Menu
Rise of “shadow IT", not BYOD, should be a concern for organisations: IBRS

Rise of “shadow IT", not BYOD, should be a concern for organisations: IBRS

Security analyst shares his view on MDM and how it fits in with BYOD

The entire MDM space is dead when it comes to the bring-your-own-device (BYOD) trend, according to IBRS security analyst, James Turner.

He made the claim during the launch of Kaspersky Endpoint Security for Business in Sydney, explaining that one can not claim to control something that one does not own.

“You have two ways of controlling the data, either by presenting it to the device via HTML5 or by having an encrypted container on the device,” Turner said.

“Either way, you don’t own the device.”

Instead, Turner said MDM is applicable for devices issued by the organisation.

To highlight this disparity, Turner referenced two organisation he dealt with recent, with 10,000 employees between the two of them.

Over the last 12 months, one organisation gave their employees a choice of Blackberry or iPhone.

After that time, Blackberry now only represents 40 per cent of their corporate fleet.

“The second one has been doing it for two years and did the same thing, though also gave the choice of Android,” Turner said.

“In this case, Blackberry represented only 10 per cent.”

Turner highlighted these two cases to show the massive appeal of the non-Blackberry devices among employees.

People who have been interested in these devices are already using them, a trend that Turner refers to as “shadow IT”.

“It is already happening, so organisations are not trying to reclaim control, they are catching up with what users are doing and then provide guard rails around that,” he said.

Field work

When data loss prevention (DLP) was a trend a few years ago, one of the scenarios Turner discussed with clients was how to stop someone from looking at their iPhone, taking a photo and sending it via their Gmail account, essentially passing the IT system.

In terms of gauging what IBRS’ client base is doing in terms of BYOD, Turner said it is already there.

“We talk about BYOD in the same sense of being hacked,” he said.

“Either you’ve been hacked or you’ve been hacked and don’t know it.”

Instead of BYOD, Turner prefers to call it bring-your-own-other-device (BYOOD), because there is a distinction between the gear the company has provided to an employee, and the actual tools used to get the job done.

Turner came to this conclusion after going out and talking to line managers across the field, conducting dozens of interviews with organisations spanning thousands of people, and talking to the staff about how they use the device.

As an example, Turned mentioned one organisation that received a call in the office from someone in the field, who then asked the employee for the information to be sent.

“The person in the field pulls out their iPhone, takes a photo and sends it as an MMS to the other person’s phone,” Turner said.

“That was sensitive information, and it was suddenly there on an outside communications channel that the IT department in the organisation has no record of whatsoever, as well as no ability to control it.”

Turner admits an incident such as this is nothing new, as he has spoken about this for years and it has “been around for as long as IT departments have,” notably with people plugging in their own wireless routers.

“It is the concept of the shadow IT department,” he said.

“That is what BYOOD is about, users out there in the field finding other ways to use technology, which has been consumerised, work for them.”

As such, the best thing an IT department can do is go out and start interviewing the line manager on the field, asking how they use the information and the devices.

“Everyone out there is using Gmail and Dropbox, so how can we provide you with the same capabilities and play catchup, and provide some method of control, which the organisation needs to keep track of what happens with their data,” Turner said.

Patrick Budmar covers consumer and enterprise technology breaking news for IDG Communications. Follow Patrick on Twitter at @patrick_budmar.

Follow Us

Join the ARN newsletter!

Error: Please check your email address.

Tags BYODIBRSiPhone

Upcoming

Slideshows

IN PICTURES: 2015 Microsoft Australia Partner Awards (+32 photos)

IN PICTURES: 2015 Microsoft Australia Partner Awards (+32 photos)

The achievements of Microsoft’s Australian partners over the past year have been recognised through a number of prestigious awards announced at the 2015 Microsoft Australia Partner Conference (APC) on the Gold Coast. The Microsoft Australia Partner Awards showcased partners delivering innovative solutions and services to customers, with many embracing Microsoft’s Cloud solutions. Awards were presented in 17 categories. The winners were chosen from more than 170 nominations. With more than 11,000 partners in Australia it was a competitive field. Photos by ARN Editor, ALLAN SWANN.

IN PICTURES: 2015 Microsoft Australia Partner Awards (+32 photos)
IN PICTURES: ESET Security launch Hobart (+26 photos)

IN PICTURES: ESET Security launch Hobart (+26 photos)

It was a good turnout for ESET’s Security launch event in Hobart, with over 25 partners from across the state turning out for the Slovakian security company’s first trip to the Apple Isle. Attendees enjoyed some fine local cheese and wine and saw presentations from ESET Australia managing director, Florin Vasile and business development manager, Edmund Li. Photos courtesy of Catalin Photography.

IN PICTURES: ESET Security launch Hobart (+26 photos)
IN PICTURES: Nutanix's .NEXT channel event in Sydney (+20 photos)

IN PICTURES: Nutanix's .NEXT channel event in Sydney (+20 photos)

Nutanix recently held its customer and channel event, .NEXT, in Sydney. The event, held at the Sheraton on the Park saw attendance from more than 150 channel and technology partners and customers. It was the first in a series of events Nutanix is holding in A/NZ in August and September, the objective of which is to brief partners and customers on “what’s next” in the design and management of datacentre technology.

IN PICTURES: Nutanix's .NEXT channel event in Sydney (+20 photos)

iasset.com is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Show Comments