Behold, the false securities of the BYOD bubble

Behold, the false securities of the BYOD bubble

Summary: Work on your own machine? Using cloud applications? Sure, it's a new day! Until things break. Then you're on your own. (A lesson from ZDNet HQ.)

SHARE:
16
bubble-flickr-justin-d-miller-640px

A word of warning, dear readers: this ZDNet post is about to throw ZDNet's own IT organization under the bus.

But hey, they should have been reading all our great bring-your-own-device coverage, you know? Got to keep them on their toes. (That's the fun part about writing for ZDNet: you are simultaneously the expert resource and the customer.)

We're a pretty tech-forward organization here at CBS Interactive. (For the unfamiliar, that's ZDNet's parent company; we share it with CNET, GameSpot and TechRepublic, among many others.) 

When Microsoft Outlook reared its ugly e-mail head, we ditched it for Google Apps -- across the entire enterprise.

When our corporate Lenovo PCs aged beyond recognition -- Windows XP, people, Windows XP! -- we began ditching them for Apple MacBooks.

We work from home a lot, we use VPNs regularly and many of our tools are built to be accessed outside the company network, on personal devices, desktop and mobile. 

We even had Steve Comstock, CBSi's VP of Site Infrastructure, make a guest appearance on a ZDNet Hot Topics webcast about BYOD.

All in all, not bad for big ol' CBS Corporation, right? We're not at the tip of the industry spear, but we're certainly part of its head.

There are many shades of BYOD, however. Enjoying these various capabilities à la carte creates a false sense of security -- that you're further ahead than you really are.

Today I learned that lesson the hard way. 

Because of our flexible work resources, I very often use my personal MacBook to work -- often from home. I'm using it right now, in fact. If there weren't a VPN icon running in my Dock, I wouldn't be the wiser. It's as seamless as you want BYOD to be.

The tool with which we file our expense reports is called TREX. The system is a Java applet that allows us to automatically pull in expenses charged to a corporate credit card, categorize them according to company policy and submit them to a supervisor. It's a little clunky, and occasionally gets funny with certain browsers, but it's a dream compared to anything involving a multifunction printer-scanner-copier and inter-office mail.

Here's the catch: it's a Java applet. That means the people who use it (that's me!) are subject to regular updates from Oracle, the parent company of the Java platform. As you'd expect from a pillar of the technology industry, Oracle does deliver those updates every quarter, patching security holes and bringing its platform into the present. 

As a responsible computer user, my personal machine is always up-to-date. I'm running Apple OS X 10.8.2 and Java version SE 7 Update 15. 

So imagine my surprise when I receive the following error message:

This application requires Sun Microsystem's Java 2 version 1.5 or higher; or IBM's Java 2 version 1.4.2 or higher; or Apple's Java 2 version 1.5.0_07 or higher. You currently have installed Oracle Corporation's version 1.7.0_15.

This is stupid, I think. I won't be in the office for at least a week, and I really need to get that expense report in. I'm already way behind on it, and I could really use the reimbursement I'm due. 

No problem -- I'll just file a ticket and get the IT guys to downgrade Java, since I know that it will take the central team awhile to address TREX's incompatibility with the latest Java update. 

I file the ticket. Within the hour, IT gets in touch.

"Is this your personal machine?" they ask.

"Yes," I reply. "But I'm working from home for a week, and I really need to file my expenses."

"Sorry, we are only able to work on company equipment."

"..."

That sound you just heard? That's the BYOD bubble popping.

For years, I have been happily working remotely thanks to the many cloud-based tools provided by our IT organization. For years, I have happily used my (superior) personal machine with a VPN, boosting my productivity and keeping secure.

Today, that false sense of security revealed itself. There was a visible glitch in the Matrix; this worker of the future got snapped back into the present. And the present is a world where IT will support but not service alien hardware.

I've always been fine with a world like that. In my opinion, if you break your own computer, you fix your own computer. If I buy into BYOD, I take on that risk. I exchange the responsibility of liability for freedom.

But what if your computer is just fine? What if, in an age of consumerization, it's the enterprise that's broken?

What then?

Photo: Justin Miller/Flickr 

Topics: Consumerization, Cloud

Andrew Nusca

About Andrew Nusca

Andrew Nusca is a former writer-editor for ZDNet and contributor to CNET. During his tenure, he was the editor of SmartPlanet, ZDNet's sister site about innovation.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

16 comments
Log in or register to join the discussion
  • complicated situation

    Truth is, blame is on your software support team. They should have updated your Java application to be compatible with current Java. They were either lazy, or didn't have the knowledge to do it, or even worse -- did not care.

    There is no fault at your side, except that you probably didn't know that you can install multiple JVM versions on your Mac. Just install an JVM compatible with your application and you are set. Well, you will have to handle the security aspects yourself :)
    danbi
    • More than one?

      You can have more than one JVM on a Mac? Cool! I love OS X!
      jsouza999
      • It's not an OS feature

        You can have more than one JVM on any OS. Be that OS X, Windows, Linux.
        tigerstein
      • Mp3Begins

        yeah i have tried one ..
        Mohammad_usman
  • meh

    "But hey, they should have been reading all our great bring-your-own-device coverage, you know?"

    Great?

    Meh, it's par for the course. New buzzword comes, everybody worships it. Nobody doubts it. Nobody questions it. It's the next big thing, "like it or not." Everybody's all sheep, no brain.

    "(That's the fun part about writing for ZDNet: you are simultaneously the expert resource and the customer.)"

    LOL. ZDNet writers have never struck me as experts at anything except flame bait.

    "We work from home a lot, we use VPNs regularly and many of our tools are built to be accessed outside the company network, on personal devices, desktop and mobile."

    Hence why ZDNet thinks every company on the face of the earth works this way and are extremely negative to companies that work differently.

    "We're not at the tip of the industry spear, but we're certainly part of its head."

    Good joke.

    I just come here because it's fun to argue.

    Truth be known, I get better tech coverage with Ars Technica. Ars Technica has a comment system that far rivals ZDNet's "Talkbacks," FYI.

    ZDNet can't even get the edit button straightened out. It's sad.

    "As you'd expect from a pillar of the technology industry, Oracle does deliver those updates every quarter,"

    I'd like to know what other "pillar" of the technology industry does it so rarely.

    Nope - Microsoft set the bar higher: It should be monthly, at least. Oracle is a laggard, not a pillar.

    And while we're at it, why *can't* you upgrade a personal machine yourself? Seriously, you guys are all gung ho about being the best and all that, shouldn't you be able to figure that out yourself? Why call your IT department for something like this?

    (adds another reason why I don't really consider ZDNet authors to be the best in their fields)

    "That sound you just heard? That's the BYOD bubble popping."

    A big bubble it is. ZDNet practically touts it as an object of worship, rather than a practical solution for some businesses. It's all about the buzzwords here, and how everybody should worship them.
    CobraA1
  • I've always questioned BYOD's ability to be successful

    And situations like this are exactly why. If someone is doing whatever they want with their PC, there's no way to know if every configuration is going to work with the required company resources.

    Yes, it would be nice to get the Java app on the server compatible with the new version, but many times vendors release new versions of things that cause problems, and the teams don't have them in advance to test, so there's no way they could have their apps configured as soon as the update is released. That's why companies like to do testing before rolling out updates and patches to their environment, and they can only do that if they control the update process on the systems being used in their environment. And as your example points out, the impact is on the users, not the IT support team.

    Chasing down problems on every potential platform that someone could use, with any number of configurations per platform, would be nearly impossible for any IT support group to cost-effectively support.

    People could install Internet security apps for their kids, or just some weird security program they heard about, or want an old version of something to run an old program they have, and who knows what kind of havoc that could cause. Having IT people go through anything that might be causing an issue or is not compatible is just not realistic, in my opinion.
    brble
  • Not So Fast, danbi...

    Oracle has a lot of this blame on them. In our case, they own Java and Oracle ERP. The Java hand of Oracle says "You need to be on Java 7 or buy a support agreement to support Java 6". The ERP hand of Oracle says, "We only support Java 6, so you can't upgrade to Java 7".

    Personally, I think Java is the work of the devil. The write once run everywhere promise only seems to work with malware. Every app seems to want its own version of Java.

    When you throw in Apple OS X into the mix, Apple updates will disable Java unless it is 1.7.0_13 or higher, due to the recent exploits.

    BYOD is vulnerable in that there are many different conflicting priorities using the same operating environment. Enterprise applications don't move at the speed of a 6-week browser release cycle or the JRE or Adobe update du jour.
    Uber Dweeb
  • BYOD is a fad

    Been saying it a long time now. BB will be the only smartphones allowed in big corporations in a year.
    Susan Antony
  • BYOD -- bad idea in most cases

    I'm an IT guy, so take whatever you will from here...

    Some users will upkeep their own systems. But most won't. They're don't have the time, inclination, or the expertise. So systems will have incompatibilities, will be virus-prone, will be easily hacked, etc.

    You can install Network Access Protection and the like to ensure that BYOD systems actually are secure, up-to-date, etc. But it's a pain.

    Still doesn't solve the problems of if anything is backed up or not. And what happens to the data if the user leaves the organization? If it's on their personal system, it just disappears.

    At ZDNet, where you are constantly testing and trying out new systems and software all the time, BYOD a fact of life.

    But for most business??? As long as you're bigger than 3 guys in a brand new startup? Bad idea. Spend the extra and buy your users some laptops. It's cheaper to implement and manage in the end. And it prevents muddled intellectual property and data ownership issues.
    mattb47
    • A little bit of pushback on the "at ZDNet..." comment

      We're not really a BYOD organization -- IT provides PCs for everyone.

      I got into a BYOD situation for two reasons: first, my personal computer was lighter and faster than the company-issued model, which makes a big difference when I'm reporting on my feet; second, I didn't want to take my computer back and forth, to and from the office, just because I spend my working hours in two different locations.

      So you might say that it would be cheaper (or at least easier) for IT to have upgraded my system more quickly and according to my needs, avoiding the BYOD situation altogether.
      andrew.nusca
  • The problem with TREX here...

    The short term fix for Andrew here?? Fire up Parallels / VirtualBox / Fusion. Setup a Windows 7 virtual machine. (These work really well on Macs.) Poof -- "corporate compliant" Win7 system. If necessary, have the CBSi IT team create one for you on a Mac with the same visualization software. FedEx you a usb stick / hard drive with the image for the VM, if needed. Run this if/when you have issues. Install whatever annoying non-up-to-date and insecure version of Java your TREX software is demanding.

    Heck, keep another Win7 (or Linux, or whatever) VM for testing, play, etc. Keep the "corporate" VM for dealing with the office network.
    mattb47
  • As an IT support person

    I'd have said exactly the same thing about your personal computer.

    In the past are days when I'd help a user with his personal computer because he can't get something done from home, only to hear later that his wife is complaining that her favorite no-name Photo Album software that she installed many years ago from the disk they don't have anymore is "acting differently" and "it's crucial to make it work the way it is" because "it's all our family photos for the last 10 years" and "can you get to to work the way it was before you did whatever you did".
    -nihilist-
    • I pity the fool

      ...who uses a "family computer" for BYOD. That's asking for trouble.
      andrew.nusca
  • So, You Have Abandoned Microsoft Products?

    So the ENTIRE ZDNET organization is anti-Microsoft!
    ldo17
    • Looks like it

      This may explain their pro apple stance.
      calfee20
  • My BYOD Nighmare

    I have to agree but here is another problem.
    I was doing a day job for a temp IT firm and had to bring in laptop. My only Laptop was my convention lap top I take to Anime, Furry and Science Fiction conventions. I had plastered with with hello Kitty and convention stickers. no to mention personal geek information, artwork and gladly no porn or henti.
    Luckily when got to the work site I found I could remove the plastic backing, not without some smirks.
    Still a bigger issue is propitiatory tools. what if I need to install tools like Lab View, who pays for it and who owns the data on my laptop.
    Richardbz