Bring Your Own Network (BYON)? – the ‘red line’ for support?
I recently wrote about what I see as the positive aspects of Bring Your Own Device (BYOD). But with Bring Your Own Network (BYON), I have a bit of a problem. Is it another example of highly motivated staff wanting to do a better job, or a mechanism for corporate network infection and/or espionage?
BYOD, in my opinion, means that whilst the support team do not have control of the device, they do have control of the information/malware going to/from it. BYON circumvents that. BYON fits the category of helping people to do a better job, but it also is akin to leaving the back door of your house open for the dog to get to the garden, whilst locking and bolting the front door.
My fabulous (throwing in a nice adjective in case she is reading this) boss Sarah Lahav, recently wrote an article entitled: Bring your Own network: the next BYOD? And I agree with the majority of her sentiments, I don’t see BYOD and BYON as separate subjects. It can be argued that BYON is becoming relevant because companies have not got their BYOD ‘act’ together. I am not against BYON. As I stated when I wrote about BYOD, if employees find that corporate systems (PCs, connectivity, applications etc.) stop, or slow them from doing their work, they are going to find a way around it by using the technology they understand and have control of. If they have mobile hotspot device that lets them access sites the organization has blocked, or as is often so true, provides better internet bandwidth, they are going to use it, and potentially defeat all the security arrangements that organizations have set up to support BYOD.
Secure BYOD requires the organization to manage the network connections to devices and to applications/services. To have control of not only what comes in; to protect from viruses, Trojans etc. etc. (and sadly etc.) but also what goes out. Industrial espionage and the ‘leaking’ of information has always been there, but in the age of electronic communication, it has been increasing in both volume and speed.
So how should an organization deal with BYON? As the phrase goes, ‘don’t throw the baby out with the bathwater’ (or at least I hope that’s the phrase, I’m sure I heard Stephen Mann or Ken Gonzalez or someone cool like that throw it out at a conference), and don’t dismiss the first employee who sets up her or his own WiFi hotspot.
There will be two principal reasons why the person has done it:
1. To see if they can (it is a new bit of kit, that they bought with their own money and want to show off), and
2. The person believes they need to do it because the corporate network does not allow them to access what they believe they require to do to get their job done.
The former can be ‘brushed off’ with a warning, which is likely to be accepted (but do monitor and address any future incidences). The latter is a point for engagement with the employee, to understand why they think they need the hotspot and address the potential gaps in the corporate infrastructure it has exposed.
BYON and ITSM
From an IT service management (ITSM) perspective, BYON raises many challenges, not least how do you monitor/detect BYON activity? Furthermore what is the response to a customer who asks for support on their device, when you believe that they are only trying to do a better job, and not bring down the company? And who makes that judgement?
Most importantly, and as expressed in the previous blog, organizations need to ‘get their act together’ on BYOD, with a clearly communicated strategy, not only for the support team, but most importantly for the customers.
I think the jury is still out on this one, and as time goes by, and we experience more of BYOD/BYON I will have to write more on this. I hope that in the meantime you are Bringing Your Own Advice (BYOA) to your organisation.
What do you think about BYON, and BYOD for that matter?
Posted by Joe the IT Guy