Bring Your Own Device (BYOD): #8 Tips From the Field For a Successful BYOD Adoption

Posted by: Admin  :  Category: Web Hosting

Linux Cpanel shared hosting: 600 GB disk space, 6 TB bandwidth, free domain, unlimited databases and ftp accounts, web hosting cheap and pro at Hostony

Last week we have received a support request telling that a user is being locked from the Active Directory continuously. We turned to the user (who was very annoyed) and asked her about any mobile phone or tablet that she may be using that has the corporate email account defined. She told us that she used to be using a Nokia feature phone but she has switched to iPhone and not using the Nokia anymore. We kept that and began investigating the issue by the logs and saw that she was receiving “bad password” error in every five minutes with +/- 15 seconds of difference. Digging deeper, we saw that the bad password was coming from the Exchange Server, logs directing to the hardware load balancer. When we took a network capture from the load balancer. We have narrowed to log to the second that the account received a bad password error from the Active Directory to see the IP address that made the connection. And voila! The IP address that we found belonged to an IP from a mobile carrier. Once again we turned to the user and told that a device that belonged to her, connected to that mobile carrier is trying to connect with a wrong password. She told us that she had given her Nokia phone to the repair shop and most probably the shop is testing the phone. Ticket is closed.

The whole process showed us one thing: not having a Bring-Your-Own-Device is an invitation for a disaster and not taking the necessary steps is insisting on having a disaster. This support request could easily turn to be a crisis and even downtime. As I have discussed thoroughly in the article series, these disasters can be avoided.

Before rolling out the BYOD policies, make sure that you reevaluate your existing infrastructure. This includes password change policy, existing devices that will handle the additional load which will come from the employees’ devices, firewalls etc.. Consumer-grade devices will not be able to cope with the new devices’ loads: wireless access points will serve more devices, servers will answer more queries and switches, routers and firewalls will handle more traffic. Also the network bandwidth has to be upgraded.

Supported devices and the platforms and the level of support has to be clearly defined. At one point, you will inevitably find yourself trying to cope with various Windows and Mac OS releases, Linux Distributions, iOS, Android, BlackBerry versions, ChromeOS and God knows what else. Also you are not guaranteed that the users will be using the default applications; for example what will your answer be if a user opens a ticket that says he cannot sync his Google calendar with the company’s Exchange calendar using a third-party calendaring application on a supported Android release? Limit supported devices and supported applications. Or go mad.

Next on the list is employee training, which I have spoken extensively in my previous article. The training can turn out to be a “BYOD 101” class, but it is necessary. In terms of user/device security, keeping antimalware applications updated, keeping their data secure on untrusted networks and various other security issues should be clearly communicated. The users should be reminded that failing to comply with these could expose all the enterprise network to exploits. It is easy to train the users in advance rather than dealing with the aftermaths of a breach later.

Linux Cpanel shared hosting: 600 GB disk space, 6 TB bandwidth, free domain, unlimited databases and ftp accounts, web hosting cheap and pro at Hostony

Requiring device registration is a must. A simple registration form asking the device make, model, MAC address, mobile carrier and the user is enough. Considering the case above, with this information, we could easily figure out the device itself. Considering the overall infrastructure, this information would help us track the users who are bringing their devices, who are abusing the policy, block offending users and even block the devices.

As I have told in the second article in the series, BYOD is a swift revolution and it is not possible to stand against it. It is not time for the administrators to complain about the incoming devices and the anticipated headaches. It is time for the management to sit down, understand the BYOD trend and take the necessary steps to lessen the load both on the users and the IT personnel. With these tips, I cannot say that your company’s BYOD adoption will be painless, but I can guarantee that following these tips will lessen the pain.

Web Hosting Geeks’ Blog

Linux Cpanel shared hosting: 600 GB disk space, 6 TB bandwidth, free domain, unlimited databases and ftp accounts, web hosting cheap and pro at Hostony

Bring Your Own Device (BYOD): #7 BYOD Training

Posted by: Admin  :  Category: Web Hosting

When the company works out the policies and procedures to the BYOD initiative, the next step is to start the company-wide training. The training needs to communicate the way the company will handle the BYOD transition. There are two types of employees that will be partıcularly harder to manage: the senior management who thinks the rules don’t apply to them and the youngsters who think the rules are there just to be bypassed. The company has to communicate clearly that the breach of the policies will be “treated appropriately” during the training sessions.

The first element in the training session should be the BYOD initiative: how it started, how it happened and why it is important for the company. Then the company’s acknowledgement of the initiative and its way of managing it should be clearly communicated. This introduction to the training will help the employees understand the company’s decisions better.

The next thing is to discuss the BYOD initiative in terms of supported devices, supported mobile operating systems, supported access to the company’s network and supported applications on the employee devices. It is important to tell the employees why and how such supported platforms are decided; for example the newer version of the productivity application is not yet supported because it has incompatibilities with a certain plugin used throughout the company.

Since BYOD is about employees' own devices, training sessions are where the company has the chance to  communicate with the employees about the policies.

Since BYOD is about employees’ own devices, training sessions are where the company has the chance to communicate with the employees about the policies.

Reimbursements are better covered in the training sessions. Almost all employees will be questioning how the company-related expenses (call minutes, data use, SMSs) will be handled. It is better to talk about all the reimbursements in detail, including how the employees will apply for them (experience: a hands-on exercise on reimbursement application will calm everyone down and keep their focus on the training).

Corporate access, security, data ownership, and employee responsibility has to be covered in the training (experience: since the whole issue will be boring to the most of the employees, it is better to talk about the main points shortly and have a Q&A session in the remaining time). The corporate access and security part should cover how the employees access the corporate network from the corporate Wi-Fi and from the public/hotel Wi-Fi, device password and loss/theft of the device. (I also recommend to include the Virtual Private Network (VPN), access to Customer Relationship Management (CRM) and automation tools (if any, such as SalesForce) in the session. Users may already be familiar with these systems but putting them into training is what’s important.) The data ownership should cover the corporate/personal e-mail, social networks, corporate/personal contacts and the company data on the employee-owned device. The employee responsibility is the part where the technical details, such as logging in to the corporate network, receiving software, applications and updates, the responsibilities to comply with the policies and the results of breaching the policies should be clearly defined.

The employees should be aware of the Enterprise Mobility Management (EMM) application that the company uses. The main misconception with the EMM application is about having someone else – the corporate IT in this case – managing a personal device. During the training session, talking about the EMM application, why it is there, what it does, how it manages the devices and how will the BYOD user will benefit from the application will be wholesome to both the company and the employee in clearing out the misconceptions.

Finally, the training session should include how the corporate support will be provided to the BYOD users. The points that should be emphasized should be the level of support for everyday use for each device, the escalation paths and the support cases with lost/stolen devices. If a self-service portal is already available on the corporate Intranet, it is better to inform and point the users to the portal during the training.

As many things in the life, BYOD is not a destination, rather it is a gateway to many possibilities. Once the companies take solid steps to BYOD implementation, most probable next step will be the mobilization of the corporate data. By this, I do not mean mobile access to corporate resources, as I have covered through the BYOD series. Rather, I mean shaping the enterprises for the mobility – from in-house developed applications to the Big Data infrastructure. From today, it is important to have a solid understanding of the mobile future and plan for it.

References

Web Hosting Geeks’ Blog

Bring Your Own Device (BYOD): #6 BYOD Project Management

Posted by: Admin  :  Category: Web Hosting

When the company is done with setting up the BYOD path, the next thing is to get it going. To successfully implement the BYOD the transition, it is better to put it in a formal project context and form a cross-platform, cross-skill team to manage the technology, security, financial implications of the transition.

Although BYOD initiative looks basically an IT-related issue, access to the corporate resources via employee-owned devices complicates the project. Naturally, in order to form a successful BYOD transition project, the project team will need to be formed. I recommend the project team to be formed from various departments and from various skill levels. At the very least, the project team is better formed by a person from the management, one from the IT department, one from the accounting/finance department, one tech-savvy user (better if an early adopter) and one late adopter. Not only having different perspectives from different departments will address many issues before they happen, but also they will better enforce the project outcomes throughout the company.

The project team will answer the simple questions that I have discussed so far in the series:

  • What are the current policies with employee-owned devices?

  • What are the business goals in implementing BYOD?

  • How will the risks be managed?

  • Which devices/operating systems will be supported?

  • Will there be exceptions with certain departments/personnel? [warehouse, off-site, customer-facing personnel etc..]

Reimbursement is where you will need to spend some time to make it fair for both the company and the employee.

Reimbursement is where you will need to spend some time to make it fair for both the company and the employee.

The answers to these questions will form the outlines of the BYOD project. After the outline is defined, there will still be some more issues here and there that will need to be worked out. These issues are not less important but they need to be considered “inside the outlines” of the project. That means, if one issue contradicts one outline, it either needs to be rejected or the outline is to be reevaluated.

Data ownership, which can be considered inside the risk management is where the project team needs more support. Having corporate and proprietary data on employee owned devices is a nightmare that should be properly managed. I recommend adding someone from the legal department (or the company’s lawyer), a representative from the content owners and an employee from the information security team. From my personal experience, I would like to emphasize that the perspective of the team should be enabling the business, rather than restricting it, which is clearly the easier way (I have yet to see one company which that does not happen). If the company chooses to restrict, the employees will find a way to circumvent the restriction.

The outcomes from the policies should also be delivered to the help desk. The help desk policies and procedures need to be revised according to the BYOD policies. In addition, the procedures to support the BYOD users has to be defined and written. Again, from my experience, before handing things over to the help desk, I recommend publishing self-service guides on the company Intranet. At the very least, having corporate e-mail account setup guides that cover different devices [Android, iOS, Windows Mobile and BlackBerry] will cut the help desk calls almost in half.

Financial elements, especially the operating expenses is another issue. Think about the following: most probably the employee owned devices will have one SIM card. But the employee will use the same device for both personal and work related issues, meaning that the calls, data and messages will be under one invoice. Here, the BYOD project has to clearly define the reimbursements to the employee. The input from the accounting/finance department at this point will be crucial.

Once these issues are worked out, the next step is to document them clearly. Considering the very nature of the advancements in the consumer technologies, the documentation also needs to address the continuous evaluation and revisioning cycles. The evaluation has to start from the launch date and take both the feedback from the employees and reports from the Enterprise Mobility Management application into account. In a world where changes happen and adapted overnight the policies and documentation should be reviewed and updated frequently. I believe that in current business environment, quarterly evaluation and update of the policies will be enough for almost all companies.

References

Web Hosting Geeks’ Blog

Bring Your Own Device (BYOD): #5 More Than Just Security

Posted by: Admin  :  Category: Web Hosting

There are many companies which try to resist BYOD just because of the security implications. Although I see this resistance futile, it is there to stay for some time more (I have discussed this in the first two articles:  #1 Web of Things and #2 The Swift Revolution).

If you remember, in my article titled “The Corporate Face” I have taken the view from a Chief Technology Officer’s (CTO) perspective and asked the questions which the CTO will have to answer with her IT team. The questions that I asked in the article were mainly technical questions, which the majority of them that could be solved with simple procedures.

In this article, I will try to explore the gray areas of the BYOD initiative without touching security. I will try to see what additional topics should the IT departments be discussing to support the myriad of different devices which come with myriad of operating systems (and operating system versions). I will also keep the perspective of company-subsidized devices, together with the employees’ own devices.

The device is a whole discussion in itself. Which devices – the brands – will the company support. You may argue that in terms of support, it is the operating system that should be considered today, rather than the hardware vendor. Not completely true. The consumer-grade vendors act according to the consumer rather than the enterprise preferences. Consumers like to have the cutting-edge devices and can renew them yearly, even more frequent, depending on their budget. When thinking about their own budget, they do not think too much about servicing, maintenance and procurement. They also do not think about the lost/stolen devices, which they can easily cover with an insurance. These are some of the cases which the consumer and enterprise preferences do not align. In the case of company-subsidized devices, where the company has some control over the purchase of devices, the budget, lost/stolen device and the servicing issues has to be clearly discussed and laid down in procedures. Having an approved device manufacturer list is likely to assist both the corporate IT and the employees.

Shattered iPhone

Ruggedized devices may look ugly, but  surelyyou do not want to end up like this,

Of course the device selection is not constrained to what I have just talked about. If you are a company having operations outside the shiny business offices, then you need to think about ruggedized devices. iDevices, glaring notepads are simply too fragile for warehouses, construction sites, air-cooling rooms and any other places where the device will be subject to rough handling. In such areas, the company has to have thick borders with the choice of devices. If the employee drops the company-subsidized iDevice to the concrete in the warehouse, she has to bear the burden to fix it from her own budget.

There is of course the issue with the proper and professional use of the devices. In almost all companies without an exception, I have seen executives using company-issued devices personally. This includes having unsupported applications installed on notebooks, photos of family eating up  the phone’s storage and the like. Reasonably, I cannot say that the employees must have a separate device for business and another one for business. Nobody, including me, will prefer to carry two devices where both can do the same thing. But there are applications to overcome this problem, which allow you to separate your work and personal life on one device (one of them is Divide). The company can force the users to have such software installed on their  company-subsidized devices.

Think of these applications as virtual machines running on the devices. Business-related data – applications, user-created content, shared data – is completely isolated from the personal data (technically, such applications create an encrypted partition where the business-related data is stored and managed). They solve the problem of data ownership and application management.

Of course these discussions cannot be thought at the IT-level only. The discussions are far from the CIO level, encompassing the whole company overall, especially the B- and C-level executives. If the IT department does not have the agreement and support of these executives, then the company has more to think about than the BYOD. How will you enforce policies on your staff when your B- and C- level executives disregard them?

References

Web Hosting Geeks’ Blog

Bring Your Own Device (BYOD): #4 Managing the Revolution

Posted by: Admin  :  Category: Web Hosting

Quoting straight from Wikipedia, Enterprise Mobility Management (EMM) is “the set of people, processes and technology focused on managing the increasing array of mobile devices, wireless networks, and related services to enable broad use of mobile computing in a business context.” I will focus on the “technology” part in the definition and go a little bit deeper (for the process part, I recommend you to read the previous article in the series).

Enterprise Mobility Management brings a couple of questions that a company should evaluate before it chooses an EMM application. I call them “scopes” of the EMM concept, which I hope will help the IT decision makers analyze their prospective EMM application.

Security tops the list as one would expect. From an EMM perspective, security is about accessing the corporate resources on the mobile devices, whether through accessing corporate network via VPN or through cached data. Due to the very nature of the mobile devices, they can easily be stolen and once compromised can pose an immediate threat to the company. Considering a 360-degree security viewpoint, the EMM solution has to provide solutions to limit and revoke access to corporate systems, wipe data remotely, provide/enforce central security policies and encryption.

Enterprise Mobile Management

EMM Solution has to manage a broad range of devices. With BYOD, IT can never know which device it will have to manage.

Device management is one of the pillars of the EMM. Once devices are secured, they will be managed. Device management has to provide solutions to access to the device’s resources and audit them. This management should include the following:

  • accessing device use, such as status and usage at the very least,

  • location tracking, even if GPS is not present, coarse tracking with cell tower triangulation is acceptable,

  • hardware management, such as blocking camera use when or where necessary,

  • Active Directory integration, if Active Directory is used,

  • profiles for personal and corporate use (there is a demand for encrypting the corporate profile, which can be made possible by certain mobile applications in almost all platforms. However, in a solid EMM infrastructure, this has to be a part of the EMM platform, rather than an enforced application on the device.)

Application management is another pillar of the EMM infrastructure. Although application management is a complicated process, there is no reason why it cannot be divided into its parts and managed so. The must-have elements in the EMM solution is:

  • the ability to inventory the apps that the users have on their devices,

  • the ability to view the app permissions,

  • the ability to offer black, white and grey lists for the users,

  • monitor device use in terms of network activity.

The EMM solution has to be thought of carefully in terms of applications. There has to be clear procedures speed up application evaluations on the corporate side; if the application version is 4.0 and the latest approved version is 1.3, the corporate IT will clearly lose the game. What has happened with the BYOD revolution will happen again: the users will try to find a way to install the latest version. In this example, if the latest approved version is 3.8.5, then the majority of the users will follow the procedures. The EMM infrastructure has to allow this quick response to the users. Although too much to ask today, the corporations will be demanding their own “corporate app stores” from their EMM solutions tomorrow.

In terms of network activity, the EMM solution has to monitor the network use of the device from an intrusion detection perspective. Or rather, the solution has to work together with an intrusion detection/prevention application to detect suspicious activity from the devices, such as requests to access to corporate resources when the device’s status is idle.

Content management is another issue in the EMM infrastructure. More enterprises are deploying content management solutions such as Microsoft SharePoint to allow quick collaboration on the documents and displaying business intelligence results. The EMM solution must ensure that not only the corporate content is synced with the device but also is not accessible if compromised.

When the scope is defined clearly, then the stage is set for the EMM solution evaluation. As of the writing of this article, there are about 30 EMM applications in the market. The applications come from a variety of vendors, such as:

The BYOD revolution just happened. Now the IT decision makers need to find a way to manage the revolution. If the IT repeats its past mistakes, it is doomed to be taken down by the revolution. The IT decision makers must remember that the board of directors are also the users of the various systems and they are also a part of the revolutionists.

References

Related posts:

Web Hosting Geeks’ Blog

Bring Your Own Device (BYOD): #3 The Corporate Face

Posted by: Admin  :  Category: Web Hosting

Bring Your Own Device essentially became the companies’ way of shifting mobile device costs from the corporate budget to the employees (the other heavy burden on the employees is the expectation of  high availability, but this is outside the scope of this article). Although the costs were somehow shifted and can be justified on the paper, it was just the beginning.

It was not a game of hit’n’run. Although the companies succeeded in the first round, they had more to think about the future. In fact, what they did presented more challenges. Here is a small, non exhaustive list of issues that the corporate IT departments should rather be discussing:

  • Which devices can fully be supported? An environment supporting ActiveSync is OK to some degree, but will you change procedures to support POP access to e-mail for the legacy devices?

  • Android Accounts

    Is it OK to support only Exchange Active Sync for email, calendar, tasks or will the corporate communication application be also supported?

    To what extent will the devices be allowed on the network? In the best-case scenario where ActiveSync is used, will the support be limited to synchronizing emails, calendar, contacts, to-dos, notes only or will the devices be allowed to access file servers or collaboration applications or even in-house applications?

  • To what extent will the device owner (the employee) will allow corporate management? Will she allow remote wipe? Will she allow application installation? Will she allow IT policies on her device? If yes, to what extent? If no, will her device be allowed to enter the corporate network?

  • How many devices per person will be supported? An employee can have a smartphone, a tablet, an ultrabook and say a multimedia player, all in the supported device list. Will the support be available for each device?

  • Is the network capable of handling the additional load by the mobile devices?

  • Which operating systems will be supported? At the time of this article, the newest Android release was 4.2, but there are millions of devices sold with 2.3, 3.x and 4.x releases. What about the iOS releases? What about Windows phone – support for legacy 7.0, or the dead-end 7.5 and above or just the current release 8.0?

  • Which devices will be supported to what degree? Is it OK for a supported device owner to contact the corporate help desk to get support for her device, say changing alarm tone,  or will the support be limited to accessing corporate resources?

  • Which applications be supported? If you just think about the stock Android browser and Chrome is OK, you are dead wrong. One of the hottest selling tablet is Kindle Fire and it has its own browser, called “Silk.”

  • What if the app required to create or manipulate data is a paid app? Say, what if a mobile office suite is required to edit spreadsheets is a paid app? And what if this paid app is offered free by the manufacturer on one device and not offered at all on the other?

  • Will the jailbroken/rooted devices be supported? If the corporate IT is allowing “own device”, will it not allow “own customization”?

  • How much security on the device is allowed? Is it OK to allow any reputable, up-to-date security app running on the device or the mobile version of the corporate security application be enforced?

The issues show us one important thing: the IT and the user became the partners. The IT department is no longer the one that holds the stick and imposes its standards on the users: the IT needs to sit down with the users and find a way that is beneficial to both sides. With the focus on the user and the above questions cleared, the IT has to sit down and think on its own. IT is not the enforcer anymore. It has to find a way that can harmonize its work with the users.

A list of humble recommendations for the IT department:

  • Open channels to allow employees to speak their ideas. The enthusiasts know more about apps then the IT pros, and they have tried it. Why not establish a group of enthusiasts to take part in IT decision making, letting them submit app requests, app reviews, recommendations, test results?

  • Bring social to the enterprise. Connect your employees, tell them the plans, engage them in projects. E-mail is OK, but now is the time to go social. (Hint: start by checking Yammer. It’s free.)

  • Speak with the vendors. Arrange meetings and time to time ask select enthusiasts to join the meeting with the vendors. Engaged, enthusiast employees demanding additional services from the vendors, together with the solutions that the vendors applied in other companies will result in overall increased productivity in the enterprise. Win-win for everyone.

  • Discuss things with both young and older employees. Young employees bring high expectations, old employees blend them with the experience. If you follow the myth that the older employees know less, you are trashing wonderful ideas upfront.

  • Think digital. If you are purchasing books for the corporate library, think about the soft copies, ebook organizers and mobile deliveries to employee devices as well.

Once all these are discussed and the policies established, the next step is to manage the enterprise mobility.

References

  • Featured image: http://redboardbiz.rogers.com

Related posts:

Web Hosting Geeks’ Blog