Some execs contemplate making 'Bring Your Own Device' mandatory

Some execs contemplate making 'Bring Your Own Device' mandatory

Summary: A cash-strapped state agency gets around budget shortfall by requiring employees to use their own smartphones, laptops and tablets for work without even reimbursing them.

SHARE:
TOPICS: iPhone
144

Many IT and business leaders have been laying awake at nights worrying about all those iPhones, iPads and Android devices coming in, making a mess with their corporate networks, and potentially compromising data security. But others say BYOD may be the only way to go.

At the recent Gartner infrastructure conference, Chris Cruz, deputy director and chief information officer at the California Department of Health Care Services (DHCS), described the agency’s new policy toward the workplace “bring your own device” (BYOD) phenomenon — do it, it will save us money. Plus, the state will no longer even subsidize employees for using their own smartphones for job-related activities.

Network World’s Ellen Messmer covered Cruz’s talk, in which he admitted that BYOD was the only way to get around the agency’s shrinking IT budget — part of a state budget shortfall of $16 billion.

The article brands the BYOD policy as “controversial,” since it is being contested by the unions, as well as the agency’s own information security officer.

But such a BYOD policy really isn’t that controversial at all.

There is already a huge, immeasurable amount of BYOD devices now being carried in and out of work settings on a daily basis. And at many levels, work and personal activities with these devices are already heavily blended.

For entrepreneurs and employees involved with smaller or startup enterprises, there’s no questions about using their phones and PCs for work-related tasks. It’s just the way well-connected individuals get things done.

And still, there are many unfortunate employees who are required to carry around two smartphones or two laptops — one issued by the business, and the one for their own purposes. Does this make sense?

Companies and agencies are recognizing that individual employees are doing a better job of handling and managing their devices than their harried and overworked IT departments — who need to focus on bigger priorities, such as analytics and cloud. Perhaps at some point this can be recognized at the federal policymaker level — and employees be allowed to write off part of the cost of their devices used for business purposes, just as self-employed individuals do.

BYOD policies such as that being instituted by this California agency also ultimately provide employees greater flexibility, with the option to work from home or other remote locations. It also reflects the blurring of the lines between work and personal lives. Productivity doesn’t necessarily spring from a cubicle, but in bursts. A well-connected employee, manager or entrepreneur shouldn’t be cut off at 5:00 pm.

Still, BYOD requires a great deal of attention to security. As Cruz explained, BYOD users would have to agree to have DHCS’s mobile device management software installed on their mobile devices, creating a partition between business and personal data, and enabling DHCS “the ability to wipe it if it were lost or stolen.” As Cruz explained, “DHCS mandated to have all mobile devices encrypted.”

As SmartPlanet colleague Heather Clancy reported a couple of months back, organizations and their IT departments really haven’t got their arms around the whole BYOD phenomenon, even though 60% of surveyed professionals were already using their personal devices for both business and personal activities.

Cruz’s plan is to phase out the agency’s funding of 1,500 Blackberry devices, and plans to extend the BYOD policy to laptops and tablets. While the policy is voluntary at this time, Cruz estimates it has saved the agency up to $500,000.

(Photo: CNET.)

(Cross-posted at SmartPlanet Business Brains.)

Topic: iPhone

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

144 comments
Log in or register to join the discussion
  • Imagine a laptop running Windows 2000 or Windows XP SP2

    [u]AS THE ADMINISTRATOR[/u].

    The California Department of Health Care Services? No information to worry about there. :/
    Rabid Howler Monkey
    • Accountability

      What happens when sensitive data does get loose and it is traced back to a byod device. Who is responsible? Who will they go after?
      rhonin
      • Who is "they"?

        The injured parties will go after the organization.

        The organization's management will attempt to push blame down the chain as far as possible. Pity all organizations don't have privates, corporals and sergeants.
        Rabid Howler Monkey
      • Depends, doesn't it?

        Fallout from risky behavior would fall on the operator in either case, wouldn't it? If the data gets loose because you're out cruising Monkey Spank with any machine containing sensitive data wouldn't that be on you?

        How about if that data gets loose because you don't maintain your machine? Keep it fully updated and patched? Once again that would fall on you.

        In my world if I don't use maintained tools, I use a torque wrench or cable tension meter thats been abused or doesn't have valid calibration and the aircraft goes down because of it, that would fall directly on my head, so it will [b]never[/b] happen.

        Welcome to the grown up world where we have to take responsibility. Not only for the tooling but also for it's condition and use.

        Seriously, I'm surprised you've been able to doge this for so long.

        .
        Rob Berman
        • Have to disagree

          Your title implies there is grey to the issue whilst your body says it's all on the tool wielder.

          being a former manager I have to take issue with the body. If management has made a call that BYOD is hunk-dory they are at fault. E.G. if management said "use that out of calibration tension meter" than it's on them, not you the tool wielder.

          Ultimately that is the difference between management and employee. The employee is not responsible for the well being of the organization and should not be held accountable for anything other than not following company policy and management directives.

          Why would anyone consider it "grown-up" to take the fall for a management directive? Unless of course you work in the financial industry where it's expected that employees and customers take the shaft for poor managment decisions...
          Charles Bundy
      • exactly

        its going to be a finger pointing game...
        Jimster480
      • The ideas expressed by Rob Berman

        Imagine someone not willing to play the system and cut off the hand that feeds them. Hats off to Mr Berman for accepting responsibility for his actions and performance on the job. I was educated in nuclear electronics in the Navy and realized I had responsibilities that could mean life or death were I to make a mistake. Employers can place requirements on their employees. Don't like it, look for other employment.
        partman1969
      • Huge consideration

        Our company restricts access to anything but company websites etc.
        You have to go through their network with the proper security. If you have to use your own device they would restrict what you access with it. I don't want anyone telling me what I can use my personal device for.
        Greywolf8577
    • And

      If they had not spent what amount to several small countries entire budget, many times over, on none workable IT initiatives, there would be no need for the fleecing of their employees. California is not the example; just the exception!!!!
      eargasm
    • Imagine any Windows, it would be untenable.

      Just use Linux without AV and security problems disappear.

      Ever try to remove Conficker from a corporate networked environment? You disconnect the computer Ethernet cable, disinfect the computer, connect it back the to the network, and in 2 minutes it is re-infected. And this is where the IT manager estimated all of the companies 50,000 workstations were infected. (updated XP, worldwide). People using infected flash drives probably caused the problem. (BYOFD = Bring your own flash drive.)

      If you are going to implement BYOD, Linux is the only way to go. Ubuntu or Mint running with no AV.

      If you are skeptical, run your own tests on a handful of computers, monitor security, and see if any problems occur.
      Joe.Smetona
      • And what about your applications???

        "If you are skeptical, run your own tests on a handful of computers, monitor security, and see if any problems occur. "

        Is this the only thing you have to offer - "Linux has no security problems, no need of AV and all your problems disappear". It seems to be a recurring theme in your posts.

        "If you are going to implement BYOD, Linux is the only way to go."

        Really, and is it going to run all those applications that you actually need to conduct your business? Office (real Office, not some half-compatible copycat), Autocad, SAP GUI, Photoshop (not Gimp, it's only half way there), Visual Studio, any 3D engineering package with broad based usage, Sharepoint, Project Server, any number of vertically integrated packages for doctors surgeries, dentists, hairdressers, salons, retail,...
        It's a pipe dream, it's like telling somebody their car will never crash but omitting to mention that it doesn't have an engine that works with the petrol everyone expects to be available.

        Oh, and how are you going to BYOD Linux when only 1% actually have it and 99% couldn't really care about getting it because they're more interested in a PC/Mac that runs things they want? The world is not made up of an army of Linux geeks.
        joneda1
        • Reply to joneda1. Without security you have nothing.

          [i]"Is this the only thing you have to offer - "Linux has no security problems, no need of AV and all your problems disappear". It seems to be a recurring theme in your posts."[/i]

          Really, that's the only thing you don't have to offer and never will.

          [i]"Really, and is it going to run all those applications that you actually need to conduct your business? Office (real Office, not some half-compatible copycat)"[/i]

          I would take LIbreOffice any day over that MS garbage that is tied into their OS allowing infections to constantly take over the computer. Did you ever have to play with MDAC versions to get Access to work properly? In your mind, Linux is some kind of MS copycat. News Flash: It's not. It stands alone. If it was a copycat and the LibreOffice was trying to be a copycat, it would have infections shooting out of it just like Microsoft does.

          Microsoft lies about it's products. The WinRT OS is using the same garbage Win32.dll's causing all the security issues in it's older brothers. Apparently, Microsoft isn't skilled enough to re-write them, and possibly gain more security in the process. Nice front end, but don't look under the hood.

          Check this short video out for another Microcrosoft turns soft bombshell: VMWare vSphere vs. Hyper-V:

          http://www.youtube.com/watch?v=-REWdIpQvaU

          Microsoft turns out to be a cheap scammer for all their products.
          Joe.Smetona
        • Reply to joneda1. Without security you have nothing.

          [i]"Is this the only thing you have to offer - "Linux has no security problems, no need of AV and all your problems disappear". It seems to be a recurring theme in your posts."[/i]

          Really, that's the only thing you don't have to offer and never will.

          [i]"Really, and is it going to run all those applications that you actually need to conduct your business? Office (real Office, not some half-compatible copycat)"[/i]

          I would take LIbreOffice any day over that MS garbage that is tied into their OS allowing infections to constantly take over the computer. Did you ever have to play with MDAC versions to get Access to work properly? In your mind, Linux is some kind of MS copycat. News Flash: It's not. It stands alone. If it was a copycat and the LibreOffice was trying to be a copycat, it would have infections shooting out of it just like Microsoft does.

          Microsoft lies about it's products. The WinRT OS is using the same garbage Win32.dll's causing all the security issues in it's older brothers. Apparently, Microsoft isn't skilled enough to re-write them, and possibly gain more security in the process. Nice front end, but don't look under the hood.

          Check this short video out for another Microcrosoft turns soft bombshell: VMWare vSphere vs. Hyper-V:

          http://www.youtube.com/watch?v=-REWdIpQvaU

          Microsoft turns out to be a cheap scammer for all their products.
          Joe.Smetona
          • Missing info

            You still haven't addressed how mission-critical business applications are going to run on these Linux boxes.

            Your "solution" is going to cause a lot more damage than it will cure for many businesses.
            ultimitloozer
  • Eyebeams

    The groans from the IT departments concerning "security" would carry a lot more weight if we weren't reading daily of another million credit card numbers hacked, or today's news... 60 banks robbed of $75 million. These aren't coming about because somebody brought an Android to work. These security breaches are in the crown-jewel production systems of very large organizations. The whole time the IT guy is pleading with the CEO to approve his plan to stop these rogue telephones from coming in, the CEO is wondering if he's next in the Hot Seat because the customers' privacy data -- supposedly encrypted behind 18 firewalls -- got posted to Wikileaks.
    Robert Hahn
    • Android? Did you read the article?

      The California Department of Health Care Services is tossing in laptops with smartphones and tablets. Plenty of break-ins started with the compromise of a desktop system, which includes laptops.
      Rabid Howler Monkey
  • Wouldn't use my device......

    I would not like to be involved with taking any chances of HIPAA information on my device. I can only imagine the repercussions when HIPAA information is found on a personal device....If they want to put their employees in that legal position, they better find the funds for paying for all those legal fees, not counting the lawsuits.

    Not for me. If you work for California Department of Health Care Services (DHCS) and they make you use your personal devices, run, don't walk, away from them before you pay the price for their stupidity.
    linux for me
    • Yes . . .

      . . . and there are many places for that data to hide. Browser cache is only one. Print a 50 page report filled with confidential info to your home printer rather than your office printer by mistake and it's in a print spooler. Then your laptop gets stolen, and nobody knows what was on it.

      You don't need malware - a correctly configured laptop is quite bad enough.
      sporkfighter
  • Sticking it to the employees

    As if it's not bad enough that wages are stagnant and a growing number of employers refuse to even buy basic supplies like stationary anymore, here comes another "stick the expense to the employee" idea so the stockholders can make more money. Personally I do not want any work data using up valuable space on my laptop or smartphone. I've already been down the route of using my own computer and cellphone for work (without reimbursement) and it stunk. The company-installed programs were impossible to remove and I had to wipe my computer clean to get rid of them. In addition the idea that my employer could spy on my personal activities on my personal devices is enough to say NEVER AGAIN.
    sandawana
    • It is what it is

      The sad thing is, you and all the people who made your note "Top Rated" are ranting against reality. The State of California is for all practical purposes bankrupt. People who work there are facing pay cuts, layoffs, and muscle-not-fat budget cuts as far as the eye can see. Crabbing about this does no good. It's reality.

      The second thing that's reality is the 8% unemployment rate. If you don't want the job where you have to buy your own phone because you say NEVER AGAIN, nobody cares... there's another shmoe right behind you in line who will take the job and be happy to find work.
      Robert Hahn