May 29, 2012 – Not that long ago, Michael Roca walked into the breakfast restaurant of a hotel he was staying at for his work as senior vice president of compliance at Jefferies & Co.
Sitting near him was a couple with four phones laid out on their table. Two each, one for business communications, one for personal communications.
Those days are ending, as executives, managers and employees all begin relying increasingly on smart phones that blend Web surfing, entertainment, business and communications of all types, as well as tablets and lightweight computing devices with larger screens for consuming books, reports and interactive media. Devices that they purchase for their own reasons. But quickly want to use for both personal and business purposes.
This, of course, is the “bring your own device” phenomenon, which now pointedly confronts information system managers everywhere with the question, as Roca puts it:
“Why not let people bring their devices to work,’’ he said, at the annual conference of the Financial Industry Regulatory Authority this week.
With company networks, all equipment, all connections, all applications, all services are purchased and maintained by internal staff or contracted services. “Do we need that whole infrastructure? Do we need to go out and buy devices for our employees when they’re buying their own devices anyway? When they’re buying their own data plans anyway?,’’ he said.
For more best practices on BYOD:
- BYOD, Part II: Developing Policies for Managing Risks
- Endorsing B.Y.O.D.: Save Money, Gain Productivity
- BYOD Best Practices Guide
One solution is to reimburse employees for an appropriate amount of those data plans and some portion of the equipment purchase. Such moves help offload expense from the company and helps improve productivity as well as lower cost for the individuals as well. Plus, they get more productive.
There are some rubs.
Access to the corporate network. How do you filter access for any unsupported devices and make sure there is no damage to your network? One solution, Roca noted, is to have a “guest” network that is separate from your main network. At least on a guest network, an employee with a personal device can get access to the Web directly and corporate mail indirectly through a chosen Web mail service.
Safety. Any personal devices that do get cleared to be used on the coporate network need to have installed appropriate virus protection and other security mechanisms.
Data protection. Companies need to make sure that the data stored on the device is protected from any hacking or outsider access. One company, Good Technology, provides a secure container for company data on personal devices, Roca noted. This makes a smart phone or a tablet act “almost like an installed Blackberry” device, he said.
Sandbox. In any event, companies should look at how to use third-party services or their own coding to create “sandboxes” in those devices where company data and company-issued applications reside and are walled off from interaction with personal data, applications or online services.
Separate email programs. To replicate the two-phone approach in a simpler manner to keep personal and business communications separate, install a separate corporate email program just for business use. Make it clear that the user is welcome to use their own preferred email program for personal use. But all business communication and only business communications get executed on the corporate mail program.
Device control. Who ultimately controls the device? If your company forbids photo-taking inside its buildings for security reasons, you’ll want to turn off camera phones. Make it a clear part of policy that if a person wants to bring their own device, fine. But it’ll be under the condition that you will be installing an app that allows you to do such things as turn off the camera or block “like” and recommending functions on social media sites, to adhere to FINRA guidelines.
“Once you become part of our network, we're going to apply our network policies,’’ Roca said. "These are our conditions. This is how it's going to work.''
After all, smart phones and tablets are just new forms of personal computing. And there’s a reason a personal computer is called a personal computer, said Paul Moschetti, chief architect for investment bank at JP Morgan Chase.
“Its DNA is designed to be configurable by you,’’ he said. "And that's the antithesis of what we want in corporate control."
This story originally appeared at Securities Technology Monitor.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access