Posey's Tips & Tricks

BYOD: Moving from the Exception to the Rule

Brien discusses how the BYOD movement may be leading towards IT requiring employees to bring their own personal devices to work.

• By Brien Posey
• 06/18/2013

One of the big trends in IT over the last couple of years has been bring your own device, or BYOD. As the name implies, the BYOD trend was started by users who wanted to access corporate resources through their own personal computing devices. Recently, however, it seems as though the BYOD trend may be starting to evolve.

One of the ways that BYOD is evolving is in how common it is today. Just a few years ago, BYOD was way outside the norm. When a user would request access from a personal device, network administrators would typically try to find any reason that they could to deny the request. It wasn't necessarily that the IT department wanted to keep the users down. It was more a matter of trying to avoid supportability and security issues. Today, however, BYOD has become commonplace in many enterprises. In fact, I recently saw a survey (I wish that I could remember where I saw it) in which eighty something percent of those surveyed who were in their twenties viewed BYOD as a right rather than a privilege.

Although many organizations now embrace the BYOD trend, some have actually begun taking things to the extreme. In the last week I have heard of two different organizations that have made the decision to only support BYOD. These organizations no longer provide desktop PCs, tablets, laptops, or smartphones to their employees. Instead, the organizations are requiring users to provide their own computing devices.

I will be the first to admit that this seems like a really despicable way for those organizations to save a few bucks, but over time it could end up becoming the new norm. After all, there are plenty of other professions in which employees must provide their own equipment. For instance, mechanics generally use their own tools and hair dressers use their own brushes, clippers, etc.

If you still think that the idea that making users provide their own computing devices could become the new norm is crazy then here is something to consider: Throughout history there have been lots of really outlandish things that companies have tried in order to save money, and some of the ones that were considered to be the most absurd at the time have become acceptable practices. For example, when the airlines first decided to start charging for checked bags everybody thought that they were nuts. Yet nearly a decade later the practice is more widespread than ever.

My point is that BYOD is not going away any time soon, so as IT professionals we should embrace the trend, while also looking for ways to make BYOD more practical and secure. 

At first the phrase BYOD security sounds like an oxymoron. After all, how can a connection from an untrusted and unmanaged device ever be made secure? When I really stopped and thought about that question, I began to realize that the concept of BYOD security really isn't that different from a similar security paradox that occurred over a decade ago.

Back in the late 1990s wireless networking became the disruptive technology of the moment. Wireless networking held great potential, but the security risks simply could not be ignored. After all, how could an organization ever trust a connection that was made through an untrusted medium (a wireless network)? A lot of people said that wireless networking was doomed to failure because the security risks could not be circumvented. Eventually however, companies began to realize that they could encrypt wireless sessions and use VPNs to authenticate wireless users. In fact, so much work has been done on WiFi security that a well-hardened WiFi network is actually far more secure than a lot of wired networks.

I think that the same thing will eventually happen with BYOD. Ever since the days of Windows NT Server, Microsoft networks have used a domain authentication model to verify user and device identities and to apply policies that are based on those identities. Although this concept has worked for quite some time, the domain model is outdated. Thankfully, Microsoft seems to realize this and is introducing the concept of workplace joins as a next generation alternative to domain joins. Workplaces should make it a lot easier for Windows administrators to support BYOD.