Welcome!

Cloud Security Authors: Kevin Jackson, Liz McMillan, Doron Kolton, Bob Gourley, Harry Trott

Related Topics: Cloud Security, Java IoT, Mobile IoT, Agile Computing

Cloud Security: Article

Defining BYOD Policies

In 2013, analysts say there was an 81% growth of mobile devices worldwide.

The rise of mobile is still going strong and it shows no signs of stopping!, In 2013, analysts say there was an 81% growth of mobile devices worldwide.

Actually, according to the new Cisco report - "Mobile Data Traffic Forecast Update" - the mobile traffic in 2013 was 18 times the size of the entire internet in 2000. The study reports that in 2013 the internet traffic per user averaged 356MB of data a month. Even more amazing, is that the trend expects it to increase to 3GB per user in 2018.

All of these changes - the use of mobile data, the internet of things - all have real world applications on our businesses. Now, if you've been getting comfortable with BYOD so far, be careful with the expected twists and turns. More and more devices are being introduced to the market, new services and apps as well. Despite the turbulent start, everyone seems to be jumping on the BYOD wagon; but some companies, who are not planning ahead, should really start looking forward for those upcoming pot holes. CIOs can expect real security threats to emerge, hidden costs, legal affairs with employees and many other issues... The solution? An effective policy covering all angles of the BYOD practice from all its perspectives and of course an MDM tool.

Over the last months organizations' employees have embraced the BYOD practices, CIOs are concerned about security issues, lawyers have given their advice, and MDM vendors have taken their message to the companies. But while CIOs try to come up with the best solution to police this practice, users continue to buy more products and increase the type of devices.

Aberdeen considers that understanding what is going on is a must. They ran a survey this January to find out that 3 of 4 responders have a BYOD program in place; yet two thirds of these plans are not enforcing compliance, security, or legal policies.

Mark Charleton from Blue Solutions told us that CIOs are concerned and thankful with the MDM vendors for pushing their messages of compliance and security to the business managers. This helps them to take this topic to the management table in order to become a BYOD enabler together with the other operational areas including HR, Sales, Marketing, Operations and Legal.

However, all these concerns about hidden costs and hard-to-measure worker productivity don't matter to the employees as their convenience to have business and personal lives blended in one single device. Somehow the tables have turned, the employees are in the driver's seat!

The Dirty Little Secret

Horror... horror!

When it comes to BYOD expense reporting, employee's behavior isn't exactly criminal, but it is cheating. The temptation to submit a huge expense report for the personal smartphone that might have been used for work purposes could be too high to resist.

According to the mobile consultancy "Network Sourcing Advisors," even when the BYOD policies clearly state otherwise employees include their family plans, upgraded phones and termination fees to their BYOD expense plans. Executive globe-trotters would rack up huge international charges and float them past the inattentive eyes of finance.

Companies often counter this abuse by putting a monthly stipend or cap on reimbursement. But let's be honest, most people will ask for the highest stipend and sign up for the biggest data plan so that they won't be hit with overage charges.

The fact is that employees don't really want to pay for their smartphones, tablets, and laptops. They just want an easy-to-use device for their work and their personal life, and of course it is better if the company pays the bill.

This trend is racing towards chaos in the 2014. The number of smartphones, tables and even Laptops under the BYOD umbrella is increasing by day. Complications and confusions are forcing changes to BYOD policies.

Can you COPE?

Some few companies have enabled a hybrid approach called COPE - Company Owned, Personal Enabled - model. COPE is the opposite of BYOD. Businesses using a COPE strategy provide their employees with IT devices and gadgets to be used and managed by them; the companies maintain ownership of such devices, so they can monitor and control their activity to a complete degree. Besides business purposes, employees can use their devices for their personal activities. COPE may be a less expensive option that BYOD, in which employees are often reimbursed for all or part of the cost of the devices they buy. This is because if the company buys devices, it can generally get them for less than retail price. COPE also gives the company more power in terms of policing and protecting devices, thus reducing many of the BYOD risks.

In 2014 and 2015 companies not using COPE will put practical BYOD programs and policies in place. Both mobile models imply the need to accelerate the businesses and move to SaaS. To those that can't COPE, modernize their core applications and become mobile friendly will become a must.

More Strict BYOD Policies

Let's face it, not all companies have budget enough to COPE; so BYOD will yet continue to be a growing trend. Sooner or later, these companies will need to develop effective BYOD policies. Policies should be defined in each area according to the employees activities and needs, to then be detailed and defined mainly by the Finance, Human Resources, and Legal departments that will be in charge of the available budgets and the legal implications that follow.

Once these policies are set up, they can be merged with an MDM tool, this way all the devices would be safely managed and controlled by the responsible areas.

BYOD Lawsuits Loom as Work Gets Personal

Will BYOD lead to a rash of lawsuits from employees who feel violated? Or maybe a headline-grabbing, class-action lawsuit? Companies better make sure they have an explicit terms-of-use BYOD agreement.

Like most tragic love stories, the BYOD affair may end up abruptly. In the early days of BYOD, say, 2013, employees fell madly in love with the idea of using their own iPhones, Android smartphones and new tablets for work. They could finally ditch corporate-issued and boring cell phones.

In a beginning BYOD promised that employees and employers would live happily ever after. But the BYOD romance suddenly turned sour. Employees are now questioning the intrusion of corporate eyes on their personal devices. Why did the Internal IT turn their beloved smartphone into a spy that tracks their whereabouts? Employees are beginning to sense companies taking advantage of BYOD by intruding on personal time to get free work time.

If CIOs have hourly employees with BYOD smartphones, they might want to leverage MDM to control the company's email security and delivery rules to those devices; meaning, they can set a business rule that won't allow delivery of corporate email to a subset of users during off-hours. This rule should be also addressed in the BYOD terms-of-use agreement. This is just an example, and the tip of the iceberg.

John Timko, Marketing Director in LabTec Software explained that MDM software has thankfully advanced quickly and has come up with a fix. Now companies can control only corporate apps from a BYOD smartphone or tablet, leaving personal apps untouched. While this helps tremendously, it doesn't completely solve the problem.

Let's say a company buys the popular productivity app, Evernote, for employees to put on their BYOD smartphones. Since the company paid for the app, the company can remove it at any time regardless of the personal data the employee may have added such as a shopping list, recipes, vacation plans, or perhaps something more critical to their job.

In conclusion, companies need to have better protections against employee's lawsuits regarding the BYOD practice, a well developed terms-of-use agreement, and leverage MDM to ensure this agreement is followed. Truth is, employees tend to get a bit emotional when their privacy is being violated or their location is being tracked via a mobile device that they personally own. They don't like their personal data to be seen or wiped, either. When these things happen, companies can expect the wrath of a scorned employee.

More Stories By Monica Paul

Monica Paul is a marketer with 20 years experience in local, regional, and global marketing strategies. In 2001, after 8 years working as an employee for several IT companies such as Micrografx and Visio; Monica founded Marcomtec, marketing firm giving services initially to the IT industry that then diversified to other industries. In 2013 Monica launched, Magic MasterMinds (www.magicmasterminds.com), a marketing platform to help writers all over the world to market their books leveraging this way reading as a daily activity.

@ThingsExpo Stories
"IoT is going to be a huge industry with a lot of value for end users, for industries, for consumers, for manufacturers. How can we use cloud to effectively manage IoT applications," stated Ian Khan, Innovation & Marketing Manager at Solgeniakhela, in this SYS-CON.tv interview at @ThingsExpo, held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA.
"We're a cybersecurity firm that specializes in engineering security solutions both at the software and hardware level. Security cannot be an after-the-fact afterthought, which is what it's become," stated Richard Blech, Chief Executive Officer at Secure Channels, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Information technology is an industry that has always experienced change, and the dramatic change sweeping across the industry today could not be truthfully described as the first time we've seen such widespread change impacting customer investments. However, the rate of the change, and the potential outcomes from today's digital transformation has the distinct potential to separate the industry into two camps: Organizations that see the change coming, embrace it, and successful leverage it; and...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, discussed the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
We are always online. We access our data, our finances, work, and various services on the Internet. But we live in a congested world of information in which the roads were built two decades ago. The quest for better, faster Internet routing has been around for a decade, but nobody solved this problem. We’ve seen band-aid approaches like CDNs that attack a niche's slice of static content part of the Internet, but that’s it. It does not address the dynamic services-based Internet of today. It does...
Internet of @ThingsExpo, taking place June 6-8, 2017 at the Javits Center in New York City, New York, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. @ThingsExpo New York Call for Papers is now open.
What happens when the different parts of a vehicle become smarter than the vehicle itself? As we move toward the era of smart everything, hundreds of entities in a vehicle that communicate with each other, the vehicle and external systems create a need for identity orchestration so that all entities work as a conglomerate. Much like an orchestra without a conductor, without the ability to secure, control, and connect the link between a vehicle’s head unit, devices, and systems and to manage the ...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
Everyone knows that truly innovative companies learn as they go along, pushing boundaries in response to market changes and demands. What's more of a mystery is how to balance innovation on a fresh platform built from scratch with the legacy tech stack, product suite and customers that continue to serve as the business' foundation. In his General Session at 19th Cloud Expo, Michael Chambliss, Head of Engineering at ReadyTalk, discussed why and how ReadyTalk diverted from healthy revenue and mor...
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
You have great SaaS business app ideas. You want to turn your idea quickly into a functional and engaging proof of concept. You need to be able to modify it to meet customers' needs, and you need to deliver a complete and secure SaaS application. How could you achieve all the above and yet avoid unforeseen IT requirements that add unnecessary cost and complexity? You also want your app to be responsive in any device at any time. In his session at 19th Cloud Expo, Mark Allen, General Manager of...
The Internet of Things (IoT) promises to simplify and streamline our lives by automating routine tasks that distract us from our goals. This promise is based on the ubiquitous deployment of smart, connected devices that link everything from industrial control systems to automobiles to refrigerators. Unfortunately, comparatively few of the devices currently deployed have been developed with an eye toward security, and as the DDoS attacks of late October 2016 have demonstrated, this oversight can ...
"ReadyTalk is an audio and web video conferencing provider. We've really come to embrace WebRTC as the platform for our future of technology," explained Dan Cunningham, CTO of ReadyTalk, in this SYS-CON.tv interview at WebRTC Summit at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Business Development at Nvidia, discussed the accelerating pace of AI development and how IBM Cloud and NVIDIA are partnering to bring AI capabilities to "every day," on-demand. They also reviewed two "free infrastructure" pr...
Major trends and emerging technologies – from virtual reality and IoT, to Big Data and algorithms – are helping organizations innovate in the digital era. However, to create real business value, IT must think beyond the ‘what’ of digital transformation to the ‘how’ to harness emerging trends, innovation and disruption. Architecture is the key that underpins and ties all these efforts together. In the digital age, it’s important to invest in architecture, extend the enterprise footprint to the cl...
"Dice has been around for the last 20 years. We have been helping tech professionals find new jobs and career opportunities," explained Manish Dixit, VP of Product and Engineering at Dice, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smar...
Successful digital transformation requires new organizational competencies and capabilities. Research tells us that the biggest impediment to successful transformation is human; consequently, the biggest enabler is a properly skilled and empowered workforce. In the digital age, new individual and collective competencies are required. In his session at 19th Cloud Expo, Bob Newhouse, CEO and founder of Agilitiv, drew together recent research and lessons learned from emerging and established compa...
Extracting business value from Internet of Things (IoT) data doesn’t happen overnight. There are several requirements that must be satisfied, including IoT device enablement, data analysis, real-time detection of complex events and automated orchestration of actions. Unfortunately, too many companies fall short in achieving their business goals by implementing incomplete solutions or not focusing on tangible use cases. In his general session at @ThingsExpo, Dave McCarthy, Director of Products...
Businesses and business units of all sizes can benefit from cloud computing, but many don't want the cost, performance and security concerns of public cloud nor the complexity of building their own private clouds. Today, some cloud vendors are using artificial intelligence (AI) to simplify cloud deployment and management. In his session at 20th Cloud Expo, Ajay Gulati, Co-founder and CEO of ZeroStack, will discuss how AI can simplify cloud operations. He will cover the following topics: why clou...