BYOD or Rogue IT?

Monday, October 22, 2012

Bill Gerneglia


Recent research shows IT management and business leaders are accepting, and in some cases embracing, "bring your own device" (BYOD) in the enterprise.

Rogue IT is the name given to the informal, ad hoc software and electronic devices brought by employees into their workplace. If IT managers are warming up to and in fact embracing BYOD are they as accepting of Rogue IT in the office?

Is Rogue IT simply an extension of BYOD? Is it cause for headache and concern for the systems, network, and database administrators of companies because of the additional exposure of their networks and databases to enhanced cyber security threats?

Recent research demonstrates some of the quantifiable benefits and complexities associated with allowing employees to use their own mobile devices on their employers' networks.

Most organizations are now enabling BYOD in the enterprise. As many as 95% report saying their organizations permit employee-owned devices in some way, shape or form in the workplace. 

Additionally, the average number of connected devices per knowledge worker is expected to reach 3.3 by 2014. This is up from an average of 2.8 in 2012. 

The mobility numbers are staggering and depict the increasingly global consumerization of IT  trend in most organizations. In 2012, the population of the world will reach approximately 7 billion. According to research from mobiThinking, as of January 2012, the number of cellular subscriptions worldwide was approximately 6 billion. The number of cellular mobile broadband subscriptions worldwide was approximately 1.2 billion.

IT managers are balancing security and support concerns with the very real potential to reap significant cost and productivity benefits from the BYOD trend. Research has shown that BYOD is just the gateway to greater business benefits. 

Over three-fourths (76%) of IT leaders surveyed categorized BYOD as somewhat or extremely positive for their companies, while seeing significant challenges for IT. These findings reinforce that BYOD is no passing fad and is here to stay. Many it managers are acknowledging the need for a more holistic approach to managing BYOD. 

This includes one that is scalable and addresses mobility, security, virtualization and network policy management, in order to keep management costs in line while simultaneously providing optimal experiences where savings can be realized. CIOs have concluded that mobility needs to extend well beyond BYOD to include the integration of service provider mobility, enterprise mobility, security, collaboration and desktop virtualization solutions.

OK so what about Rogue IT?

 It is permeating the organization through desktops, laptops,  and tablets.  Rogue IT is viral, unyeilding, and for the most part unstoppable. So as the CIO what do you do - embrace it, prepare for it,  or try to control and ban it from your organization?

Consumer oriented cloud-based software such as Evernote or Dropbox in the office are examples of Rogue IT. 

It is widespread in the organization as about 43% of businesses report that their employees are using cloud services independently of the IT department. This is according to a recent survey of 500 IT decision makers.

Previously, most enterprise software and hardware decisions were made by the company's CIO and the IT staff beneath that office.

 Rogue IT chages the traditional IT decision making process, effectively crowdsourcing IT choices to employees.  So what does this do to the traditional role of the CIO?  What does it mean for the future of IT at many of the largest global enterprises?

For the CIO at the enterprise level there is always room for improvement in IT policies, procedures, and guidelines. CIOs are typically most concerned with security, compliance and back-end compatibility and less with the usability of an application for the employee. This has resulted in less than intuitive operational applications used by the employees which over time make them less productive and less competitive within their industry.

The rapid growth of online, cloud-based SaaS applications permits ordinary workers to bypass IT and make their own software selections. This becomes a real issue for the IT department because there is now a problem with ownership and support for the application. 

Who is Responsible for a "Broken" BYOD Device or Rogue IT Anyway?

What happens when your employee's personal laptop or iPad is not operating rationally? Who are they going to call to assist them to troubleshoot?

Most likely the employee calls their corporate IT department for tech support.  Many of us enjoy complaining about the poor quality of tech and PC support at our organizations.

We may think our IT support is a poor performer, until we have to call the retail store where we purchased our mobile phone, or the manufacturer, or worse some 3rd party - because our device is not able to access the corporate email or an important corporate app.  

When there is a clear ownership of the device, eg. corporate owned device is the responsibility of the corporation to support, there is no conflict.

But when the corporate email simply "will not work" on an Android device - who should receive the tech support call - the corporate IT help desk? 

Here is where the finger pointing for support will begin. Should you call your email provider, hardware provider, carrier, or call the corporate IT help desk since you believe you have an established relationship with them?

Who ultimately takes responsibility for the support of Rogue IT? How does the CIO budget for BYOD and Rogue IT help desk support? 

Making a clear distinction in device support is difficult because if the problem exists with a personal device you really can not expect your IT organization to support all available mobile devices, or can you?  

It would be difficult to imagine your corporate IT support staff is competent to handle Apple, Samsung, HTC, Motorola, LG and any other devices each with their own operating system versions, applications, and local carrier issues. 

CIOs need to think about these tech support issues when they talk about increased productivity gains. 

How fast can your corporate support team offer support for a  device they own end-to-end, versus having to share responsibility and potentially finger-point with other vendors' support organizations?

CIOs often consider the outsourcing route. CIOs relish not having to have fully staffed help desk department that supports cell phone carriers, operating systems, applications, and corporate connectivity issues. This enables the CIO to focus on the important issues that should really matter to your company. 

BYOD initiatives and support issues such as these continue to cause headaches for IT departments. Their security mandates grow exponentially as they struggle to prevent corporate data leaks from their private networks onto public clouds.

Some of the biggest concerns of IT decision makers dealing with public clouds are the loss of corporate data and control of the location of that data. 

In the end, the best SaaS solutions are selected by the peer review process. Employees will beta test and evaluate various application options in the workplace. Eventually, through the selection process the most effective software emerges naturally.  The CIO's role in the selection process is reduced to signing off on premium, enterprise-wide editions of the most popular apps.

Once rogue IT becomes accepted by the CIO and the organization the next step in corporation implementation can take place - integration. The IT department will need to make sure standard corporate applications all work well together and are properly secured so that no corporate data loss can result.

The integration process requires the CIOs office to handle the details of collecting and integrating data with other corporate resources as well as assesing data security and regulatory compliance issues.

BYOD and Rogue IT offer hope to one day streamline the IT administration aspect of the CIO's role. 

According to Fortune, today some of the best crowdsourced IT solutions are social media based. Social Media is used by an estimated 1.43 billion people worldwide  has only recently been discovered rused to be an invaluable workplace tool. Employees can evaluate and  introduce new social tools that connect businesses and clients and increase internal productivity. 

Rogue IT and crowdsourced software decisions permit employees to voice an opinion in choosing intuitive, user-friendly software that can increase their productivity and allow the CIO to focus their attention on more strategic business oriented initiatives.

Cross-posted from MyITView

Possibly Related Articles:
Enterprise Security
Information Security
Enterprise Security Network Security Policies and Procedures BYOD
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.