To BYOD Or Not To BYOD: Is Your Own Business Secure?
Is Your VAR Business BYOD Ready?
Many VARs and MSPs spend their day managing their customers' devices, including employee-owned smartphones and tablets that have access to corporate information. But do those same solution providers have similar procedures in place for their own employees? CRN's Scott Campbell asked 10 executives at the N-able Global Partner Summit in Montreal if they have BYOD policies for employees and is it something they're looking at or have concerns about. Here's what they had to say.
Todd Bartlett
Senior Consultant, Practical Networks, Lower Southampton, Pa.
"A lot of folks are showing up with iPhones or Android [phones] and we give them access to e-mail and it's sort of an unmanaged situation. We haven't been struggling with it but [a more formal policy] is something I see huge value in."
Justin Homeyer
Project Manager, Centric Technology Services, Spring, Texas
"It's BYOD [within Centric]. We don't have any policies or restrictions. We haven't really [talked about it] but some of the presentations earlier [at N-able's Global Partner Summit], it's interesting. It may be something we look at more in the future."
Andrew Hunt
Managing Director, Kinetics Group Limited, Auckland, New Zealand
"What we've found in years gone by is that when we supplied gear it got damaged because it got [treated] pretty hard. [Employees are] going out to see clients. Laptops get a real beating. Many years ago, we actually changed our whole thinking around it. We said, 'We won't supply you laptops. We'll pay you a monthly allowance for you to bring your own laptop in.' We've been BYOD as a mandatory way of working way before BYOD was a term. It's worked out really well. Because all our data is provided to our guys, we've provided a secure system to deliver information to our engineers on-site. It's the same for smartphones too. It's just another device."
Alvin Myers
President and COO, United Systems, Oklahoma City, Okla.
"We really don't [have a BYOD policy] for ourselves. We have the ability to manage security based on credentials, people logging in. I'm not so worried about who brings what device in as long as they're being managed by the credentials with Active Directory. We can wipe it [if the device is lost]. We're also on the cusp of putting in some different management tools for the mobile devices that would make it much easier than it is today."
Nick Jarratt
Project Manager, Prototype: IT, Flower Mound, Texas
"We often treat our own staff and our own office as a customer of our own hosted environment. In order to better experience our customers' side, what we offer customers is what we operate ourselves. Our customer base is primarily BYOD, which means we can offer a limited amount of restrictions on them. It's employee-based devices. For the majority of our employees, it's the employee's device. I don't have a lot of ground to put on restrictions. I am investing putting some small restrictions on those kinds of users in order to protect the corporate data and to make stronger suggestions to my customers that it is corporate data and there could be a breach. In particular, because we're a hosted Exchange provider, it would be a breach for us as well. Their lack of security endangers my customers. It is something that's come up, particularly with N-able now offering MDM. We were initially thinking it wouldn't be useful for our particular customer set, but I think it might be useful for us."
Ted Warner
President, Connecting Point of Greeley, Greeley, Colo.
"I think we've struggled with this. We've pretty much just said to our technical team, it's an open shop, because they're the ones who end up managing it anyway. But what I'm learning is that we need to be much tighter. Just like we have an Internet usage policy from years ago, now we need to make sure we have a BYOD policy because of the proliferation of these devices. We have to have some kind of control. Also, we have to be examples for our clients too. They're going to say, 'Hey, what are you doing about this in your business?' We're generally the pacesetters for our clients, so we have to look at that."
Michael Dillon
Systems Engineer, Systems Plus Computers, Lebanon, N.H.
"Our company provides employees with iPhones. The company owns them but they pretty much let us treat them as our own. We manage them and put on what we want. It's nice to see there's options now for changing that and setting polices up. Companies should look at that. And we'll look more into doing that ourselves."
Bill Long
Vice President and COO, WebPoint IT Solutions, Rocky Mount, N.C.
"Our guys have the keys to the kingdom so they just come in and set their own iPhones, Droids, and connect to the network and start getting email. We've been looking at solutions that we can offer to secure our own network, but again, [our IT guys] have the passwords and stuff. Once we get the new N-able platform, we will definitely implement a strategy. Our data, in turn, has the keys to other customers' data, so absolutely it's something we're looking at. [There's been] no issues."
Mike Verner
Vice President of Central Services, All Covered, Foster City, Calif.
"It's one of the strategies that our CIO is working on. Our employees are accessing client information from our network through their employee laptops. A lot of what we do, if they're getting their email through a smart device, iPad or Android device, it is mainly through our Exchange server, which is all secure. You really don't access any of our client environments through a smartphone or tablet. It's mainly through their laptops."
Tracey Snow
Senior Technician, Go Networks, Toronto
"BYOD is encouraged [at Go Networks]. It's the most cost-effective way for us to get access to new technology. If I go out and buy a new [Samsung] Galaxy S3, I can start understanding how that's going to impact my clients. We've been very laissez faire about bring your own device. It's the fastest way to bring consumer technology into the channel. The concerns are we want to make sure they're managed correctly. We have a very restrictive policy on where our customer data resides. We're also a very small shop. It's not like we have thousands of users we have to worry about. It's always been the best learning tools we can provide to the entire organization."