September 06, 2012, 3:58 PM — It may be hard for some to just say no to the growing Bring Your Own Device (BYOD) crowd, but that was the initial reaction manager of information at certified public accounting firm Burr, Pilger, Mayer Anthony Peters had when senior executives starting purchasing iPhones, asking them to be supported.
But now almost two years later, with a BYOD policy in place, "the demand comes from everyone." Much the same thing is happening all across the country in manufacturing, government, healthcare, high-tech and in law offices as BYOD challenges traditional security and mobile-device management practices.
At Foley & Lardner LLP, the 600 or so attorneys there are offered the option of BYOD on a voluntary basis and with a subsidy to keep it "cost-neutral" to whatever corporate-issued device that BYOD is expected to replace, says Rick Varju, director of engineering and operations there. He says this "whole consumerization of IT craze" basically got rolling because the CIO there got an iPad.
But due to concerns about security and compliance, IT departments are making their own demands on BYOD users often asking them to agree to give IT control over their personal smartphones and tablets. They're requiring them to use corporate-issued management and security software to monitor or remote wipe and sign off to accepted practice in BYOD policies.
John Pironti, president of consulting firm IP Architects, who has advised security association ISACA on BYOD security issues, contends the legal questions are usually harder to answer than the technology ones.
"It's about liability," when it comes to corporate data at risk, Pironti says about BYOD. In some places, BYOD should be rejected because it's too big a risk, or it's deemed a violation of the user's privacy. Either way, he warns, don't think a personally-owned BYOD device won't be subject to regulatory-driven audits just like corporate devices.