No, it actually means...
"Buddy You're Oh-so Dumb"...
They've taken advantage of my goodwill yet again. The really annoying thing is that I pleaded with them to do it, so it's my own fault. And it may be yours, too. But I'm getting ahead of myself. I want to talk about BYOD. For the benefit of sole traders reading this, it stands for Bring Your Own Device and is the latest craze …
This brings me back to BYOD, the world's first IT acronym designed to be pronounced with a Polish accent. BYOD is all about company IT departments supporting whatever (within reason) computing kit you choose to bring in to the office rather than locking the network into MAC serials registered to the company's under-powered 5kg notebooks and shitty little non-Qwerty Blackberrys.
Our esteemed IT dept (based somewhere in India) are busy locking down our networks to MAC codes. No visitor connection No BYOD Nothing. On top of that the silly laptops we get issued with are so locked down that even standalone vversions of Skype etc can't get through the firewall.
BYOD would be a fantastic solution but sadly far too many IT/IS depts have their head up their [redacted] to consider how their policies affect productivity. Can we have a series of articles about the real world please?
Anon just in case someone from work reads this and gets my MAC address disabled.
Already had my face chewed off here by some of the IT attack dogs who seem to get immediately defensive the moment someone even suggests plugging something into their networks, that hasn't been inspected down to the transistor level and approved by a ten stage process involving chicken blood, knucklebones and praises to the Random Number God or something.
A clue: It's not your network, it's the network you're paid to maintain. You're not expected to work miracles. You are however, expected to facilitate such things as a BYOD policy if the company decides it's worthwhile. Hell, if the company decides that they only need a dial-up connection that routes via Pakistan and Singapore, then that's what you facilitate.
Unfortunately, yes, there is the attitude amongst some people that the IT systems are like their own little empire. I'm sure they have plenty of scary keywords like "virus" and "infection vector" to tell the boss, too. To hell with productivity when FUD works just as well.
The problem is though, (and this is coming from someone who does work 'in IT') that it's not the letting other people use 'our' network on 'their' device. It's when people bring in 'their' device, from home, that little 'little timmy' has somehow managed to narf up, and then expect to be able to drop it on our desks, so we can fix it for them. Or as you mentioned yourself, using their pc, that has no kind of AV on it, that 'little jimmy' uses to browse warez, pr0n and whatever the fuck else he wants, then bring it in on a Monday morning, and act surprised (and often indignant) when crucial services start failing (this actually happened to us recently, someone's laptop got compromised, and in turn wreaked a bit of havoc with our mail server)
If people can be trusted to take care of 'their' devices, as well as we take care of 'our' own, then in theory, I have no problem with this BYOD fad. It let's me use my smart phone for emails, fault tracking etc. Instead of the non-existent phone that I haven't been provided with and would save us a bit of much needed cash, but unfortunately, it doesn't appear to be the case (at least not in my experience)
This post has been deleted by its author
AC - your device is a security risk. Your device is also a licensing cost if you require software you do not currently have. Your device could left on a train just as all civil servants who have access to confidential information appear to delight in doing.
Your device could be compromised when outside our networks (especially if you have no AV meaning you're probably a Mac user who thinks he can't get malware) and then spread its infections to our machines. Your device may require us to support protocols and software we have no interest in or business case for supporting, such as the filth that is iTunes or Bonjour or that proprietary, resource hungry Quicktime crap.
Your device may not support LDAP or Active Directory security.
Or it might. But finding this out requires investigation and a risk assessment.
You might not like that.
Tough shit, sunshine.
Whether a device has a business case for supporting is up to the business.
Fine if you're the business. Carry on being the empire builder.
If not then, well, tough shit sunshine. Do your job. Nobody said IT support would be easy.
Judging by the downvotes, some people don't like that. Really, that doesn't bother me.
Do your job. Nobody said IT support would be easy.
For the record, I'm currently officially a Technical Architect. But let's go over your case.
1. The harder you make tech support, the more it costs.
2. The more non-standard items you support, the harder it is.
These factors contribute directly to the business case or lack of it. And by the way, making a business case for bringing your own device is down to YOU. The IT department heads then decide if you made a decent case or not.
By your complaints here, I'm guess that was a "not".
The last time I worked anywhere with such a strict policy on unknown devices was with the UK Census. That would be understandable. You weren't even allowed to bring your own pens in case they contained a recording device.
I know another business that had EPOS information flying around the network... so they implemented a dirty LAN. Problem solved, and people were able to connect via wifi. Well, more precisely, were able to show off the shop models attached to the dirty LAN.
I can make business cases for implementing BYOD, if there is a business case for it. In many cases, there is. However, it seems, quite a few people here still think they are a fictional character invented by Simon Travaglia. With that kind of a personality as IT dept head, it's like talking to a brick wall, and a wonder that anything gets done at all!
I don't mind the job not being easy.
What *I* don't like are your childish cries of "empire building" and passive aggressive "If anyone downvotes me..." when people disagree with you. For someone that claims not to be bothered by this stuff you sure do complain a lot.
A successful discussion on the benefits and risks of schemes like BYOD require an open mind on both sides.
(And FYI, I work in education, where we *do* support BYOD in the sense that staff and students can connect their own devices to our network as an enhancement to, not a replacement of, the systems we offer)
Well how about my childish cries of "Business without BYOD policy, got hacked, lost millions, I know, I was there"?
Or "Business that got hacked, implemented dirty LAN and segregated network properly, now has not a problem and people can connect what they like"?
Yes, I will accuse some people here of being imperious bastards because that's exactly what they are. They haven't given any real reasons other than "blah blah security risk blah I don't like it blah". I've already knocked over the security argument. There's nothing really left asides the "I don't like it" angle, which is basically being an empire builder who thinks they own the equipment the company paid for. So who's the childish one?
And who says you have to support every single last combination of hardware the employees bring in? You really think you're going to have to deal with making Microsoft Office work on a Raspberry Pi? I also didn't say that BYOD is suitable everywhere. See my post about the Census. What I am saying is that BYOD is inevitable, it is going to happen, it does have a business case in many places, and standing there like King Canute is not going to work. Deal with it, segregate your networks, and don't stand in the damned way.
Actually, Canute was the guy demonstrating that he doesn't have god-like power, but I digress...
1: One purpose of centralised IS provision is to consolidate services to a standard ensuring that one set of services meets all needs.
2: Another purpose of centralised IS provision is to have a single point of reference and contact for problem-solving.
BYOD, compared to a well-implemented corporate device provision policy, will by definition involve a wider range of devices and configurations. This will have two impacts:
With regard to 1) it means that consolidation of services requires more effort because, despite the actual tasks being the same, the tools used to complete the tasks are more diverse. Being able to support 10 applications requires more work than being able to support 5, even if just at the "how do I?" level, but especially at the patching/distributing/licence-tracking level.
With regard to 2) it means that you're spending more money on spare parts and loaner machines (because consumer devices mostly don't have NBD on-site support, and when someone's MBP needs a new motherboard telling them they've got no machine for a fortnight doesn't work out well, and that's aside from the way that the BYOD usage model doesn't tend to involve people putting their data onto shared storage where they can access it from another machine easily...)
So - you're requiring a potentially substantial increase in knowledge (ie training resource) from your support staff, and an increase in work required to keep up the standard maintenance work. And that's before you discuss the cost of implementing proper network segregation if you don't already have it.
At this point, the onus is on you to prove that this will still work out to be cheaper or in some other way beneficial to the organisation than using the standard corporate model. You've not done that yet. I agree that discussing it rationally with actual numbers/reasoning is the best way forward, but short of throwing the exact sort of strop that you claim anti-BYOD types of throwing, you've not really presented your case very well...
Student at the minute. Previous experience in warehousing, retail IT, technical support, oh and yes, systems maintenance.
I know what I'm there for. Do you? I'll regard any downvotes as being proof that I've pissed off some of the empire builders."
Carry on with that attitude sunshine and you'll never graduate from "student" to "employed". Things are done for a reason whether you agree with that reason or not is a different matter.
Tell that to the people whose very expensive printing equipment they would gladly trust me with any day of the week because they know I can get the job done (cash in hand, naturally).
Or maybe the myriad of customers that kept coming back to me, asking for me by name specifically because I didn't bullshit them around.
Perhaps the shift managers who would go to the other agency lads "okay, you go home, you go home.." and to me, "Fancy staying a couple of hours?"
Perhaps the warehouse manager who will gladly tolerate me calling him a fat bastard to his face because (a) it's the truth, (b) I know that warehouse like the back of my hand and I'm happy to heft 50kg around all night if that's what's required. Plus he just shoots back and calls me Jesus anyway. Dratted long hair and beard.
I guess as a troll, your post is successful simply because it elicited a response. Completely damned unsuccessful at making me out to be unemployable though. I know what work is: Do you?
...somebody posted an argument instead of "fuck you, you inferior being, I am the Lord Of My Empire".
And yes, can carrying must be done. However, under a BYOD policy, the IT lads should be there to support, and yes, occasionally to clean up the mess. Doesn't mean you're going to get the blame though.
You'd think nobody here had heard of dirty LANs.
Quit banging on about dirty LANs as if any real world admin had never encountered it and you've discovered the Holy Grail. The point is that at some point you will need to access information from somewhere on the corporate network else you cannot be productive (or do not really need a computer for your job) - networked drive, enterprise app etc and at that point you need to cross onto the LAN on which that resource is situated. At that point the system is open and your dirty BYOD is able to royally fuck things up. Even if the dirty LAN were to only allow internet access that still comes back to the company and their reputation.
(use your own broadband - what else do you think?) - it cause horrendous support headaches. You'd be amazed how many consumer grade routers, for instance, have subtle little incompatabilities that break various VPNs and so on, and as for having to deal with 20 different ISPs "idiot consumer only" helpdesks in order to try and resolve a tricky problem - its a b*****dy nightmare.
And of course IT are opposed to introducing massive non standardisation. because when the board decides they want a BYOD policy I'll bet you any mony you like they don't grant you a great big budget increase to reverse all the savings you made by having the standardisation..
As title, anyone who says otherwise does not work in IT and therefore doesn't get a vote.
This is nothing to do with empire building or being an "IT attack dog", I'm not a manager of any kind and share my technical duties with a couple of dozen other staff so I have no empire building options.
What this does have to do with is the detailed and complex technical issues and policies that make BYOD difficult and/or illegal to implement, as well as expensive and a nightmare to support.
You want to use your own laptop for work? Sounds simple until it turns out you want us to install company licensed software on it. Which as it turns out, we can't because if you actually read the details of the license agreement it clearly states you can only install the software on hardware owned by the license holding corporation.
Who's going to install and configure that software for you? You're certainly not going to do it yourself because we can't (that's right can't not won't) give you the license key. This because yet again the software company (Microsoft included here I think) stipulate that the license keys MUST NOT be given out to all users and be kept secure.
That means that our desktop support team now need to spend time installing it for you, this also puts responsibility for your device onto out staff. If it now develops a fault after they have worked on it, they could be held responsible since they worked on it.
The costs, risks and potentially insurance problems associated with this are huge. None of which exists if you have a company issued device with a standard software image on which has been rigorously tested.
There are many other issues similar to this, but this is just a great example.
I think there is a lot of FUDD about BYOD and BYOD means diferent things to diferent people... IT departments see BYOD as undermining their jobs, putting their security at risk and making more work for them, or making them unemployed...
(Who else has seen desktop teams that will only support Windows XP, no Apple MACS, on Windows Vista, 7, Linux, Mobile Devices etc. and hence have a lot to fear from BYOD)
Fundamentally BYOD is about ensuring that when a personal device is used for work purposes the corporate content is secure whilst on that device and in motion and also that that device does not pose a risk to the "corporate network." when using that network. However when you think about it, that is almost exactly what corporate IT departments should be aiming for with their existing networks and security and really no device on a corporate network can ever be fully trusted. (Think of all the passwords stuck on desks and monitors in the offices around the world!)
The idea that a few firewalls and IDS/IPS boxes will secure a network against all attacks died years ago and the reality is that even a corporately managed device ***can*** be a risk to a corporate network and to data security.
So really embrace BYOD and the positivies it brings to a company, its coming your way like it or not, as the CEO, CIO and both want to use the new iPad, iPhone, HTC OneX etc. they bought themselves on the corporate credit card without ITs approval, whether IT agree or not!
The dirty LAN I was on about in a previous post was set up after corporate controlled equipment got compromised and cost the business a couple of million pounds after hackers got into the EPOS parts of the network.
You hear that? No unknown devices were involved. The supposedly secure, supposedly vetted and supposedly "known" router got compromised. All the best laid plans and all that...
Since then, as I understand as I no longer work there, things are looking up. Dirty LAN. Do what you like on it. Nothing of importance there. Why can't people understand that?
You can convince yourself BYOD is inevitable but, as I see it, only a limited form is in use and it will go no further for reasons stated by the admins on this forum. The BYOD I see in play is the iDevices able to access corporate emails and that's only through a special access conduit. They have no actual network access (internal corporate LAN etc) and nor shall they. I'm not an admin, just an observer.
As for the statement about "CEO, CIO and both want to use the new iPad, iPhone, HTC OneX etc. they bought themselves on the corporate credit card without ITs approval, whether IT agree or not!". Yeah right. Breach of corporate policy. CEO isn't top dog as having one implies a board of directors is present. Breach of IT policy by anyone becomes an audit/governance issue especially if they are senior. Try and find a company post-GFC that wants to be listed as having audit/security/governance issues.
BYOD is arse because the entire point of consolidated and structured support is to reduce diversity of supported platforms so as to minimise overheads and maximise centralised system management efficiency.
In the absence of a fully-virtualised environment (and even then, how many crappy consumer cheapy laptops will boot from a VHD pushed out over the network and run it worth a damn?) this falls on its arse because instead of being able to have same-day/NBD onsite support for a limited range of platforms (even if this means buying and storing parts yourself) you have to wing it with a bunch of arsegravy-level hardware, not to mention putting up with supporting horrible home systems laden with personal data that make any support call a potential DPA-violating nightmare, dodgy software installs, OS installations missing every patch since the OS was released, and more.
Chances of that working out as cheaper than just providing a supported computer for those who need them? Slim to feckin' none, says I, and thus far none of the organisations who've measured the impact have provided numbers that suggest otherwise.
To the people posting about the pitfalls of letting the same laptop "little jimmy" has been messing about with onto a corporate network, yes you are going to get problems, when you're doing it wrong. As has been pointed out by many posters already, if you're going to use the client - server model on a non-segregated network then you are asking for trouble, and frankly, deserve everything you get for being so stupid.
"your device is a security risk."
No, I read this the other way: your network is not secure, hence any device can, and will, break havoc. Just because you think that nobody can fake a MAC address does not make it secure. Secure your network.
"Your device is also a licensing cost if you require software you do not currently have."
No, the entire BYOD model rests on the assumption that NO SOFTWARE NEEDS TO BE INSTALLED IN THE DEVICE other than a reasonable standards compliant web browser and/or Citrix receiver (available for a number of OSs), both do not require any license.
"Your device could left on a train just as all civil servants who have access to confidential information appear to delight in doing."
Aha, so out of your entire user population you have this 1% of HR/Finance guys that carry confidential information in their laptops. So 99% of the population have to suffer restrictions designed to prevent an irresponsible 1% from shooting themselves in the foot? No way.
"Your device could be compromised when outside our networks (especially if you have no AV meaning you're probably a Mac user who thinks he can't get malware)"
Secure your network. Secure your apps. Or better yet, use Linux and laugh at all those attack attempts from clueless drones. BYOD does not means that you get to fix little Scotty mess he got when he was browsing warez at home. BYOD means that YOU DONT SUPPORT THE DEVICE AT ALL.
"and then spread its infections to our machines."
Secure your network. Secure your apps.
"Your device may require us to support protocols and software we have no interest in or business case for supporting, such as the filth that is iTunes or Bonjour or that proprietary, resource hungry Quicktime crap."
See point before previous point. You don't need to support any of that, even the device itself.
"Your device may not support LDAP or Active Directory security."
Which are designed in a way that you have this illusion of control over the applications and networks but really don't prevent anyone determined enough to break into your network or applications? Secure your network. Secure your apps.
BYOD does not work for an organization that, because of backward compatibility reasons, uses unsecure OSs, unsecure apps or cannot expose an unfirewalled machine to the internet. So BYOD is not for everyone, especially big corporations with huge amounts legacy software.
Looked at the licensing costs and server requirements for hosting your grand plan have we? I'll give you a clue - for the period the other year where we were required to run the entire company on citrix due to a BCP event it was very fucking expensive. That was for just 2 weeks. Then you add in the fact that some applications cannot be used on citrix for licensing reasons or practicality reasons - I use a software package that absolute snaffles every last CPU cycle to speed up it's processing, want that on a shared server?
BYOD is fine if your network is ready to deal with it
BYOD is fine as long a your staff are ready to accept its limitations
Most networks aren't ready for BYOD because it's arrived in a relative rush with smartphones. And switching over to a deperimiterised model is a big step.
Most of the time there isn't really a very good business case until the current kit has depreciated off the balance sheets.
It's really mostly senior execs who want to wave iPads around in meetings and it might yet turn out to be a bit of a fad. Especially if staff suddenly find they have to keep their kit serviceable and up to spec.
+It's not as cheap as the vendors like to make out.
They won't want to accept sandboxed environment (VDI / terminal services / Xen / whatever) They won't accept restrictions on what they can do on 'their' device. They will insist that anything that goes wrong on the device ever again is the IT department's fault and they must fix it. They won't accept that some issues with compatibility or perfornance on their device are unfixable in a reasonable time, so it is reasonable for IT not to fix.
That is entirely not my experience in places that allow you to bring your own device.
Whether in academic or work environments, the attitude seems to be "your device, your problem". You might get some assistance if you ask nicely. The users expect that they will not be given root access to everything. The users are generally happy to be able to check Facebook during the break, or use a web browser on a device that isn't slower than pigshit rolling uphill in Winter.
Yes, I'm the AC who thinks that there are some right imperious fuckwits here. And yes, Citrix and RDP clients work nicely thankyouverymuch.
Can't get those stuffy bosses to buy new kit in the office just for a new GUI?
Go BYOD tomorrow get the simple worker drones to respond to sales pitches in the "Purchase-dormant" workplace.
This is a great way to get meaningless tech fashions into the everyday workplace and be able to insult those who see business issues as iLuddites.
We've gone to "no personal Phones connected to the company kit" as it was getting silly, heads down at desk - typing ? no updating Faceboot (spelling intentional).
Personal work ethic and awareness of legality needs to be in place before introducing more options.
One vocal proponent of "own kit" skinned his workstation. I asked had he got permission as required by IT Policy? er No.
But he had of course read the license to check it was legal to use in a commercial environment? er No.
"(petulant) Oh I'll uninstall it! it doesn't work well anyway".
where to start, where to start...
Biting the hand that feeds IT © 1998–2022