Most Companies Will Require You To Bring Your Own Mobile Device By 2017 381
Lucas123 writes "Half of all employers will require workers to supply their own mobile devices for work purposes by 2017, according to a new Gartner study. Enterprises that offer only corporately-owned smartphones or stipends to buy your own will soon become the exception to the rule in the next few years. As enterprise BYOD programs proliferate, 38% of companies expect to stop providing devices to workers by 2016 and let them use their own, according to a global survey of CIOs by Gartner. At the same time, security remains the top BYOD concern. 'What happens if you buy a device for an employee and they leave the job a month later? How are you going to settle up? Better to keep it simple. The employee owns the device, and the company helps to cover usage costs,' said David Willis, a distinguished analyst at Gartner."
and then your phone gets confiscated... (Score:2, Insightful)
...when it gets tied up in legal proceedings. This brings its own set of complications.
Just Say No to BYOD (Score:5, Insightful)
At my company there is a lot of internal chatter about BYOD, along with the security concerns (especially in terms of IP).
My stance: Just say no to BYOD. If my company deems it necessary for me to use a portable electronic device to perform my job, then either:
a) They supply it, and it remains company property, or
b) There is no option b
Re:Just Say No to BYOD (Score:5, Insightful)
Option b) is that it's my device and all that entails, I control it, not them. No different than my car, if I leave the company it's still mine. If something belonging to them is in the trunk, they can politely ask that it be returned, but they don't get a set of keys, or have permission to enter it.
If they don't like these terms, well... then its back to your option "a)"
BYOD is no different than using a personal car, or a breifcase, and having company documents in either.
Re:Don't bother getting ahold of me then (Score:5, Insightful)
1. Never accept counter offers - this means that your employer is not paying you what you're really worth, and means that you'll always have to threaten to leave to get paid a fair amount.
2. Never accept counter offers - it's just a method for them to change the timing of when you leave to something more convenient to them.
If more people had the guts to trust in their own abilities, we would all be better off.
Re:Just Say No to BYOD (Score:5, Insightful)
BYOD is no different than using a personal car, or a breifcase, and having company documents in either.
It's very different. There are regulations about how different classifications of data can be moved around and stored. You can have things on your phone that you can't have in a briefcase in your car. And there is more opportunity for a phone to be lost or stolen.
Usual nonsense (Score:5, Insightful)
1) Take a short and small trend.
2) Do a linear extrapolation that shows a ridiculous result.
3) ????
4) Profit
ObXKCD [xkcd.com]
Re:Just Say No to BYOD (Score:4, Insightful)
Re: Concientious objector (Score:2, Insightful)
Actually, they're refusing to hire you because you reject logic and science in favor of fearmongering and confirmation bias.
This BYOD stuff is just getting ridiculous. (Score:5, Insightful)
Re:So.... (Score:5, Insightful)
"I wouldn't worry about it. This will never happen at any company that has any concern about security."
Besides that: if they want me to use my own hardware, they can damned well pay me for it.
I'm not going to erase (or endanger!) my personal software and files for the purpose of someone else's company, and as far as I am concerned, equipment works the same as simply showing up. That is: if they want me to be there, they can pay me for the time I am there. If they want the use of my equipment, they can pay for the use of it. Or they can buy their own. They aren't going to get it both ways.
Re: Yeah, right. (Score:4, Insightful)
Exactly. My company doesn't "technically" allow BYOD (though I imagine that enough pressure from users with the magic "Vice President" in their title will eventually change that), but even so I could totally use my phone. I have a work-provided device which uses ActiveSync, and nobody would ever really know I set my own phone up to receive company mail if I didn't tell them.
But fuck that. Using a separate device for work means that when I'm not on call or otherwise required to be available, I leave it at home and nobody can even attempt to reach me. My direct boss has my personal number for emergencies that might come up, but nobody else. I would never consider giving up the work/life separation that using two different devices affords. I work 40 hours a week, not 168.
Re:So.... (Score:5, Insightful)
If it's my device that I paid for, I *don't* want to connect to work resources. Fuck that. My device, my number, none of your business.
Re:So.... (Score:5, Insightful)
I'm as big a fan of the iPhone as anyone, but the tools you mention don't work for BYOD. They're great for company owned and managed devices. But it's not "Your Own Device" if you're letting someone else control it with those profiles or activesync connections. If I've paid for hardware with my own money, it's mine... period, full stop. No one else gets admin, root, remote-wipe, find my iPhone, or whatever privileges but me.
I'd allow a company-controlled encrypted partition or something. But *I* retain control of *my* device as a whole. Apple's tools don't yet allow such a solution.
Re:So.... (Score:5, Insightful)
I expect to get the living hell modded out of me when I say the iPhone has been a secure platform for BYOD for awhile now (I don't remember if it's the 3GS or 4 where security was tightened up). Besides the Configurator, something as humble as ActiveSync can manage them. Same goes for many of the latest Android devices. The point is it's easy to natively get strong security on a mobile device. How good it meets your needs depends on your needs.
If you let company admin access to lock and wipe your device, control what apps you install and use - like fx very insecure data-syncing services like icloud/dropbox, etc. then it is not really your personal BYOD device anymore, it is a company device. If you don't have this, the device is not company secure (it doesn't help enforcing local device encryption and password policies to prevent access to company data if you are leaking same company data to highly insecure consumer cloud services or in other ways setting up and using your phone in an insecure way).
As several others have said on the thread already, the answer for BYOD security is that the phone needs to be running a controlled separate/virtual environment for the company that is completely walled off from the personal part of your phone.
Re:So.... (Score:5, Insightful)
That's exactly the point, and that's how it's being sold. From my companies boss, he wants to give everybody a stipend for "a device" load up Citrix and said lockdown for company days, then let them do whatever they want.
So basically his version of BYOD is letting you use "any"device but the company is still going to tell YOU what to do with it. Extend that to the cheap-ass employers that will just expect you to bring your OWN PAID FOR device in and bastard IT people that wipe YOUR data whenever the boss says.
It's a whole "bag of hurt" for legal reasons as well. Jailbreaking, personal medical or legal data, not to mention music or media (and porn) all being carried around the workplace all day. It's an HR nightmare! I have just enough ODD to put clopping fan service as a screensaver just to piss one of those chea ass bosses off.
Re:So.... (Score:5, Insightful)
Yeah, exactly. I'm on Android, and within the last year our standard connection to our work Exchange server required me to accept some basic management settings (remote wiping included) just to be able to pull my mail down, no extra software needed.
You shouldn't have signed away your rights like that. Maybe you are comfortable giving your employer access to all the data on your phone, including photos, passwords and everything else. Most people probably would think the pictures you took in Vegas aren't any of your employer's business. Out of curiousity, if you change those basic management settings, does your email still work? If not, then something more than just settings was done to your phone, maybe software was installed remotely?
Personally, if my employer feels I need access to email or to be reached 24/7, it is their responsibility to provide the means for that. They do not have the right to takeover my personal property or data just because I work there. Put differently, if there is a business reason for them needing me to receive emails/texts/calls outside of normal working hours, then they should provide a business solution. If I want to do it for my own convenience on my own device, well, then I would have to weigh the convenience against all the privacy issues involved.