20 Comments

Summary:

Enterprises unnerved by the bring-your-own-device movement that many had promoted are now trying to lock down employees’ own devices for security purposes. The unintended consequence is that many of those employees, frustrated by these restrictions, just use unsanctioned devices instead.

5494648046_d10fb0d857_z

Enterprises unnerved by the bring-your-own-device movement in which they encouraged employees to use personal devices at work, are now angering workers by trying to lock down those very devices.

According to new research from Forrester, the unintended, but entirely predictable, consequence is that many of those frustrated employees just turn to new, unsanctioned devices instead.

After surveying 5,102 business users for its “Five Steps to a Successful BYOC Program” (Forrester prefers the term “computer” to “device”), here’s what Forrester has to say:

Today’s workers often need more than the locked-down corporate PC’s and are spending an average of $1,253 annually of their own money on computers to do their jobs. … Yet the same survey reveals that only 12% of firms encourage those who do so, with the rest actively discouraging it – and some even penalizing employees. The mismatch between employee needs and IT’s position is obvious, but few organizations are adequately prepared to change course.

The examples of this tactic are piling up. IBM, for example, disables Siri in employees’ iPhones and forbids the use of Dropbox, the wildly popular cloud-based file storage, sync and sharing service. That raises interesting questions in the cloud computing era, where users can tap consumer-oriented services from their personal phones and laptops that may be verboten in the corporate context. It’s the very definition of shadow IT.

Shadow IT: not necessarily a bad thing

Often, workers have much better technology at home than they do at work. For example, Forrester found that more than half of the businesses surveyed still run 11-year old Windows XP on their PCs. The question then is: Which would you use, that moldy PC or your shiny new iPhone? I rest my case.

And even if you have a modern PC at work but it can’t access your Dropbox account, would you stop using Dropbox? Not likely.

Forrester analyst David Johnson, blogged about the topic here, and reinforces what most of us already intuit:

When the tools a person depends on for their job belong to them, we often can observe 3 things: 1) They will buy tools that align best with their own strengths and help them do the best work they can, 2) They will generally select good quality tools given the choice, because they don’t have time to waste dealing with cheap ones that break, and 3) They buy them from companies who stand behind them and will pay more to get better service. In their world, as in ours, time is money.

As another data point: a survey of 4,000 business users by cloud-based storage and file sharing company SkyDox, found that nearly two-thirds (60 percent) of respondents use free file-sharing apps and of those more than half (55 percent) do so without informing IT.

So what to do? Forrester recommends that IT staffs be encouraged to stop fighting the rank-and-file and really learn about the tools they want to use and, where possible, facilitate rather than fight that use.

And, where security and compliance are a concern, IT should investigate the use of virtual desktop technologies and other options to provide a standard Windows environment without requiring a corporate PC.  That would give users access to secure corporate applications that are easily managed, patched and updated, while also allowing them to use their device of choice for both work and personal tasks.

Photo courtesy of Flickr user DieZBW.

You’re subscribed! If you like, you can update your settings

  1. I would be more than happy to buy whatever I needed to do my job. The corporate bricks are underpowered garbage. I make what my laptop costs in a day, and slowing me down is a rather poor use of resources. Alas, that is exactly what IT does.

    It is absolutely bizarre. Let’s not even get into our HR systems.

    Share
    1. i think a lot of people agree with you (altho probably not many make enough to pay for their laptop in a day) It would be interesting to know how many people now use the Apple store as their IT shop.

      Share
    2. Todd Martin Friday, June 8, 2012

      I work in IT. It isn’t IT’s fault. Blame the executives who refuse to fund what IT does, continuously cuts back and outsources the departments and still demands the same performance and productivity.

      People can’t have it both ways. If you want a solid IT department you have to pay for it.

      Share
      1. Jean-Francois Desjardins Friday, June 8, 2012

        Todd, I as well for the I.T. Dept for my company…..I agree with you 100%!

        Share
      2. “IT staffs be encouraged to stop fighting the rank-and-file and really learn about the tools they want to use and, where possible, facilitate rather than fight that use.”

        This takes time. Time that (in my experience), many IT departments just do not have. I’m in the same boat – we use old tech in our cubes just like the rest, so I Fully understand the complaints. None of that changes the fact that we don’t have time to waste tracking down the particulars of every hardware and software desire of every user that wants to use their own tools.

        I’m not saying it wouldn’t be great – I’m just saying, this costs Money, that the corp execs just don’t want to spend, and I’m damn sure not gonna waste my time doing it (researching your tool-needs), when I’m already juggling the workload of 3, due to cutbacks.

        Share
      3. IT is understaffed and overworked, i agree. Didn’t mean to cast aspersions… the iPad, iphone onslaught started with c-level execs and went from there, no? And, no, no one wants to pay for anything, true that.

        Share
      4. Matthew Arthur Riley Sunday, July 1, 2012

        Amen, Todd. As one of the outsourced Service Desk Techs, I can tell you that it takes so long for information… about everything… to percolate down to our level, we are constantly at an information deficit. We also have about ZERO impact on improving process and procedures to make getting IT help easy, fast and efficient for our customers.
        As agents, we are working with creaky, out of date ticketing and tracking systems that have seen no significant upgrade for a decade. Our company marketing materials boast of “state of the art tools”. Yeah, state of the art as of 1999, maybe.
        IT support is a horror, for customers AND the agents that serve them.

        Share
  2. This article was written from the perspective of what the author wants, and doesn’t seem to take into account WHY these things are blocked in the first place. I work as a systems admin for numerous financial organizations. I can fully understand why things like DropBox are locked down. There’s a ridiculous amount of sensitive information on these networks (both corporate and personal). IT needs to block things like that to make sure that information isn’t being leaked out both deliberately and unintentionally. I like these devices and services as much as the next person, but an article like this just makes the end user upset with IT, rather than explaining why such services are locked down.

    Furthermore, this Forrester analyst group doesn’t seem to know one iota about people who work in IT. To say that IT needs to learn about the tools end users want is ridiculous. First off, it’s not like people in IT don’t know what DropBox is, or what an iPhone does. Secondly, the tools that are provided for end users are provided because they are (hopefully!) tested to work. Case in point, I have a number of Banking execs that want to use iPads. The problem is that the banking apps they use day to day are written for Windows and don’t work on iPads. Again, this article seems to blame IT for this, yet we have nothing to do with it. No one at our company writes the software they use, but apparently we’re a bunch of jerks because we can’t their iPad to work with it? Please.

    Share
    1. Amen to that.. 100% agree with you as you’ll see from my comment later..

      Share
    2. Amen to that.. 100% agree with you as you’ll see from my comment later..

      Share
    3. If you don’t trust your employees, you need to fire them. Simple as that. Its education that is needed, not iron fisted rules and barricades. If they really want to leak sensitive data, its going to be leaked and there isn’t anything you can do about that.

      Share
    4. If you don’t trust your employees you need to fire them. Simple as that. Its education that is needed, not iron fisted barricades and road blocks. Your execs want to use banking apps on their iPads? Have you heard of citrix? Theres a great client. The author of the article is suggesting that IT departments get their heads out of the sand and look for solutions rather than saying it can’t be done. I know far more about what kinds of tools I need to do my job than any single person in my IT department. Fortunately I work at a forward thinking company that has figured out that their employees aren’t so dumb after all.

      Share
  3. I work for our IT department as the supervisor, and we don’t typically discourage use of personal devices, HOWEVER the caveat with this is that users are constantly demanding that IT support their devices and personal software. If someone brings me their dropbox account that has problems with it, that’s fine, I can help them, but if they bring me their off the wall piece of software programmed by a single man in New Zealand then I have a problem with that. Or they infect their personal computer with massive malware and expect me to clean it with absolutely 0 administrative access to the system.

    Share
    1. for the IT folks who responded to this post — i’d like to do a counterpoint story. If you want to chat send mail to me at barb dot darrow at you know where.

      Share
  4. Mike Rimmer Friday, June 8, 2012

    I’m a IT help desk crewleader in British Columbia, an additional issue we have is privacy issues. We by law are not allowed to store city data on a server that is not located in Canada. Due to the nature of most clouds being stored in the US we cannot allow our users to use dropbox, google docs, iCloud, amazon storage etc. Also we are a small shop and do not have access to all the devices your average worker might want to bring to work. We cannot help the user if we don’t know the device they are bringing thru the doors. So in order to give good service to the user and be able to fix their issues fast there has to be some standardization on equipment / software that is used in the workplace, otherwise you will have pure chaos. IT is there to help you get your job done, but we are also there to protect the user from themselves and protect the corporations interests.

    Share
    1. Barb Darrow Sunday, June 10, 2012

      so Mike, does this mean your workers are not using Dropbox and etc or just that they figure out end-runs around restrictions?

      Share
      1. Mike Rimmer Monday, June 11, 2012

        I’m sure users out there are using the software, soon though we will have to crack down and tighten up our security.

        Share
  5. Christine Fok Saturday, June 9, 2012

    Neither IT nor consumer is at fault. BYOD inherently requires a two-way conversation between IT & end user in order to meet their different but often times conflicting needs. Problem with traditional MDM strategies are that they attempt to control the entire device, even though it’s the user’s own property. However there are also new solutions out there like Enterproid’s Divide platform which creates a separate, secure work profile on the device. This allows IT to mandate the security desired for all work-related usage of the device, but still allows end users to maintain control and privacy of their personal apps and data.

    Share
  6. Reblogged this on projectzme and commented:
    I’d like to put the IT departments perspective on this story, because although I understand the comments written here it’s not quite that easy.

    Forrester recommend that IT staffs be encouraged to learn what tools the staff want to use and facilitate their use..
    Ok, lets take Dropbox, or Skydrive, or Google Drive, or Box.net, or any one of 20 or so similar systems where staff can hold company data, potentially restricted in the cloud, a space this week publicly shown as been not the best place to hold anything (6.5M Passwords leaked at Linkedin and issues at Last.FM) Dropbox itself has been shown to leave the doors wide open, leak data and passwords. Just because someone wants to be using those nice cloud based apps doesn’t make them always viable.. Cloud based systems are also a great entrance for malicious software into a company, files shared around work colleagues and mobiles.

    Forrester also suggest virtual technologies to provide a good solid windows Environment. I’m not sure if Forrester have noticed that the world is in a recession ans while the IBM’s of the world can afford to do this to get a VMware or Citrix infrastructure in place is expensive. Sure this could be done off site in the “cloud” but again, security is not in your control. for many companies just staying afloat is a problem enough…

    Forrester have mentioned the potential cost savings however I belize long term this is a misnomer because yes your are saving on hardware costs however even if you relax the security, use the apps the second you install anything on an employees PC you like it or not become support for EVERY issue on that PC. That costs the time and money of your IT department, while they are explaining for the 2000th time that installing the IT App on the users iPhone didn’t stop Angry Birds working or introduce the keylogger on their PC the basic fact of the matter is you start using home PC’s for work, you end up supporting them. If the IT department usually standardises on a single PC make, it’s easier to support it, they will have images which contain the software a dept uses preloaded, bosh, problem solved, you can’t do that to the Sales Reps’s PC with 50,000photos also stored on it which have never been backed up.

    And as for the suggestion that some companies are still using XP being a bad thing, having seen users migrate from XP to 7 and Office 2003 to 2007 is not always pretty, more investment in training, ensuring EVERY person is using the updates software making sure spreadsheets, macros and presentations all work properly in the updated office or the accounts app works on the Windows 7 64 instead of XP 32 is important, takes time and you’d better believe if you don’t get EVERYTHING working as the IT department you are going to have no end of complaints. Complain as they might people don’t like change. They will sit there and tell you in the pre change meeting this is all good, they understand why, its a great idea.. it rarely is…
    A work PC is a tool to perform a task for a company, it is maintained and setup to do that task which in turn you are paid for. Software is used which allows people to perform that task and while upgrades and the cloud are pretty buzzwords, and i’m the first to agree there are some great commercial services out there, it’s in it’s infancy and needs proving from a corporate space. In todays business with so many entry points for malicious software into the system, data leakage out of it your data is important. Users prove time and time again that as a collective they are not to be trusted even the most tech savvy take shortcuts which put entire systems at risk.
    I would put this too you..
    In a world in recession, where keeping your job means more than it used to, with so much unemplyment out there, are you willing to risk your company’s data and IT system to a world where the iPhone is used, a cloud based system is put in place if it could mean that your company is hacked and you lose your job because someone in some department opens an exe which shows dancing cats? Or would you keep to using that same old kit, and have your pay turn up into your account each month?

    Share
  7. To really make this work we need to move corporate security policy from default allow to default deny. It’s the only way BYOD != Bring your own disaster. In a layered security approach based on default deny, it doesn’t matter what your users run, your network will be secure and individual host security becomes less important. A NAC that only allows communication from trusted applications is the first step… Enumerate the goodness, deny the rest, win.

    This way if a user wants to run their own personal app, it simply won’t work until you vet it and allow it.

    Share

Comments have been disabled for this post