BYOD: When Cool! Entered the Data Center

Transcription

1 BYOD: When Cool! Entered the Data Center

2 Jim Dossias Director, Cisco Practice Logicalis BYOD If you don t work with users on the devices they want, they are going to do it anyway, and that s worse. According to a 2011 IDC study, 41 percent of the devices used by information workers to access business applications are ones they own themselves, including home PCs, smartphones, and tablets. Face it. End users have stormed the once secure gates of IT and a new acronym, BYOD (bring your own device), has taken over the palace. Turns out the consumerization of IT the rising trend of information technology showing up first in consumer markets has friends in high places. Ever since the CEO and CFO started sending imessages to each other on their iphones and showing up at board meetings with ipads in their briefcases instead of laptops, the IT department s secure lock on corporate technology and corporate data was busted. Cool! had entered the data center, and IT would never be the same again. Strangely enough, though a scenario that has been a recurring nightmare for IT departments everywhere has come true, it might not be so bad. IT departments that have avoided the kneejerk temptation to resist the trend toward the consumerization of IT and are taking steps to enable user-owned smartphones and tablets are cautiously optimistic. The wide area networks (WANs) appear to be able to handle the extra demand, corporate data is still secure, and all of those end users wandering around armed with their own technology aren t calling them for support or otherwise bringing the whole IT environment crashing down around them. At least for now. Many organizations had already taken a halfstep toward consumerization by installing a Blackberry server so employees can check and voic on their Blackberrys. That just left the door ajar. Smarter phones, a proliferation of tablets, and an expectation of instant communications, social networking, and downloadable apps have now kicked the door off the hinges. And there is no replacing it. Who s in Charge Here? Logicalis Director of the Cisco Practice Jim Dossias is an IT realist. If you don t work with users on the devices they want, they are going to do it anyway, and that s worse. The numbers are on the user s side. According to a 2011 IDC study, 41 percent of the devices used by information workers to access business applications are ones they own themselves, including home PCs, smartphones, and tablets. That was up 10 percent in one year. Interestingly, the same survey found that 70 percent of employees reported they already accessed corporate data with their own devices. Smartphones have led the way, but tablets a product category that didn t actually exist until

3 BYOD BENEFITS Employee productivity Employee job satisfaction Increased collaboration between employees, partners and customers Enhanced sense of partnership between the IT department and end users Don t sleep through the alarm. You can t plug these things in, people! Check out the Wireless Wakeup Call on page 5. recently are right behind them. Deloitte LLP forecasts that companies will buy more than 10 million ipads this year. The consumerization of IT converges and borrows momentum from the telework trend, which further escalates unified communications from nice-to-have to must-have technology with buy-in from the top of an organization down. It used to be that you could single out a few businesses/industries that were considered mobile: healthcare, for example, professional services, and distribution. Today, all businesses are mobile businesses. BYOD Benefits Some of the benefits IT departments are reporting from BYOD involve hard savings, as organizations shift at least some of the cost of the device to the user. But most of the benefits are soft. For example: Employee productivity - Smartphones allow employees to spend less time checking their voic and and more time getting things done. Employee job satisfaction - Employees like being given a choice and treated as if they can be trusted to handle the responsibility. Increased collaboration between employees, partners and customers - The reason that smartphones and tablets became so popular is because they do in fact make communicating easier and more natural. Enhanced sense of partnership between the IT department and end users - There is a very real opportunity for IT professionals to ride the populist tide of enthusiasm for technology out of the data center and into the mainstream of corporate life. Technical and Cultural Avalanche This is not to say that the BYOD trend doesn t have the potential to set loose a technical and cultural avalanche of change for IT pros who are still recovering from the client-server trend of 20 years ago. BYOD has a simple appeal for the end user: I get to use my spiffy new smartphone at work cool! What goes through the mind of the typical IT person is more complex. Do I have the network infrastructure to support all of those access points and IP addresses? Do I have appropriate security in place? What is appropriate security? Do I have the necessary capability from a server perspective?

4 What s going to happen to my Internet pipe when everyone who comes into the building wants wireless access? Do I have enough bandwidth? BYOD raises a lot of questions, says Dossias. It s a problem, frankly, that IT doesn t love to have. At the same, Dossias is a user, too. He s hooked on Cool! His BYOD of choice is an iphone with the Cisco Jabber app on it. I can take it with me wherever I go. I can get . I can IM. I can call people and WebEx them just like I m on my PC. It s my personal device, my freedom device almost. It unchains me. I carry it wherever I go so my business travels with me. Clearly, BYOD is not just an IT issue. The implications and the liabilities extend to the major stakeholders throughout the organization including finance, legal, HR and the business leaders. The table below identifies the set of considerations that needs to be addressed for specific tactical/strategic IT functions. There are so many dimensions within dimensions that there are lots of ways things Tactical/Strategic Area Business continuity planning and disaster recovery Host management (patching) Client configuration management and device security validation Remote-access strategies Software licensing Encryption requirements Authentication and authorization Regulatory compliance management Incident management and investigations Application interoperability Asset management Support Considerations Should non-corporate devices be granted access or restricted from business continuity planning? Should there be an ability to remotely wipe any end device accessing the network if it is lost or stolen? Will non-corporate devices be permitted to join existing corporate host-management streams? How will device compliance to security protocols be validated and kept up-to-date? Who should be entitled to what services and platforms on which devices? Should a contingent worker be given the same entitlement to end devices, applications, and data? Should policy change to permit installation of corporatelicensed software on non-corporate devices? Do existing software agreements account for users accessing the same software application through multiple devices? Should non-corporate devices comply with existing diskencryption requirements? Will non-corporate devices be expected or permitted to join existing Microsoft Active Directory models? What will organizational policy be on the use of non-corporate devices in high-compliance or high-risk scenarios? How will corporate IT security and privacy manage incidents and investigations with non-corporate-owned devices? How will the organization handle application interoperability testing with non-corporate devices? Does the organization need to change how it identifies the devices it owns to also identify what it does not own? What will policy be to support non-business-owned devices? Source: Cisco

5 Wireless Wakeup Call can go wrong, says Dossias. IT has to crawl before it walks. He recommends a phased approach. Don t roll out BYOD all at once. Easing into BYOD There are several ways to ease into BYOD. You can begin with proxy-based access to enable mobile mailboxes, and ramp up to allowing trusted devices that meet a security baseline. Some organizations, like Logicalis, provide a stipend to select groups of employees who can choose from a list of approved devices. Enabling BYOD for specific sets of users makes it easier to monitor and manage their activity. They effectively become a proof of concept test case you can use to evaluate your ability to enable other sets of users and, if there s a problem, it s also easier to contain. Deciding who owns what can be problematic. Typically, users retain ownership of their devices, but the organization retains ownership of all the corporate data. As straightforward and reasonable as that sounds, the opportunities for conflict abound. For example: Owning corporate data means that the IT department would have the right and the means to wipe an employee s misplaced smartphone to protect corporate data. But what if the only way to erase corporate data is by erasing an employee s music and the photos of her kids in the process? That s a harder call to make. A new category of mobile device management (MDM) tools is rapidly evolving to help organizations separate personal data from corporate data. However, for all the new tools that are available, coping with the rate of change that BYOD has loosed on the IT department can still be daunting. Best Practices The following set of best practices compiled by Frank Bogucanin and Mike Johnson of the Logicalis Customer Solutions Group condenses the critical issues into three areas, and provides some answers to the multitude of questions that BYOD raises for an organization. The BYOD trend has the most direct impact on the wireless networks that provide access for all of the new kinds of devices now entering the network. We ve only seen the beginning of this onslaught. Consider: By 2015 there will be 7.4 billion n devices in the market. * 7.7 billion new Wi-Fi (a/b/g/n) enabled devices will enter the market in the next five years. * 1.2 billion smartphones will enter the market over the next five years, about 40 percent of all handset shipments. * Smartphone adoption is growing at more than 50 percent annually. ** Currently 16 percent of mobile data is diverted to Wi-Fi; by 2015 this number will increase to 48 percent. * This year, more than 50 percent of network devices will ship without a wired port.*** Logicalis Cisco Practice Director Jim Dossias says the key thing to remember here is: You can t plug these things in, people! Now is the time to get your wireless networks ready for the demands that are headed your way with a force that can be truly transformational or disastrous depending on how well you prepare. The time to act is now. Source: * ABI Research, ** IDC, *** Morgan Stanley Market Trends

6 BYOD Best Practices 1. Prepare Your Network 2. Implement Security Architecture and Policies 3. Monitor and Manage Activity 1) Prepare Your Network Assess and potentially upgrade your wireless network to ensure it s capable of supporting additional bandwidth requirements of employeeowned mobile devices, to include adequate Quality of Service (QoS) controls for appropriate handling of critical traffic. 2) Implement Security Architecture and Policies Review your IT security policy to address noncompany-owned mobile assets, to include: Definition of the allowed types of devices and OSes Device and application ownership and management Data loss prevention and compliance considerations Develop a granular network access strategy to address mobile devices, to include: Assignment of privileges based on user, device, location and time of day Implementation of identity management and network admission control technologies that deliver device profiling, posture, assessment and/or remediation (i.e., Cisco ISE coupled with security elements of Cisco devices) Implementation of technologies for centralized authentication, authorization and accounting Use of content filtering technologies to enforce data loss prevention, threat prevention, acceptable use policies and general access control (i.e., Cisco s AnyConnect Mobile Security coupled with Cisco s Iron Port products) 3) Monitor and Manage Activity Implement a mobile device management (MDM) strategy that can provide complete provisioning, configuration, monitoring, and reporting for connecting BYOD mobile devices. (MDM products include FiberLink s Maas360, Tangoe s MDM, McAfee s EMM and Sybase s Afaria.) Implement centralized and comprehensive wireless management and monitoring tools that provide converged user access and identity management with complete visibility into endpoint connectivity regardless of device, network or location. Allow for the Unexpected Following the above best practices can give an IT department the confidence to turn and face the BYOD trend. When you are mapping out all the considerations that need policies and questions that need answers, however, leave a large territory open for the unexpected. Surprises are going to happen. This is where the ability to closely monitor and manage all activity is critical. If you can t anticipate the unexpected, at least you can see it when it happens and take appropriate action quickly. As scary as the invasion of smartphones into your data center may be for IT, a scarier thought is the world of shadow IT that enterprising users have found outside the protective firewall that surrounds your data center. Once users have access to their own technology, if IT doesn t keep up with their requests for a specific functionality, they can find tools on Google outside of the IT department s purvey that will. In fact, they probably already have. While many IT departments are reserving judgment on the cloud, end users are all over it. They ve been banking, shopping, video streaming, photo posting, calendaring and generally uplifting everything about themselves to somebody s cloud for years. You have to know that there are salespeople with your organization who back up their iphones and their Address Books which include personal and business contacts to icloud. Anxious to accommodate their customers, the temptation exists for a salesperson to open a DropBox account where he or she can post bids and contracts and other proprietary corporate data. And, to make it easy for them to access, of course, their customers will need to know the ID and password to login to an account that the IT department knows nothing about. The need to centralize the storage, backups and management of corporate data that is a key challenge of the BYOD trend is shared by a related trend in virtual desktop interface (VDI).

7 VDI promises to go beyond smartphones and tablets and once and for all replace the PC as the access device of choice. Cisco calls its approach to virtual desktops the virtual experience interface (VXI), to emphasize that the identity of the desktop is the variable X. The Cisco Cius tablet is its own contender for X. VDI is its own agent of change for the IT department. The trends are related but not overlapping. Totally Cool! You ve got to know that by allowing BYOD, however guardedly, into your IT strategy, you have opened the door to social networking, ubiquitous video and all the other cool things that smartphone-enabled end users can come up with; especially the so-called millennials who grew up with an expectation of doing things their own way with their own technology. BYOD is far more than , voic , IM and texting, notes Logicalis Vice President of the Cisco Practice Mark Kelly. It touches on all levels of communication and collaboration. IT pros who grew up with an expectation that corporate technology was something all users all had to do their way may take slight comfort from the prospect of the cascading innovation associated with the mobile technology industry. There is no putting this genie back in the bottle, regardless. But think of it this way: If IT professionals use their understanding of IT infrastructure to meet end users halfway and make it possible for them to bring their own cool devices to work, they have a very real opportunity to collaborate with their users on other creative ways to use technology to not only support the business but also to provide value. And that would be totally cool. The View from the CFO s Smartphone Forward-looking CFOs view BYOD as part of a larger trend of using communication and collaboration technology to enable organizations to become more responsive and more efficient. Below is a look at what BYOD looks like from the smartphone of one such CFO. I am a huge fan of the whole BYOD trend. From a financial perspective, it makes no sense to fight a trend that is going to happen regardless. At Logicalis, we ve taken a progressive stance on mobile devices. We believe people should be given freedom of choice on what works best for them. Yet this freedom comes with consequences and responsibilities that have to be ingrained in their DNA. I believe this is the direction in which the world is quickly evolving, particularly as younger people enter the workforce. I also believe you can spend time and energy trying to manage risk to zero in a very sterile IT environment, but the cost of that in dollars, efficiency and moral sacrifices, in my view, is typically not worth it. The challenge for IT, of course, is that if there is a security breach and customer information spills out over the Internet, then they have a massively bad day, and the company could be at severe risk. The IT department is paid to worry about that, and they will go out of their way to articulate the risks. That s their job. But I m also paid to manage risk as well as our assets namely our people and our bottom-line and I think of it holistically: Okay, you might be able to eliminate risks for IT, but then you might not have a company that is thriving and growing. It s a balancing act. Your policy has to reflect your company s risk tolerance. A lot depends on the nature of the data you have. Some organizations like healthcare, government or defense have to put more emphasis on security than others. Obviously, compliance is not optional. Do I think the trend will snowball? Absolutely! No doubt in my mind. You can t stop it. It s all linked together with telework and the increasing mobility of the modern worker. I think time and money is better spent educating your users about the risks that using their own devices pose to the organization and helping them understand how to keep those risks within acceptable limits. It s like teenagers and cars. You know they re going to drive them. You re better off showing them how to drive responsibly than trying to prevent them from getting in a car in the first place. Have I seen measurable increases in collaboration and productivity because of BYOD? I m seeing it. It s in my gut. It s anecdotal. What I want to see are hundreds of productive small interactions every day between employees and our customers adding up to a point or two or three on our bottom line.

8 Mark Kelly, Logicalis BYOD is far more than , voic , IM and texting. It touches on all levels of communication and collaboration. About Logicalis Logicalis is an international IT solutions and managed services provider with a breadth of knowledge and expertise in communications and collaboration; data center and cloud services; and managed services. Logicalis Group employs over 2,500 people worldwide, including highly trained service specialists who design, specify, deploy and manage complex ICT infrastructures to meet the needs of over 6,000 corporate and public sector customers. To achieve this, Logicalis maintains strong partnerships with technology leaders such as Cisco, HP, IBM and Microsoft. What can we do for your organization? Contact Logicalis to learn how we can help. Visit The Logicalis Group has annualized revenues of over $1 billion, from operations in the UK, US, Germany, South America and Asia Pacific, and is fast establishing itself as one of the leading IT and communications solution integrators, specializing in the areas of advanced technologies and services. The Logicalis Group is a division of Datatec Limited, listed on the Johannesburg and London AIM Stock Exchanges, with revenues of approximately $5 billion. For more information, visit Call Logicalis, Inc. Logicalis is a trademark of Logicalis, Inc. All other trademarks and registered trademarks are the property of the respective owners. 2/12