Cloud + BYOD = A Greater Need for Security

Seems that recently all of the articles are telling business owners to stop buying PC’s and let their employees buy them instead. I even saw that the AICPA (CPA’s association) was holding continuing education where the whole day was dedicated to BYOD (Bring Your Own Device) and Cloud. Of course if your dig into their credentials, the people giving the presentations were representing Cloud service providers so they aren’t unbiased and that’s really a problem because their advice isn’t complete; it’s one sided.

BYOD can be a good idea and it makes sense for some types of employees. We are definitely seeing that as the maturation of the information age comes upon us that the information worker is the new blue collar. There’s a history of blue collar workers preferring to work with their own tools (carpenters, electricians, plumbers) and then eventually being required to have their own set of tools in order to get a job in the first place. We are seeing the same pattern in the information age.

It started with smart phones but has now moved into laptops and oddly it’s actually the employees that want to use their own computer instead of yours. They think it will bring them more freedom to work the way they want to work and use the applications that they want to use. They also think that then you can’t tell them not to watch TV, listen to music or spend time shopping because it’s their computer. How you manage this new environment is really critical for your business and security becomes an even greater concern than it has previously.

There are many questions to be answered:

  • If there’s a problem with the employee owned computer and the employee isn’t productive at work because of it, what will you do?
  • If the employee owned computer is infected with malware and infects other employee computers, who will pay for the repairs?
  • If an employee uses their own applications for work and those are not licensed properly, who is liable?
  • If an employee uses their own application for work and those applications contain your data, how will you retrieve it when they leave your employment? Is there backup for that data?
  • If one employee uses software X and another uses software Y incompatibilities are introduced. What now?

Policies will need to be implemented. I suggested that you think about them and implement them well before you start allowing employee owned equipment into your business. There are new human resource issues, new security problems, new acceptable uses. We have a host of sample policies to help you get started.

Security will need to be redesigned. The network will need to be reconfigured. A balance needs to be struck between making employees productive on their own computers and protecting the corporate computers from any malware that they might bring in. We need to protect the ownership of your data too.

It’s a brave new computer network out there. One that can bring benefits but that has huge potholes of disaster waiting for those that don’t plan. We really don’t want to see any of our clients suffer so let’s make that plan before any problems occur.


Leave a comment

Your email address will not be published. Required fields are marked *