Bring Your Own Device (BYOD): Is BYOD Bad for Your Company?

Microsoft Surface RT Tablet

Microsoft Surface RT Tablet

Until recently when we thought of computing devices, we usually thought of PCs and laptops. Today, with tablets and smart phones selling in the millions on opening weekend, we have a very different picture of what a computing device is.

If you’re not familiar with it, BYOD (Bring Your Own Device) is the idea of using a consumer computing device (such as an iPad or Surface RT tablet) to get work done, either in the office, at home, or on the road. Most of these devices were not designed to “get work done”, but instead to consume content (ex: checking email, reading news websites/apps, etc.). These devices are not managed, and may not have even the most basic security features enabled. This can spell disaster for any corporate network.

Let’s say an employee is using an Android tablet, infected with a virus, to make some changes to an Excel spreadsheet over the weekend. When the employee connects that tablet to the wireless company network on Monday morning, he/she could potentially not just spread the virus to other users, but also infect the servers hosting those users.

Here’s another example. An executive downloads several reports and documents (containing sensitive client information) to an un-managed tablet. If the tablet is lost or stolen, there is no way to ensure the information is secure.

These are just two examples, but if you think about it, I’m sure you can come up with dozens more pertaining to your corporate environment. When thinking about IT security we must plan for the worst possible scenario and expect the unexpected.

RDP/Terminal servers

Remote Desktop Services (also known as Terminal Services) has been around for a very long time. The concept is that an end-user connects to a desktop on a server. In this scenario all applications and data are actually stored on the server and not on the end-user’s device. The only things that are passed between the end-user’s device and the remote desktop server are screen changes and keystrokes. By the way this can almost always be highly encrypted to help ensure security when connecting from insecure locations (such as public WiFi hotspots).

Microsoft Intune to manage devices

Microsoft Windows Intune is a cloud based central management solution for small businesses. It allows for centralized management of clients by utilizing: remote control, anti-virus, patch management, and even software deployment. This monthly subscription even comes with a license to upgrade all workstations to Windows Enterprise client. The latest iteration of Intune also gives us the ability to manage certain mobile devices, including the ability to remotely wipe the devices if lost.

GFI VIPRE Business Premium 6 Now Supporting iOS and Android

GFI’s VIPRE Business Antivirus 6 Premium was released within the past month. This new version of this enterprise class anti-malware software now provides protection for iOS and Android devices. Not only can you ensure these devices are clean from infection, but if lost can also be wiped from the central console. There are also some other neat features such as the ability to view a map of the last known location of the device, and sound an alarm to find it if misplaced.

Office 365 remote wipe

The latest version of VIPRE offers some pretty nice protection for iOS and Android users, but what if you’re using Windows Phone 7.x? Well, if you happen to be using Office 365 for your corporate email, then you automatically have support to remotely wipe any Windows Phone connected to an end-user’s Exchange Online account. When used it completely wipes all memory on the phone and sets it back to an “Out of Box” experience. I have personally used this feature a couple of times and can vouch for its effectiveness.

Keep data in the Cloud Instead of on your device

Once you have protected your consumer computing devices from malware, you now have to worry about the security of your corporate data. What happens if the device is lost or stolen. We already talked about remotely wiping the device using Office 365 and VIPRE Business, but what if a thief disables the communications for the stolen device? Now they have access to the devices’ memory by using a simple USB cable. An easy solution to this is to not store the data on the device in the first place. Services such as SkyDrive and SharePoint Online (also part of Office 365 or separately) allow data to be stored in the cloud, and only downloaded when needed for editing. When done editing, the changes are synced back to the cloud.

If you’re not familiar with it, SkyDrive Pro is the corporate version of SkyDrive, but includes central management for users and folders, and is based on the same technology as SharePoint Online.

No matter which methods you use to secure your BYOD devices, it is always suggested to encrypt the device or drive whenever possible.

Robert Borges

About Robert...

I have been in the IT industry since 1993 focusing mainly on networking. Though I got an early start as an amateur computer enthusiast and wrote my first database app at age 12, I started my professional career working in the MIS department of one of the largest liquor distributors in the northeast. I started out there as a systems operator on the company’s two mainframe systems. From there I moved into PC support, and help design and implement the company’s first client-server network… This was back in the days of Win NT 3.51 when I worked on my first migration to Windows NT 4.0 server.

From there I went on to work with Novell 3.x and 4.x along with Windows domains and Microsft's brand new Active Directory. Working my way up from technician to specialist, to an administrator, and eventually all the way up to Sr. Engineer. I spent many years working for MSPs/consulting firms, 9 of which I owned and operated my own firm.

Over the years, I have worked with (at an expert level) various versions of Windows client and server operating systems (including Windows 11 and Windows Server 2019); various virtualization technologies (Hyper-V, VMware, etc.); MS-SQL server 6.5- 2014 R2; Exchange 4-2019, and much more.  Over the years I have built a lot of experience around the Microsoft Azure and Microsoft 365 cloud environments.

I am now CTO at Infused Innovations where our team is focusing on helping clients build a Secure Intelligent Workplace through InfoSec (Zero Trusts Framework), Modern Workplace, and Business Intelligence.

I have been heavily involved in the IT user group community, including serving as president of the board of Boston User Groups, Inc., and president of IT-Pro User Group. In 2017/2018 Microsoft awarded me the Microsoft MVP (Most Valuable Professional) Award, with a focus of Microsoft Azure cloud, for my efforts in the IT community.

I am in a constant state of learning about new products, and new versions of products. Many of which we end up implementing in lab environments and sometimes for our clients. I have a very broad range of expertise and experience. It is my goal to share some of this experience on this blog to help enrich the IT community.

Permanent link to this article: https://www.robertborges.us/2012/11/cloud-computing/bring-your-own-device-byod-is-byod-bad-for-your-company/

1 ping

  1. […] in 2012, I wrote a post Bring Your Own Device (BYOD): Is BYOD Bad for Your Company? based on the commonly available technology at the time.  Now that nearly 6 years have passed, […]

Leave a Reply