business 101

Shiny Toy Syndrome

Joe Dysart

While tech-enamored employees are prone to fawn over every new iThing smuggled into the workplace, IT security pros see something very different: a security breach waiting to happen. Many of these devices can slash gaping holes in business security systems, exposing business data and applications to hackers.

SECURITY BREACH

Alan Glazier, OD, FAAO, founder of Shady Grove Eye and Vision Care, takes no chances. Currently, smartphones and other mobile devices are by design locked out of Shady Grove's computer network. “There is no interface between the devices and our system, which is wired, and no docks that they could attach to that interface with the system,” Glazier says.

Adds Zeus Kerravala, principal, ZK Research: “Bring Your Own Device can be a double-edged sword for enterprise IT departments today. On one hand, there are great productivity gains to be had by enabling workers to use their own devices on the business network. On the other, provisioning, securing, and managing those devices is a nightmare.”

The reason? Eyecare centers are only able to safeguard their network when they know ahead of time what kind of devices will be logging into to their systems. Add a new smartphone on the sly and all of the center's carefully coded defenses can be shredded in an instant.

Even worse, the security tsunami created by unanticipated mobile gadgets is expected to grow in the coming year. These days, 48 percent of smartphones at the workplace are now chosen by employees, rather than employers, according to a December 2011 study released by market research firm Forrester. And at no time do those employees consult with the employer to determine if the company's computer pros can secure those phones.

“The consumerization of IT, sometimes called ‘Bring Your Own Device’ or BYOD, became one of the newer causes of data vulnerability in 2011,” echoes Mark Harris, a vice president at Sophos, which revealed details of the trend in its Security Threat Report, released earlier this year.

Meanwhile, security pros like those at Wisegate, an invitation-only social network for key players in IT security, also have special concerns about the widespread proliferation of unauthorized Android devices. “Wisegate members are leery of the Android application marketplace because it is too uncontrolled,” Wisegate researchers wrote in their 2012 report “Effective Bring our Own Device Strategies.” “Neither the developers nor the applications are screened and vetted. So it's very possible that applications could present a security risk.”

In addition, the blurring barrier between business and personal technology is causing more than a little hand-wringing when a smartphone or other device suddenly goes missing, and a business is forced to inform an employee that his or her entire device must be ‘wiped,’ or erased of all data. While most businesses ask employees to pre-approve such wiping in the case of device loss, Wisegate says such agreements sometimes don't hold up in court, even if the agreements are in writing.

Quick Tips

Talk to your staff about photos. With cameras on virtually every smartphone, eyecare centers need to clearly define what workers can and can't snap. You don't want images of products that are in development, company whiteboards, tradesecret work areas, and the like to end up on Facebook.

FOOTING THE BILL

Fortunately, some employers do find some solace in Shiny Toy Syndrome. According to Forrester, employees are so enthralled with their own smartphones that 48 percent are more than happy to pay the entire cost to bring that phone to work, as long as they can choose the exact model they want.

The same holds true for employees paying for voice and data plans. Forrester reports that 40 percent are willing to pay the entire monthly cost in exchange for personal choice.

“While there is no guarantee that every employee wants one phone for both work and personal use, it's clear from the data that a majority of U.S. information workers today are willing to share the cost,” says Ted Schadler, author of the Forrester report, “Consumerization Drives Smartphone Proliferation,” released in December 2011.

Even so, Glazier sees the proliferation of personal mobile devices in the workplace as a “net loss” and a temptation for unnecessary personal calls and texts.

“We have strict rules on use of mobile devices during the workday, and except for one employee who has six children, we make no exceptions,” Glazier says.

BOTTOM LINE

With the increasing number of employee-owned phones in the workplace—both authorized and unauthorized—security IT consultants say it's imperative for any company caught in the current to establish a crystal-clear, Bring Your Own Device Policy. EB

Joe Dysart is an Internet speaker and business consultant based in Manhattan.