Solving the Byod Problem for the Enterprise Essay Example for Free

Solving the Byod Problem for the Enterprise EssayIntroduction Enterprise computing, as we know it, is facing a dimensional shift with the widespread diffusion of the BYOD (Bring Your Own Device) phenomenon. BYOD is the latest trend hitting businesses where employees argon bringing their own personal mobile eddys. Some of these devices let in smartphones and tablets which be brought into their place of lend, and used on the bodied network for purposes such as accessing files, email servers, and databases. Over the past few years, employees in many arrangings argon bringing their own personal devices to the work environment to handle business needs. With employees using their own devices, CIOs and IT departments across the nation atomic number 18 frantically trying to pass up with their employees by ensuring their networks are safe and fix. There is no doubting mobile devices gull taking e precisewhere a big part of our lives. These devices rifle with us wherever we go while always universe within a short reach away. People are beginning to realize the avail of getting work done from their own mobile devices.With this trend go-aheads are in need of a polity for employees bringing their own devices to work. Although a relaxed BYOD polity depose offer an validation many benefits, it tends to be a double edged sword. A lax form _or_ system of government leaves sensitive data vulnerable an to a fault strict one stifles employees trust relationship with their employer. A balance moldiness be struck between offering employees a pleasant and enjoyable work environment and maintaining the security of free-spokening move data. As the expectations of workspace personnel evolve, brass leaders must find ways to adapt and overcome the challenges that arise when corporate goal has a conflict with social standards and consumer trends. Management must consider the potential detriment to the workforce morale and how this could ultimately result in pr oductivity loss.This is diaphanous in the current 90% of employers who have chosen to allow personal devices at work with little or no precautions (Miller, Voas, and Hurlburt, 2012). Most workers consider themselves, not the order, to be responsible for the personal devices they use for work purposes. This all begs the question, how should an organization go about implementing a BYOD policy? Which policy corporation best correspond a particular type of business? Should organization leaders place priority on protecting its data as clubs, or must they protect the wellness of their workers? If the latter is chosen, what compromises must employees be expected to make to ensure a necessary, minimal level of security is in place?These are all the major(ip) questions IT departments are seeking answers for when providing a BYOD environment. This research paper testament provide a working outline with the correct steps needed for the development transition for a BYOD work environment. The paper allow touch upon key subjects addressing the careful decisions that must be made in order to set up the appropriate policies. An organizations main goal is making certain your business has both a safe and secure network while keeping the employees satisfied.II. get word Issues. The key issues for the performance of BYOD involve five main areas. The main areas are deal, planning, practicement of technology, assessment and execution. The first main area, people, involves how management must communicate with the endeavours employees, provide leadership and proper brass section. The second area, planning, management must provide a plan to implement BYOD into the enterprise that aligns with the business, communicates the IT strategy to the business and provides run low quality examine. The third area, management of technology, IT management should provide a flexible and standard BYOD policy for employees. The fourth area, assessment, management should provide a way to heartbeat risk, eliminate risk and provide a sufficient audit of the BYOD policy. Lastly, execution of the BYOD policy should provide an implementation that coincides with the needs of the other key issues.III.Models and fashion models. Models and frameworks provide the expertness to analyze, a structured set of essential components of an object for which clear expressions is necessary and perhaps even mandatory for creating, operating, and changing the object (Zachman, 2008). The object is the enterprise and the dexterity to implement any new business policy requires structure from models and frameworks. The models and frameworks that relate to providing structure in implementing BYOD are the Zachman Framework, Rogers Diffusion of Innovation Theory, gamble IT framework and Val IT Framework. The Zachman Framework is the foundation for computer architecture of any kind and enterprises that are growing in complexity can be represented with the Zachman Framework. With bring your ow n device the enterprise architecture of an organization will need to convert to fit with the architecture change that BYOD brings. The two columns from the Zachman Framework that BYOD will affect is the Where and Who columns.The Where column involves the network and how the dust of an enterprise will change in regard to BYOD. The technology will need to be provided by or to employees that will change the architecture of an enterprise. The governing body will be with employees everywhere which means the business will be with employees everywhere they go. Leaving the business in a more vulnerable put up that may create the loss of important data, which will increase the need for employees to be more responsible. The Who column needs to interact with the Where column that provides a distributed strategy that will requireResponsibility from the organizations employees. The business role of the employees device will need to have itemations, be defined and represented. The devise p erspective will need to define for the devices role for both the device and employee. The architect perspective will need to define the potential locations for the system and where it can reach. With a clearly defined system role for the devices themselves the business management perspective should focus on how the devices are defined for the employees. To implement BYOD the enterprise will need to focus on those columns of the Zachman Framework. While the Zachman Framework provides the structure organizations will need the Rogers Diffusion of Innovation Theory provides aspects of alteration that will help cat business policies that should increase the ability of BYOD to be implement. Rogers Diffusion of Innovation Theory provides four theory elements.The four theory elements are the innovation, communication, time and social system. The innovation does not need to be new in terms of being recently developed, it only needs to be new to the person or organization that is adopting and implementing it (Lundblad, 2003). The theory continues that there are five parts to the innovation that increase rate of implementation as each of these characters increase. The five characteristics of the innovation are coition advantage, compatibility, complexity, trialability, and observability (Rogers, 1995) (Lundblad, 2003). Relative advantage is a perceived improvement over the current status.To implement BYOD their needs to be a perceived improvement according to the employees view. Planning the implementation of BYOD will help make sure the improvement is seen and the employees will accept the innovation. The characteristic, Compatibility measures how well the innovation aligns with organization. Implementing the system in line with the organization with good understanding of the business will increase the compatibility and make the implementation possible. The next characteristic is complexity which is the measure of ease of use. Knowing the end users of the implement ation and what they want in a BYOD implementation will help them have a imperious user experience and increase the rate of adoption.Another characteristic is trialability. It is the measure of testing and more testing makes adoption faster. Providing good quality control when testing will make sure that the implementation will be in line with the implementation planning. The last characteristic is observability and it is the measure of visibility others have of the innovation and if more visible the faster the adoption. Providing end users with a positive visible experience will make employees more willing to go along with the innovation. The second element of Rogers diffusion of innovation theory is communication, or the lick by which people develop and share information with each other to achieve common understanding (Rogers, 1995) (Lundblad, 2003). The need for IT managers to speak the businesss verbiage is very important. So an emphasis will need to be on communication for th e IT department to ensure all needs of the business are being met.Realizing value from business change requires effective communication (IT Governance Institute, 2008). Time and social system are the last two theory elements. Time involves the incompatible adoption rates of innovation and social system involves members in group or organization with a common goal. Opinion leaders, change agents, and champions are the people within a social system who have the ability to influence the diffusion of innovation within a social system (Rogers, 1995) (Lundblad, 2003).Winning over the most influential employees of the business will help influence other employees and ensure the business wants the implementation of BYOD to succeed. The last two frameworks needed to be taken into account when implement BYOD is jeopardize IT framework and Val IT Framework. The Risk IT framework needs to be taken into account when implementing BYOD or any other system. There are six Risk IT principles that w ill help effectively assess risk. The Risk IT principles are connect to business objectives, align IT risk management with ERM, balance make up/benefit of IT risk, Promote fair and open communication, establish tone at the top and accountability and function as part of daily activities.(ISACA, 2009) Effective enterprise boldness of IT risk should have the potential amount of risk the enterprise is ready to take clearly defined with business objectives (ISACA, 2009). Effective enterprise governance of IT risk always connects to business objectives (ISACA, 2009). Controls should also be implemented to address risk. Controls are implemented to address a risk and based on a cost-benefit analysis. In other words, controls are not implemented for the sake of implementing controls (ISACA, 2009). IT risk should always be taken into account. Risk management practices are appropriately prioritized and implant in enterprise decisionmaking serve well (ISACA, 2009).Val IT is another framework that should be assessed when implementing BYOD to ensure the creation of value with the implementation. Val IT is used with CobIT, Val IT both complements CobIT and is supported by it (IT Governance Institute, 2008). CobIT processes manage all IT-related activities within the enterprise (ISACA, 2009). Val IT and CobIT provide business and IT decision makers with a comprehensive framework for the creation of value from the delivery of high-quality IT-based services (IT Governance Institute, 2008). quatern questions can be asked to assess the enterprise and ensure value.(IT Governance Institute, 2008). All the frameworks of Risk IT, Val IT and CobIT can interconnect and provide an efficient management of IT.(ISACA, 2009)With both Val IT and CobIT, Risk IT can help enhance risk management and should be applied to an enterprise that is implementing a BYOD policy. IV. Plan of ActionPLANNING Planning should be considered a crucial part when creating a BYOD policy. Depending on how a pol icy is created will determine the success it has going forward. A lackadaisical approach during the development can cost a company immediate complications (Pendleton, 2012). The planning stage is where management will cover the concerns and questions related to creating a standard policy for the organization to administer. It is insistent the planning stage not be taking lightly. Planning should never be rushed or thrown together in an ad-hoc like manner. mushiness shown during planning can have devastating effects for the companys future (McKendrick, 2012).PEOPLEDeveloping a successful policy should promote an open collaboration between both the employees and the organization (AbsoluteSoftware 2012). Important details to include are the specifics for the guidelines set for users on the network. These areas of policy can become very fogged for both organizations and their staff to deal with (Kaneshige, 2012). It is vital to outline details for what usages are allowed on the netw ork, a users classification on the network, the user restrictions for specific classifications, and the disciplinary actions for abusing the use.Personal ownership must be directly associated to the users on the network. Violations to the end-user agreement develop for network usage must be outlined with explanations that are clear and concise. Management must set a good example by following the regulations put into place just as any employees are expected to do. Realizing value from business change requires effective communication- a critical requirement difficult to achieve without widespread acceptance of a consistent set of terminology (IT Governance Institute, 2008).MANAGING TECHNOLOGYWhen initiating a policy into the business structure there are key subject matters to be addressed. It is important to designate the governance for the plan being implemented. So there will be an enterprise wide discipline for the policy. Each device that is allowed to have access to the network b ecomes a problem waiting to happen if lost or worse, stolen with malicious intent. There are key strategies to keep in mind when preparing a solution for argue against possible vulnerabilities on mobile devices. The components offering the most reliable solutions are focusing on access control and identity management (Chickowski, 2012). The capability to have both the control and visibility on events on the companys network is key for management. Lately, there has been various mobile security providers stating the solution is to control the data, rather than the device itself (Corbin, 2012). Personal owners are still strongly encouraged in taking preventive actions to securing their device. Nevertheless, IT departments can only do so a great deal software-wise when taking security precautions handling devices on the network.In the case of IT being the direct barrier of prevention, the use of devices and software the directed focus is more information-centric (Corbin, 2012). IT sta ff must direct attention towards securing data itself by blending the right amount of features to check authorizations and authentications. This layered approach centered at the information will provide more control over security wherever it should move or stop. The protection of corporate data is of utmost importance for a business. any data obtained through lost or stolen devices would be a nightmare for an organization but, having data fall into the wrong hands could compromise a companys integrity to other competitors can be disastrous. Therefore, it is crucial that preventive measures are put in place to ensure the integrity of an organization and its data. A beneficial solution to security is to include proper hardware and software that facilitates automatic provisioning that can be administered by the IT department. The Identity Services Engine (IES) by Cisco is one great example to the controllability needed for security.This software offers an efficient way for enterprises to manage network connections through an identity and access control policy platform. With access to vital information in real-time, enterprises can make proactive governance decisions about access (Cisco, 2012). This is the type of authority organizations need to ensure a safer network for users while securing valuable data. In connection with the security policies established there are legal issues bound to arise from the control organizations place over data being transferred and stored on employee devices. This topic of rights can leave both sides feeling uneasy. Nonetheless, businesses must protect their data that accessed by users on the network.The development process of the BYOD policies is where organizations will want to include details pertaining to ownership. Such discussion must include the liability for the information being used, how and when should a device-wipe be used, and exit strategies taken for employees leaving the business (Hassell, 2012). A great example of this problem would be defining the jurisdiction concerning who has authority and rights of the data located on an employees device if he or she should be terminated or leave the company. These are all big issues that must be addressed depending on the vulnerability of your corporate data otherwise, this going unstated that lead to annoying litigation for management.EXECUTION/ASSESSMENTFinally, once the components of execution and governance have been covered it is necessary for the organization to assess its current transition. It is here management must audit the new BYOD strategy to determine their Return on Investment (ROI). When reviewing the results of a recently implemented strategy there are two sets of key questions to measure the success of its use. The governance-related questions based from a Val IT approach include ar we doing the right things? (The strategic question) and Are we getting the benefits desired? (The value question). The last set of questions are COBIT fo cused taking on an IT view. These two are Are we doing them the right way? (The architecture question) and Are we getting them done well? (The delivery question) (IT Governance Institute, 2012). The combination of both the Val IT and COBIT frameworks create a synergistic relationship that will ensure a highquality IT-based service is creating value across the enterprise.V.Critical Success FactorsThe critical success factors for successful management of the BYOD policy are to plan, manage, assess, execute and communicate. Planning must be done first using Rogers Diffusion of Innovation Theory and Zachman Framework as a basis to planning to ensure the BYOD policy is going to be accepted by the enterprises employees and align with the business. Communication needs to be an important part of planning to understand the business objectives. Planning must include how BYOD will be managed, executed, communicated and assessed. The management of the technology needs to ensure data safety usin g authentication and governance. The BYOD policy needs to be assessed ahead execution. The risk that a large IT-enabled project will fail for lack of business change should be assessed by top management at the very conception of the project and by project management at key phases over the life of the project (Gibson, 2004).Other frameworks to assess the BYOD policy are Risk IT, Val IT and CobIT. These are needed to understand the business risk associated with the BYOD policy, ensure value and assess the IT processes involved in the IT strategy switch. To execute, management needs to implement the policy with good quality control aligning it with the plan and technology management of the BYOD policy. Management needs to also communicate the governance and rules of the BYOD policy to ensure discipline. report of consequences is also needed so employees understand the consequences of their actions using their own devices as a part of the enterprise. Lastly, the BYOD policy will need to be audited continuously to take in charge the safety and integrity of information while operating properly to attain the enterprises goals and objectives. run away CitedAala Santhosh Reddy. (June 2012). Bring Your Own Device (BYOD) Making It Work For Your Organization. In Slideshare.com for Cognizant Research Center. Retrieved , from http//www.slideshare.net/cognizant/making-byod-work-for-your-organization 13450463. BYOD Policy Implementation Guide. London Absolute Software, 2012. PDF. Cisco Systems, Inc.. (2012). Cisco Identity Services Engine Software 1.1.1 (aka 1.1MR). In Cisco. Retrieved , from http//www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11637/ps11195/qa_ 67-658591.html. Ericka Chickowski. (June 19, 2012). Visibility and Control Still an Issue With BYOD Policies. I Network Computing For IT By IT.Retrieved , from http//www.networkcomputing.com/security/visibility-and-control-still-an-issue wi/240002308. Gibson, C. (2004). It-enabled business change An approach to understanding and managing risk. Retrieved from http//papers.ssrn.com/sol3/papers.cfm? ISACA. (2009). The risk it framework. Retrieved from http//www.isaca.org/Knowledge Center/Risk-IT-IT-Risk-Management/Pages/Risk-IT1.aspx IT Governance Institute. (2008). Enterprise value Governance of it investments. the val it framework 2.0. Retrieved from http//www.isaca.org/KnowledgeJoe McKendrick. (October 23, 2012). 10 steps for writing a secure BYOD policy. In ZDNet.com. Retrieved , from http//www.zdnet.com/10-steps-for-writing-a-secure-byod-policy 7000006170/ Jonathan Hassell. (May 17, 2012). 7 Tips for Establishing a Successful BYOD Policy. In CIO.com. Retrieved , fromhttp//www.cio.com/article/706560/7_Tips_for_Establishing_a_Successful_BYOD_Poli y. Kaneshige, T . (March 06, 2012). BYOD Making Sense of the Work-Personal Device Blur. In CIO.com. Retrieved , from http//www.cio.com/article/701545/BYOD_Making_Sense_of_the_Work_Personal_De ce_Blur. Kenneth Corbin. (August 23, 2012). BYOD Se curity Demands Mobile info Protection Strategy. In CIO.com. Retrieved , from http//www.cio.com/article/714550/BYOD_Security_Demands_Mobile_Data_Protecti n_Strategy. Lundblad, J. (2003). A review and critique of rogers diffusion of innovation theory as it applies to organizations.Organization Development Journal, 21(4), 50-64. Retrieved from http//search.proquest.com/docview/197971687?accountid=7113 Miller, K., Voas, J., Hurlburt, G. (2012). BYOD Security and Privacy Considerations. IT Professionals. 14 (5), 53-55. Retrieved from http//ieeexplore.ieee.org place Pendleton. (August 13, 2012). Top Concerns When Creating a BYOD Policy. In NEC Corporation of America. Retrieved , from http//info.necunified.com/bid/153070/Top Concerns-When-Creating-a-BYOD-Policy. Rob Humphrey. (March 07, 2012). Manage Risks Reap Rewards BYOD. In Kensington Safe Zone with Rob Humphrey communicate