StudyDaddy Information Systems 2-3 page Case Study Bring Your Own Device (BYOD)

2-3 page Case Study Bring Your Own Device (BYOD)

Exploring new mobile and cloud platforms without a governance strategy can have consequences.

At the beginning of my IT career, I witnessed a number of decisions and project management practices which, at the time, just didn't seem to make sense. But I was young, and I often thought to myself that the people involved must have some other reasoning, some justification for their actions that I was just not privy to.

In short, I remained quiet when I should have spoken up. What two decades of experience has taught me is that there is rarely reasoning or justification behind actions that, at a gut-level, are clearly bad IT practices. We inherently recognize when common sense has taken a back seat.

There is most definitely a dark side to BYOD. For the most part, I am an advocate for the consumerization of IT (using non-standard apps and tools as a way to increase end user engagement and productivity) and support the bring-your- own-device model.

However, as a seasoned manager and IT operations leader, I recognize the risks that come with the model if organizations do not properly plan out their strategies, putting sufficient protections and governance practices in place to manage the potential risks that could come from these unsupported devices and applications. End users often want wha t’s NEW, but there are valid reasons for imposing and enforcing safeguards when giving mobile business users access to your otherwise secure, scalable, and compliant systems.

Some people equate governance with bureaucracy and hierarchical systems, but those perceptions often come from a lack of appreciation for the potential risks involved. Governance is about checks and balances -- supporting the tools and systems your end users want, but in a way that is manageable and which follows defined protocols. Examples of rogue IT practices A (http://harmon.ie/blog/new-survey-reveals-mobile-rogue-it-costing-us-organizations-almost-2b) recent uSamp survey (http://harmon.ie/blog/new-survey-reveals-mobile-rogue-it-costing-us-organizations-almost-2b) found that 41% of US mobile business users have used unsanctioned services to share or sync files, despite 87% saying they are aware that their company has a document sharing policy that prohibits this practice. And, 27% of mobile business users who “went rogue”, reported immediate and direct repercussions, from lost business to expensive lawsuits and financial penalties that cost $2 billion.

While most IT professionals understand these risks viscerally, some business users need to crash and burn before they are willing to adjust their risky behaviors, which is not a message your employer wants to hear. Luckily, there is another way: learning from the mistakes of others. This month, I am one of six mobile security and IT experts judging a (http://www.rogueitstories.com/) "Rogue IT" contest (http://www.rogueitstories.com/) . We’re collecting anonymous stories from the community about mobile and cloud-based app failures caused by business and IT users who disregard corporate BYOD AND THE CONSUMERIZATION OF IT The dark side of BYOD By Guest Contributorin Tech Decision Maker, October 13, 2013, 5:00 PM PST Page 1 of 5 The dark side of BYOD - TechRepublic 1/30 /201 4 htt p://www.techre public.com/blo g/tec h-decisio n-maker/th e-dar k-sid e-of- by od / governance practices. These real-world horror stories are great examples of the prevalence of rogue IT behaviors at work, and the very real risks they bring.

For example, within a $500 million health and wellness company, a consultant was hired to audit their IT systems to ensure their systems and practices were compliant with industry regulations and best practices. It was very quickly identified that end users were sharing sensitive customer data (credit card numbers, bank routing numbers) using public email channels (Hotmail, Gmail) and through consumer instant messaging platforms (AOL Messenger, Yahoo Messenger, MSN Messenger), despite approved and documented communications processes.

Because the consultant was required to report the violations, the CFO immediately took steps to lock down all unauthorized collaboration tools, and instituted immediate policy changes. The company was given just days to comply, with hefty fines for each violation identified plus more fines for each day their systems were found to be non- compliant.

In another example, a European company was getting an increasing number of requests from its users to connect personal iPads and smartphones to company systems. While IT resisted these requests for several months, the company finally decided to open up its email systems to a “select number of executives” and shared the necessary passwords. Six weeks later, IT ran an audit on the system and found ten-times the number of employees connected into the corporate back end environment as had been approved. The passwords had apparently been shared across the organization.

And at a large no n-profit, the security team found out that several teams using Dropbox without IT authorization had recently been hacked. To understand how their system had been compromised, they contacted the popular cloud- storage vendor, telling the person over the phone that they wanted to know more about how their organization had been using the platform. The phone rep volunteered more data than they had expected, telling them "We have a list of 1600 user names and their email addresses. Would you like that list?" The cloud-storage vendor was clearly interested in moving to them to the enterprise version, and was willing to share a customer list without even authenticating the person who called! Proactive governance There are similar traits that run through each of these real-world examples. For one, individuals subverting established processes and informed IT leaders with the goal of “getting work done faster." On the flip side, many IT organizations are not listening to the needs of their employees, causing some to feel that they have no other choice but to "go around" IT so that they can get their jobs accomplished.

In each case, the lack of clearly documented -- and transparent -- change management practices may be at the root cause of the problem; practices that provide a more open dialog between IT and end users about what is needed, and how some consumer-driven tools and practices may not be the best fit for an enterprise.

Governance should not be feared or ignored, but looked at by both management and end users as an important aspect of the change management model. Organization make governance and change management a priority are able to more quickly recognize new requests as they come in, validate requirements to make sure requests are aligned with business activities, and ensure that all new tools and apps meet the standards and regulations, reducing the risks of data meltdowns and unintentional-but-potentially-significant losses. Page 2 of 5 The dark side of BYOD - TechRepublic 1/30 /201 4 htt p://www.techre public.com/blo g/tec h-decisio n-maker/th e-dar k-sid e-of- by od / Christian Buckley is the Chief Evangelist at Metalogix. Keep an eye out here for more coverage from Christian's stint as judge at the "Rogue IT" contest. Add your Comment You Might Have Forgotten About These 20 Actors We Lost Too Soon — Rant Lifestyle If You've Ever Thought of Buying an iPad You Need to Read This — Life Factopia Little known way to pay off mortgage — Weekly Financial Solution Experts Select The Best Credit Cards of 2014 — Next Advisor You May Also Like about these links Editor's Picks Page 3 of 5 The dark side of BYOD - TechRepublic 1/30 /201 4 htt p://www.techre public.com/blo g/tec h-decisio n-maker/th e-dar k-sid e-of- by od / WHITE PAPERS //FROM ARUBA NETWORKS Aruba Networks - MOVE Architecture - Video This 2 minute video displays how Mobile Virtual Enterprise (MOVE) Architecture delivers secure BYOD and a mobility experience for everyday work.

Watch it here now. WATCH NOW WHITE PAPERS //FROM IBM Security Essentials for CIOs: Enabling Mobility - Their device, your data DOWNLOAD NOW WHITE PAPERS //FROM IBM [Research Report] Putting mobile first: best practices of mobile technology leaders DOWNLOAD NOW WHITE PAPERS //FROM IBM The flexible workplace: Unlocking value in the "bring your own device" era DOWNLOAD NOW The big data question to ask about every project10 things you should know about Google Now Internet of Things botnet may include TVs and a fridge Bodhi Linux could become a desktop distribution contender White Papers, Webcasts, and Downloads Don't Miss Our Latest Updates Page 4 of 5 The dark side of BYOD - TechRepublic 1/30 /201 4 htt p://www.techre public.com/blo g/tec h-decisio n-maker/th e-dar k-sid e-of- by od / See what best practices for SMBs are emerging. Visit ZDNet today!

Editor's Daily Picks Week in Review IT Buying Cycle Learn more Discover Investigate Compare Justify Optimize Reality check for Obama's six proposed tech hubs: Job growth not immediate IT Employment// January 29, 2014, 1:42 PM PST Malicious intent can turn Chrome speech recognition into spying device Security// January 29, 2014, 11:43 AM PST Welcome Matt Asay, TechRepublic's newest enterprise columnist Open Source// January 29, 2014, 10:31 AM PST Resource Center Useful content from our premier sponsors Page 5 of 5 The dark side of BYOD - TechRepublic 1/30 /201 4 htt p://www.techre public.com/blo g/tec h-decisio n-maker/th e-dar k-sid e-of- by od /

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!