A number of companies have adopted "bring your own devices" policies, allowing employees to bring their own computing devices to the office and use those devices for work. The policies have been applauded by some (generally the libertarians of the office who see freedom and the accountants of the office who see reduced corporate expenditures for equipment). "Bring your own devices" policies are generally criticized by the security and infrastructure support teams: one cannot lock down an employee's device to the same extent as company-owned equipment, and the larger number of devices is harder to configure for corporate use.
There is another aspect of "bring your own devices" policies, one that I see few people discussing. That aspect is the tie-in with cloud computing.
With a "bring your own devices" policy, the employer-employee relationship changes. With the tradition "company supplies all equipment" rules, the company owned all data and all equipment that held the data. Employees may be assigned computers, but the understanding was that the computer belonged to the company. A company could re-assign a computer, take it off-line for maintenance, and install upon it any software it wished. When an employee moved from one position to another, or from one department to another, or left the company, the equipment (and therefore the data stored on that equipment) stayed behind.
The rules for "bring your own devices" change that situation. When employees bring their own devices, the devices are their property, not the company's. The company cannot re-assign the device. When an employee is transferred from one department to another, or when they end their employment, their devices follow them -- they do not stay with the department or the company.
So what happens to the data stored on that device?
I suppose that some companies will implement policies that insist upon the deletion of data in such instances. They might be difficult to enforce, especially with less-than-friendly terminations of employment.
A better solution is to not store data on the device. Instead, store company data on company servers, and allow employees access to that data. When an employee moves from one department to another, change their access to allow for the new department's data (and remove access to the old department's data). If an employee leaves the organization, rescind their access.
I find this a more secure solution.
Cloud computing seems a natural fit for this solution. Small apps that allow access to data (but do not store the data locally) will let employees get the work done while maintaining the security of the data.
Perhaps "cloud" is not quite the proper solution here, since one may not need the scalability of cloud computing. Perhaps a better description would be "server-stored data and app-based access". But that's quite a mouthful and who would ever want to say all of that?
Regardless of what you call your solution, look at storing data on corporate servers and allowing access through "outside" (non-corporate-owned) devices. I expect that the division of labor will provide you with insight into the work being done within your company.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment