about him lacking any companies that have any type of regulation to deal with is sound. We need a block on articles by this idiot.

      • Gimme a few seconds, I'll have a wikipedia entry that'll confirm every claim he's making.


  • by rickb928 ( 945187 ) on Monday December 19, 2011 @01:00PM (#38424056) Homepage Journal

    I scanned TFA, and it looks like I will disagree with 70-90% of the assertions therein. I can't call them 'facts', because they aren't.

    No mention of the security issues surrounding BYOD. For industries that reject bringing your own notebook to work, the assertion that financial services firms are embracing BYOD borders on the ludicrous, with a healthy dose of fantasy. Here at least, in a Fortune 50 financial services company, BYOD isn't even up for discussion. The security issues for Personally Identifiable Information alone rule out permitting any significant use of data on a device that is unsecured. And YOD is presumed to be unsecured, since it cannot be confirmed or assured by the people in data security that are responsible for preventing data loss. That's not 'minimizing' the loss, but preventing it. Nice try, Infoworld, but you're not fooling me into thinking I can load up my Android or iOS phone with corporate data. Not here anyways.

    They then launch into how 'app-savvy' hardware is so great. Help me here - is 'app-savvy' another way of saying 'high-performance'? I thought so. Feh.

    Good Devices may supply mobile device management systems to their customers, but I can name you a 50,000 seat company that may or may not use it, but if they do it's for captive devices - Blackberrys - that are never going to be BYOD. Quoting such a study is regurgitating their self-serving (and I expect nothing less, they are out for a propfit after all) hype and fantasy that with their services, BYOD is perfectly secure. Again, where I work, promises are not enough. Security is based on assurance. Little of it is provided by third parties. I can't even share data with co-workers in many/most cases. The concept of letting employees run mission-critical (data is mission-critical to a financial services company) or senstitive data apps would not be laughable here. It would be dismissed out of hand.

    More to the point, however, the idea that somehow the device changes the nature of your work is both spot on and wide of the mark. If you're primarily displaying data, a table is par excellence. as soon as you need to enter data, it's a losing proposition. Depending on your role, tablets and smartphones offer some advantages.

    My brother has been delivering real-time production data to his workforce worldwide (wherever there is a signal, WiFi, CDMA, GSM, or satellite) since Palm first made a phone. He's added native support for every OS as of last year. He sees the craze, and his boss asks him sometimes about how this 'Android thing' would work for them. And he responds that it has been working 'for a while now'.

    And no, they do not do BYOD. They supply whatever is required for whatever geographic region the rep is in. But they could suport BYOD, since he supports some customers directly with the same apps, where they are BYOD only because it isn't 'his' device. And he sees the security issues. SSL is so flawed he considers it useless, but there is nothing else right now except for VPN tunnels. That's where he's at, and some Java sandboxing that he thinks is ensuring data is gone when the session is gone. But he knows that rooting devices will some day thwart that.

    And since I can root most Android devices without a lot of effort, that alone makes BYOD for work just impossible.

    Lastly, I read up on the link from IW that Android is making inroads into business environments that the IT staff are unaware of. Well, actually, I can't use any of my personal mail at work any more unless it's on my Android phone. I don't consider that a BYOD instance, since if I connected to the corporate WiFi, I wouldn't be able to use personal email on it then either. I can. theoretically, dump data to the phone via USB or a uSD card, but that would be logged and scanned, and PII would be captured and alarms sounded. Yes, my work notebook can be prevented from downloading data to a removable device, any sort of device. It can also check if the device is encrypted, which they all must be.

    Hype. Misstatement. Fantasy. But it may sell more stuff, and that would be the point of TFA.

  • by Shivetya ( 243324 ) on Monday December 19, 2011 @01:06PM (#38424076) Homepage Journal

    This is twice the submitter is from the site that has the story, worse its nearly identical if not the same one (ain't going to read this slashvertisement) where they were went off on IT departments enforcing standards.

    • If InfoWorld isn't getting enough page hits on their own with badly written stories like that, why give them any more hits?

  • by hawguy ( 1600213 ) on Monday December 19, 2011 @01:13PM (#38424094)

    At my workplace if you need a mobile device with email, IT will supply you with a blackberry. If you want something else, then they will pay you half of your subsidized device cost (i.e. if you need to pay $200 for a new phone, the company will pay you $100), and will pay the monthly fee they would have paid for the Blackberry (I think it's around $55, so it won't cover the entire plan, but should more than cover work usage). You own the phone and the plan, if you leave the company, you get to keep the phone, but you're still on the hook for the plan. LIkewise, if you drop it in a lake, you're on the hook to replace it.

    IT will help you set up the phone for Wifi and Exchange email. Your phone has to allow remote wipe through Exchange to qualify.

    It seems like a cheesy way to get employees to help shoulder some of the phone expenses, but also lets employees have pretty much any phone they want, so I see it as a net win for me. And most people don't *need* an Android/iPhone for work - a Blackberry could take care of all of their true work-related needs. Another nice advantage is that the company doesn't get my phone bills, so they can't see who I'm calling (like a job recruiter). And, I don't need to worry about losing purchased apps on a phone that's owned by my company if they take the phone back - it's my phone and my apps.

    Not a perfect solution, I'd rather that they just gave me an Android for free, but with dozens of choices out there, the IT qualified device is probably not going to be the one I want anyway.

  • My company has this policy, but I won't use it for one very simple reason:
    You have to agree to a clause that allows them to remote wipe your device.
    If it was truly a work device, this would be fine as it's theirs to do with as they please. It's my responsibility to keep whatever personal information I need backed up in a safe place. I'd probably still have my own personal device for personal photos/email/music/etc.
    For a device that I own and pay for, this is not acceptable.

    If the work access was appropria

    • by Jawnn ( 445279 )
      You are right, on all counts, so don't expect to be allowed to BYOD. Do expect your employer to provide the tools necessary for you to be productive at your job.
    • You bring the device to work and connect it to the network, the company pwns it. Remote wipe is only one feature, another is full inspection of all data on the device. I've heard of one person who got an iPhone 4S simply so her personal stuff is completely separate from the company network. Yes, that means 3G instead of WiFi at work.
      • by tool462 ( 677306 )

        Exactly. Though I didn't make that point explicitly, access to my data on my device by my company would not be acceptable either. The difference is, that would fall under my responsibility. I wouldn't just blindly trust them that they made their apps behave themselves and not look at my data. I would need to make sure they don't have access to anything I don't want them to access. I don't have the will or desire to go to those lengths for the privilege of paying to work from my own device.


  • by micron ( 164661 ) on Monday December 19, 2011 @01:21PM (#38424176)

    There is an interesting legal issue here.. IANAL though..
    When the company owns the machine, there is a much clearer line as to who owns the applications and data on that machine. When an employee leaves the company, the company can "brick" the system with minimal problems. They own the hardware, they own the software licenses, and the company probably has a policy about no personal applications or data on the machine.
    When the employee owns the machine, the rights of the company to erase data get really murky, fast. Does the employee have to agree to allow the company to inspect their (the employee's owned system) to remove company assets from the system? I don't see how that is going to work. My employer does not have the right to search my car after I quit, even though I called into conference calls in it, and used it for work related trips quite a bit.

    I know of several companies that completely prohibit employee owned devices in the workplace for exactly the reasons I mentioned above.

    • by jbolden ( 176878 ) on Monday December 19, 2011 @02:29PM (#38425056) Homepage

      The company can demand you return their property. They can't however do an inspection to determine if you have. What happens is, it shifts the burdon of proof. The company has to prove by preponderance of the evidence that you do have their property so as to get a court order requiring you to return it.... If the company says they want to erase your laptop, you say you already deleted their stuff, they can't do much.

      That's one of the reasons companies might want DRMed data and use application with much more DRM support if they want to move to this sort of remote model.

  • if people are willing to spend $2000 on Macbooks just to do their work, then management would be dumb to stand in the way and spend company money on company laptops

  • Company bought Iphone with data and phone paid for by the company, or use your own phone and we give you $30.00 a month on your paycheck.

    Considering I spend hours on tech support and blow through data like a madman for work, I'll take the company supplied one that coves all my work expenses instead of me paying out of my pocket for work related expenses.

    Honestly, if they did not supply it and paid for the service, I will NOT use my personal one for work. So I hope this BYOD is getting companies to pay th

  • If there's a business case for BYOD, IT should be supporting it. I said if there's a business case. That would include factoring in the additional expense associated with properly supporting these devices. It does not come freely, or even cheaply. Figure it out. If it makes more money than it costs, case made and IT will be glad to help. If not, don't go whining to the CIO, as some dickhead suggested in an earlier article.
  • Two of the most highly regulated industries â" financial services and health care (including life sciences) â" are most likely to support BYOD

    ... until they get slapped with huge fines due to the whole concept of BYOD being against said regulations.

  • Are these devices presenting information or storing information? There is a world of difference between the two and I can assure that both finance and health industries have regulation that require governance in the event that data is stored.

    That being said if the information is simply being presented (you log into a vm from home and all data is kept in the cloud) that's typically going to be ok. If information is being stored than you have large amounts of regulatory requirements you have to work with.


  • This is not surprising as it allows people to communicate off the record by using their own account on their own devices and maintain records that would not be subject to any retention rules. That sounds like a great business case to me.
    • You say this like it doesn't happen already - most people I know around here swap personal email addresses for "non-work related" things that IT doesn't like. Not really a surprise to learn that folks keep in touch even when they've moved to the competitor.

  • As has already been demonstrated at my porn shop job, this poses a HUGE security risk.

    Just the simple act of plugging in your phone to charge can leave the hosting system compromised.

    We found a virus in our systems a few days ago. Security log check - some LG device was plugged into our system.

    We got lucky, I caught it before it could fuck our inventory database any worse than it already was when we finally discovered it.

  • Work recently decided the run with Gmail for Domains and migrated all the employees from using Outlook and a POP server to doing email on a version of Gmail.

    Along with this change, they now allow employees to connect their personal smartphones to the Gmail for Domains product. Here's the problem: to do this, you have to give special admin permissions to the company IT team so they can admin things down to the device level.

    Nobody can tell me what limits, if any, are on what they can do to my personal phone

"The Avis WIZARD decides if you get to drive a car. Your head won't touch the pillow of a Sheraton unless their computer says it's okay." -- Arthur Miller