In A World Of Bottom Up Technology, Should IT Support Your iPhone?

from the they-might-have-to dept

Back when the iPhone first came out, there were all sorts of stories about how it was no good for the enterprise. While it's certainly gotten better, it still does seem like the Blackberry is the enterprise smartphone of choice. Yet, many people really do like using the alternatives, and while the solution for many is to now carry around multiple devices, others are beginning to push for companies to support their own devices (iPhone or others). And this is becoming a bigger and bigger issue. These days, many technologies used in the office are coming from "the bottom up," meaning that they're personal technologies (hardware, software or services) that individuals are using/buying on their own first, and then realizing they're so useful, that they start using them at work too.

And that, of course, raises the inevitable question of whether or not the IT department should support those technologies. The easy answer (which I'm sure we'll hear many times over in the comments) is "of course not." But it might not be that simple any more. Ignoring or holding back those technologies entirely may actually harm overall productivity in some cases, and limit what employees can and should be doing. Now, obviously, I recognize the argument that a large part of IT's job is to keep things running and protect the overall setup from problems -- and letting in any technology and supporting it can make that very, very difficult. But it ignores the flipside of IT's role: enabling companies and their employees to be more productive through the use of technology. And, even if IT officially decides to not allow things like the iPhone, as the article above points out, it might not matter much:
Likely scenario: An employee is denied an iPhone (or possibly any company-provided smartphone) and decides to get his own personal iPhone for use at work. This surreptitious infiltration is actually a bigger concern than a handful of managers; at least with them you still get to control the configuration and deployment process. If you don't know that workers are using iPhones in your company, you can't secure them at all. You can't even be certain what data might be stored on them.

And since the iPhone is fairly easy for even novice users to set up -- they can sign onto wireless networks, access intranets, and even gain access to an e-mail server -- it's no stretch to imagine that a lone, unauthorized iPhone could seriously compromise confidential data, as well as access to your network and the services running in it.
So, a flat-out ban isn't going to do the trick, but actively supporting any technology people bring into the workplace is too much to handle and causes too many problems. So where is the middle ground?


Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    Qyiet (profile), Jan 20th, 2010 @ 8:25pm

    If security was your reason for a ban...

    .. and users can join internal networks with an unauthorised device, then you have already failed as an admin.

    We avoid apple's smartphone at my work because it's hard to centrally manage, and expensive on the cellular data (no unlimited plans over here). But there is a lot more lockdown should have already happened if you require the sort of security that would be banning iphones from your system.

    To answer Mike's question: I will setup oddball devices for users in downtime, with a 'if it breaks it's not our problem'. Provided of course the device is not going to create issues with other internal systems.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Andrew F (profile), Jan 20th, 2010 @ 8:29pm

      Re: If security was your reason for a ban...

      The article has this bit: "Even if you can banish the iPhone from your network, you still can't stop users from entering notes, appointments, or contacts from within your organization onto their iPhones by hand."

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        EnricoSuarve, Jan 21st, 2010 @ 6:36am

        Re: Re: If security was your reason for a ban...

        True, but those notes are unlikely to introduce trojans onto the network, remotely poll it for vulnerabilities or even represent a serious data leak.

        Most places aren't so spies-r-us that they have to worry about the amount of data someone can feasibly hand copy, data that sensitive is probably behind an additional physical security layer anyway (i.e. a bloke with a gun and a metal detector), and only accessible to highly trusted people.

        My attitude to that sort of copy job would generally be "knock yourself out".

         

        reply to this | link to this | view in chronology ]

  •  
    icon
    Skeptical Cynic (profile), Jan 20th, 2010 @ 8:31pm

    Three step process

    1. Receive request for a new program or device to be supported.

    2. Review item for security and management ability, and appropriateness for the work place.

    3. Deny request because it would just add to amount of work that needs to be done for the same money since most IT people work only on salary and therefore don't have any incentive to work harder. Tell them it's a security risk or that there are too many support problems with the item. Move on to the next denial.

    The truth is I have worked in IT for over 25 years and the above is pretty close to reality. Why because companies still view IT as an expense and therefore try to spend as little as possible on it.
    So most corporate IT people work on salary and are expected to work however hard or long to get it done from people that have no concept of how hard it is or how long it takes. So IT people by default (any job would act the same) don't do anything that will add to a pretty full work load since they are not going to get any extra pay for allowing it.

    In this technology driven marketplace you would think that companies would start to search for IT people that can add to the bottom line and also pay them what they are worth.

    Disclaimer: I no longer work in Corporate IT but instead consult to them because I can get paid for the work I do and the hours I spend.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jan 20th, 2010 @ 9:26pm

      Re: Three step process

      Spot on.

      On a side note, my company works as the IT department for a lot of small/medium sized businesses on a contract basis (some by the hour, some with an agreement for as many hours as they need). I happily support iPhones, Droids, an HTC Hero, a ton of Windows Mobile devices, several Blackberries (some using the BES, some just using BIS), and at least one Palm device that I know of. Knowing that they're paying by the hour for it makes them a little more careful about the kind of thing that they ask for. I'd support email via pigeon if they really wanted at the prices we charge.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Jake, Jan 20th, 2010 @ 8:41pm

    The only hurdle I can see is the education issue regarding malware precautions. If employees are using their personal smartphones, there's a limit to what you can do to prevent security breaches through negligence or error beyond insisting on periodic inspections.

    Also, full in-house support for every smartphone OS would get unfeasibly complicated pretty fast, so employees buying a model without the company's preferred OS would have to have to get it fixed at their own expense and accept some extra restrictions on what they could do with it; sending it back to the manufacturer with commercially confidential data saved to disk is probably not a good idea.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Michael Long (profile), Jan 20th, 2010 @ 8:50pm

    They should...

    "These days, many technologies used in the office are coming from "the bottom up," meaning that they're personal technologies ... that individuals are using/buying on their own first..."

    These days? You're showing your age Mike. (Or lack thereof.)

    Back in the day, people snuck Apple IIs into the office, just so they could run VisiCalc. Then they started bugging the mainframe staff for data to plug into their spreadsheets and, of course, the IT folk resisted doing the extra work.

    "Besides," they said. "Those personal computer things are just toys."

    Fast forward a few decades, and it would appear that they're still doing the same type of song and dance. All while people who WANT to be more productive spend their own time and money ushering in the future of communications and connectivity.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Jake, Jan 20th, 2010 @ 10:54pm

      Re: They should...

      I don't think that's entirely fair. The situation you describe with Apple IIs sounds vulnerable to mission creep; if the mainframe staff agreed to let users plug their personal machines into the network, they'd end up being expected to support them as well, something that wasn't in their job description and which they'd have to learn to do at their own expense.
      I like problem-solving as much as the next IT geek, but there are limits to what I'd be prepared to do without a proper budget for retraining and new equipment.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Freedom, Jan 20th, 2010 @ 8:54pm

    Job 1 - Productivity

    (Disclaimer: IT Admin)

    Job #1 for any IT person is to make people more productive and anything else is really just background noise. Any time I find myself starting to say NO to someone (or something for that matter), I make sure I'm not violating my #1 rule/job.

    Most key decision makers are reasonable and if you explain in plain English the issues, costs, risks, and options, then in most cases you are set. For those that work with that decision makers that aren't, if you are a talented IT person, then it is probably time to excerise your options.

    Ironically, most IT people love solving problems and I would think are very "House - TV Show" like. Integrating the iPhone and other devices in a way that the company can except is just another problem to be solved.

    Freedom

    P.S. I have a sign on my wall that says - don't tell me why we can't, tell me how we can.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Skeptical Cynic (profile), Jan 20th, 2010 @ 9:04pm

      Re: Job 1 - Productivity

      Very true. I have an intuitive ability to find a solution to an IT problem and love finding novel problems to solve, but also have gotten to the point where I need to balance work and family. Which means that I expect to get paid for the long hours I work.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Jmotley (profile), Jan 21st, 2010 @ 6:42am

      Re: Job 1 - Productivity

      The issue is not can we connect it. Its simply we dont want to. Within my company we have several people that want (and sometimes demand) to be able to use their own smartphones. For one reason or another. We have set our network up in such a way that blackberrys are the only phone that can readily connect to our wifi. I have A G1 and its hard for me to connect to our wifi and surf the web. We provide those employees whose job require it blackberries. We do not tell people that they can not use their their personal phone we just dont allow them to connect to key elements other the e-mail, and we warn them that if there is a problem we WILL NOT support that phone so if you lose imporant data oh well

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Alex, Jan 21st, 2010 @ 12:30am

    I have a friend who works for a company (unfortunately I can't say what company). There you are searched on entry for any unauthorised devices and have them removed - this includes even something as innocuous and old as a floppy disk, let alone phones or high density storage media. Once inside, if you ever want to use anything new on the network (software or hardware) you have to submit to a 6 month review process by the IT department, paid for out of YOUR budget, not theirs.

    Although some of those measures may be a little draconian for most places (not this one though), the idea of having new devices supported from YOUR budget, not the IT department's is certinately valid. "I'd like to get my iPhone on the network please", "OK, that'll be 6 months and £45,000", "Hmm, maybe I'll make do with this Blackberry..."

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Justin, Jan 25th, 2010 @ 1:50pm

      Re:

      So then I guess it is not that important to you. Their are many people and groups that come to me and say I want this, I want that. I need some way to weed out the people that are just bored and will go away and the ones who have really thought out their idea. If you are willing to wait or pay for what you are asking I am much more willing to listen because I know you have a stake in the outcome. I have also noticed that the people that aren't willing to wait or pay will come back to me in a short time asking for me to undo what I just did or ask for another way to do it. If it is free to them they never think about it and constantly ask for changes that only clog the entire request process and prevent me from getting to the good requests.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Michael (profile), Jan 21st, 2010 @ 12:49am

    Interoperability

    This wouldn't be such a problem if IT was already looking to select the most secure, reliable, and inter-operable solutions possible.

    Unless you lock things down to /insane/ levels there isn't any /real/ way you can prevent the workers from taking digital information they really want to out of a controlled setting. Physical things are harder, but are you really going to use trusted computing platforms, encrypted networks and storage, and deny removable media entirely?

    End users already have physical access to the systems, and building them to be secure against /that/ threat entails so much big-brother expense and friction as to be likely not cost-effective.

    With that in mind, it makes much more sense to give the end user a LITTLE trust, and a lot of GENERAL education on security practices.

    Then you can let them access an IMAP account over a secured connection (SSL, well encrypted network, etc) while at work or using a VPN. Suddenly anything with a /real/ network connection and standard mail support can talk to a generic mail-server.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Mr RC (profile), Jan 21st, 2010 @ 1:43am

    Standards

    I'm the IT Admin for a multinational, and the answer would be 'No!' not out of any bias (I personally don't like the iphone, I don't consider it a 'smartphone' either) but because of company policy, standardization and security.

    Everyone in the company has the same hardware, generic machines all have the same specs, Developer machines have better specs (but are all the same), Designer machines have their standard specs. Company phones are all the same, exact same model.

    There is no hodgepodge of machines and devices, everything is standardized and unified, from the lowest staff members to the CEO (not all staff have smartphones, just those that require them). It gave a consistent image to visitors (and consistent disk images to us!) and keeps everyone happy as there was no "he/she has a better computer than me... waaaah ". Machine upgrades are bi-annually, phone upgrades are annually.

    The network is completely locked down, they are unable to connect their devices via wireless (We have an excessively long password string and MAC address safe list) without actually hacking the system (and being terminated immediately if discovered)and we have lockdowns on what USB devices work.

    That being said.. if they wanted help with their personal devices, or a home machine fixed.. I have absolutely no problem (nor does the company) with them bringing it in for me to take a look at if I have the time. We even have an isolated port for hooking their machines up to that is independent of our network, should the machines require internet access for updates/patches/drivers etc.

    So in short, No iphones for work (they can bring their own for personal use though).

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Yosi, Jan 21st, 2010 @ 3:41am

      Re: Standards

      Can't resist to call BS on this.
      "All machines are the same specs" - yea, right. And when hard drive on one of such machines die, and turn out that this specific model is no longer manufactured, what you do? Replace ALL machines in enterprise? Same apply for keyboards, monitors, memories, motherboards etc.

      "everything is standardized and unified" - you clearly dreaming. In Real World, problems are not "standardized and unified", so the hardware and software that solve those problems. _Some_ of your developers will need very specific monitor. Another - more than usual disk; and so on.

      "The network is completely locked down" - and cables are what - glued into ports? Or soldered?

      "and we have lockdowns on what USB devices work" - unless you use black magic I see no way doing this. Complete waste of everybody's time.

      Bottom line: we're talking about imaginary place. Even banks don't have such environment. Even military places (and I worked in such).

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        EnricoSuarve, Jan 21st, 2010 @ 4:44am

        Re: Re: Standards

        Why the anger? His comment sounds realistic to me - depends on the environment you work in.

        At my present client all machines are also roughly the same specs, the users have a choice of a few different models and software groupings but the base OS build is the same for example. We try to manage the options to ensure that there are enough to satisfy virtually everyone (yeah sure there is the odd real exception but if you asked most people they would say we have a standard).

        We don't get to the point where hard drives or other components become obsolete with 95% of our kit as we refresh it within a 3 year window, this is usually within extended warranty periods so components are still readily available in my experience.

        Previous clients I have had have locked down their networks to various degrees, its not that hard to install network management equipment that verifies a machine before allowing it on the network at a logical level. One of my clients even ran compliance software that checked if machines had up to date patches and signatures etc before allowing them onto the main LAN (I'm not 100% sure how that worked as I wasn't involved but it definitely did the job).

        As for controlling USB - that’s easy in a locked down environment, there are a range of options from fully supported methods such as altering the USBStor value in the registry to more hacky options. One bank I've worked at even went as far as also epoxying up USB ports in PCs used in its call centre (but we all thought that one was silly).

        Of course an uber hacker with physical access can always circumvent options like this in a variety of ways but the object is to make it harder, follow these sort of steps up with a basic physical security presence and a well published (and followed) policy for how offenders will be treated and you generally don't have many problems.

        So yeah, banks definitely have options like this, some more than others. Banks are actually a poor example as most of their really secure stuff happens on mainframe and midrange backend systems on a seriously locked down area of the network which is only allowed to communicate with the front office systems via a very controlled set of ports and protocols. You could in theory install masses of malware on the mortgage advisors PC, and all that would happen would be the usual red faces as dodgy emails are sent around and someone from IT needs to rebuild a few PCs.

        Can't speak for military sites but a military supplier I worked for had a secure network that you'd need an oxy-acetylene torch just to access the cables, and disconnect any of the equipment and it wasn't an IT geek that came running!

        So yeah - pretty believable, not the norm in my experience but totally doable

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jan 21st, 2010 @ 4:49am

        The imaginary imagined!

        You are of course correct. There is no possible way to standardize the delivery of anything in the IT world and there are no products that are aimed at securing network access or restricting the use of portable devices.

        Define supported technology standards and take time to manage the much smaller number of exceptions. Some of those exceptions will become standards subject to IT governance.

         

        reply to this | link to this | view in chronology ]

      •  
        icon
        Mr RC (profile), Jan 21st, 2010 @ 6:59am

        Re: Re: Standards

        Yosi,

        You've never been in an office with standardized machines? We have spares, and components (which we sell off to staff at the end of our 2 year lifecycle, as well as the ones that were in use after scrubbing the HD's). The machines are well within warranty during that period, and we've never had a problem getting the proper replacement parts (keyboards and mice are probably the only exception where we don't bother and just replace with generics).

        All the developers have the same systems and monitors, and yes some are basically getting more than they require spec wise, but we don't dumb down their machines, they are all the same. I guess you've never heard of server storage space? THAT is a variable based on users needs (one of our dev's has 500gb, most of the others are chugging along well within 200gb).

        Network lockdown also has MAC authentication, the 'average' user doesn't know how to spoof a MAC address, set a static IP or how to connect a non-domain device to the domain.

        the USB lockdown I'm not sure on how it works, it's a legacy program running on the domain from my predecessor, it works though *shrugs* and surprisingly wasn't broken by Vista or Windows 7. (which I'm very thankful for)

        Bottom line: Your comments were good for a laugh, I guess there's more security out there than you thought..

         

        reply to this | link to this | view in chronology ]

      •  
        icon
        chris (profile), Jan 21st, 2010 @ 8:37am

        Re: Re: Standards

        "All machines are the same specs" - yea, right. And when hard drive on one of such machines die, and turn out that this specific model is no longer manufactured, what you do? Replace ALL machines in enterprise? Same apply for keyboards, monitors, memories, motherboards etc.

        it's not impossible. big corps have purchasing power, so they can say to a company like dell or HP that you plan on buying X tens of thousands of units over a 2 year period and you expect a stable build. that gets built into the purchase contract.

        also, big rollouts (where you roll a whole company over all at once) usually mean buying pretty much all the PCs over a short period of time (like 3-6 months).

        as for changes to components, you just add the change to the standard image and keep moving. most stuff is labeled the same, even if the guts change over time.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Jake, Jan 21st, 2010 @ 10:40pm

          Re: Re: Re: Standards

          I think I may state with little fear of contradiction that complete company-wide standardisation with regular complete replacement is a luxury beyond the bi- or tri-annual IT budget of all but the wealthiest companies. The rest of us suffering geeks have to work with a lower budget ceiling, and that entails making a few compromises.

          And I actually feel a bit sorry for those who don't; IT support in one of those organisations sounds like the most boring job in the world.

           

          reply to this | link to this | view in chronology ]

          •  
            icon
            Mr RC (profile), Jan 21st, 2010 @ 11:12pm

            Re: Re: Re: Re: Standards

            It is expensive, yes and it's sometimes a real pain in the ass to roll out (we were unable to get XP on the new batch we got in December, thankfully everyone was away over Xmas and New Years... except for IT) .. well the roll out was easy.. nobody was there.. and then came back to shiny Windows 7 machines.. most liked it.. dev's and designers screamed blue murder.. and maybe 50% of the staff were going duuuuuh.. It's been nearly 3 weeks since people have returned and it's been non-stop insanity..

            You are right though, it does get boring at times.. especially towards the middle of the year... we can always count on the devs to screw up something on their machines (they are the only ones that have local admin rights on their machines, the rest are plain users) but they seem ok now that they have XP in a VM..

             

            reply to this | link to this | view in chronology ]

  •  
    icon
    Ben Robinson (profile), Jan 21st, 2010 @ 4:37am

    Depends...

    If the phone is provded by the companty then of course they have to support it. If the phone is purchased by the user then that is different. I think it is reasonable to allow user's to hook up the iPhone (or other smartphone) to the company's email, contacts etc and to provide basic instruction and information about how to do it for common phones. However you cannot expect an IT department to have the skills and knowledge to provide user support to a potentially unlimited number of different kinds of devices. This is why companies standardise technology, so that you are supporting a finite and controlled set of technologies that you can make sure you have the skills and resources to support.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Jesse C. Anderson (profile), Jan 21st, 2010 @ 4:53am

    Big Brother and the iPhone

    You with all the knowledge out here who can stop us, as long as we don't bend the laws then tell the people's in the ivory tower to take a dounut roll.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    senshikaze (profile), Jan 21st, 2010 @ 5:14am

    we do

    If a user comes to us and asks us, it is our policy to setup their email and calendar on their iphones. Our philosophy is that they will get it anyway and it is better if we have full control of it. We force them to have a security passcode and a number of failed logins and we can remotely wipe anyone's iphone. We do make them sign a waiver, though, if it is their personal iphone and not the business's.
    We decided on this after we found a user forwarding all email to her personal gmail account so she could access it on her iphone. I work in a medical facility, so is a huge never do, ever kind of thing. we fixed it, and now noone is allowed to forward their email anymore. the only way to get email outside the company is through webmail or IT setup smart phone.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Mike, Jan 21st, 2010 @ 7:16am

    iphones

    Here's what I did for our environment. We've been a blackberry shop for a number of years now, but of course more and more people wanted iphones. It got to the point where I simply took a day and made the changes to the Exchange server and firewalls.
    At that point, we tell people "look, here's the settings to sync to exchange, but beyond that, I don't care about your iphone. If you can't make it work, its on you, not me."

    We also do not support them having itunes on their workstations. If they wanna load up their iPhones, they can do it at home. I'm not gonna be responsible when their pc crashes and they lose their purchased music because it isn't backed up.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    chris (profile), Jan 21st, 2010 @ 8:24am

    comes down to politics

    if your IT department is politically strong, then they call the shots and you are most likely not going to get support for arbitrary mobiles.

    if your IT department is politically weak, then someone else calls the shots and if that someone likes arbitrary mobiles, then IT has no choice but to support them.

    i'm an IT guy in the latter case, and while it would be nice to say no to people when i don't want to do something, either because it's impossible or it's going to be a disaster, it's really not that tough to support random smart phones.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Daveonator, Jan 21st, 2010 @ 8:20pm

      Re: comes down to politics

      I agree, this also has a lot to do with it. I work at an organization that had a weaker IT voice in things. Then administration switched and now we are stronger than ever. With that said, we still fall subject to politics - just not as much as we used to.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 21st, 2010 @ 8:37am

    From an IT standpoint, whether or not there is a data breach can be less important than whose fault it is, depending on corporate culture. If the IT department isn't familiar with the technology, allowing it means you've agreed to support something you may not have the expertise to support.

    Depending on how much of a workload you already have, you more than likely are not going to get any time for training, more money, or extra personnel. Why on earth would anyone want to risk being the cause of a potential data breach?

    That's why IT departments don't want to support user technology. It isn't worth the effort so that one guy can keep an iPhone. Because that one guy's iPhone isn't the problem. It's the menagerie of technology you will now be supporting in addition to the iPhone that you have no background or training in.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 21st, 2010 @ 11:08am

    Let's face it.

    I don't believe that Apple iPhones should be supported. It's much more important that they support Palm Pre.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Danny, Jan 21st, 2010 @ 12:59pm

    I work in IT for a bank and I have to say that for the sake of training, expectations, money, and personnel it would be best to keep the technology as streamlined as possible. And by that I mean instead of trying to support the VPs Palm, the CEOs Android, the SVP iPhone, 4 Blackberries, 2 HTC Touches, 1 HTC Touch Pros, etc.... there should be a standard. When you have so many different smartphones to look out for you are begging for disaster the first time someone high on the food chain is expecting something that the IT dept. doesn't support because when the phone was first introduced they were told to get it as cheaply as possible. In a logical world that CEO should have known not to go the cheapest way and then complain later but that is not how corporate culture works when it comes to tech. To them its the IT dept.'s fault that it doesn't do what its supposed to do.

    I do agree that that IT should not be end all be all final word on what items users can and cannot have (my last boss outright refused our mortgage division's request for laptops, and low and behold when that boss was fired about 2 weeks ago the first thing the mortgage manager did was request a round of laptops). However at the same time due to corporate culture if something goes wrong it WILL be declared IT's fault. And frankly speaking if I'm going to be held responsible for then I should have some say so on the decision process. By say so I mean a fair chance to weight in on the pros and cons of the product. We've already been stung a few times when corporate tells us to start introducing some new product (no discussion just "Do it.") and then months down the road when its not all its cracked up to be everyone is tripping over themselves to blame us.

    Mike ends by asking about middle ground. To me middle ground is would be when a new product comes up and all parties that would be affected by this product get a fair say on it. If in the end the company ends up with a mix of smartphones no one has any room to complain later.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Adam, Jan 21st, 2010 @ 7:57pm

    Honestly, we give them IMAP email internally with staff wireless access only. If they want their email forwarded fine. But if IMAP doesn't work on your smart phone, we're not wasting a few hours to figure it out. Your problem.

    That all said, when the senior/directors ask for X,Y, Z to be set up for them, we don't give them much crap. Other people, email on your personal phone doesn't work? Here's your options, if that doesn't work not our problem.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Daveonator, Jan 21st, 2010 @ 8:05pm

    It's all fun and games until someone pokes a hole in their network via a rouge conduit

    It's all fun and games until someone pokes a hole in their network via a rouge conduit

    Bottom up technology is fine, and having a good business justification for having a product like a smart phone is even better. We should as IT personnel support technology and help to nurture it. With that said, If we truly support it then the organization should own it and thus have control of the resource. We should not however give up control and allow personal devices on the network.

    Some responses like to hinge on the fact that IT people are lazy... giving some are. Just like any profession, however there are some of us that work diligently and overtime despite our meager salary pay (which is usually offered because there's no way you'll ever get away with doing 40 hours a week, and don't forget about the weekend calls you'd have to pay time-and-a-half or double-time for). There's nothing like that gut wrenching feeling you get when you calculate you divide your salary by how many hours you worked during the year to find out you actually made less than minimum wage. Enough said about that, sure there's outliers to that but for the most part IT people don't just do a straight 40 in organizations anymore especially if they don't want to be outsourced (like any profession, you have your guys that'll get away with murder on the other end and work 20 hours a week to get paid for 40... do us all a favor and fire them for us will you).

    If your organization doesn't have a security policy tied to human resource policies in place that covers rouge personal devices like routers, smart phones, personal computers (which are basically just as functional as a smart phone now-a-days) - you're asking for trouble (this should be something that all employees must read and sign). Oh, and don't forget about complete upper administrative support for the policy and enforcement there-of.

    There are ways to block these devices from the network access, etc (read my RSM link for details... or just put a filter on the vendor's MAC address for the device if you don't use that vendor for your organization). My answer for someone who tries to connect a unauthorized device to the organizational network is to start disciplinary action. Ask yourself, "Is your organization ready to lose sensitive customer/employee data because someone can't listen or directly disobeys security policy?" The short answer is "No". Seriously folks this is an immature technology especially in the scope of security... just do a search on the web and you'll find that the next "big wave" it protecting these devices with antivirus, etc: http://news.idg.no/cw/art.cfm?id=328604CA-1A64-67EA-E4279C2C9F1EC445

    This means right now, personal smart phones are wide opened for malware attacks thus acting as another attack vector on networks. I say personal smart phones, because they may fly under the scope of IT radar if the proper precautions aren't taken.

    The efficiencies that smart phones create are far outweighed by the fact that data loss/theft directly and indirectly costs millions and closes multiple organizations every year. Consider this: "The average cost of insider data breaches is $3.4 million per business per year. –Ponemon Institute/ArcSight" Want more read on: http://www.massmailsoftware.com/blog/2009/10/sad-corporate-data-loss-statistics-previous-years/

    S o, why such a big deal about security... read this and maybe you'll empathize: http://www.rsmmcgladrey.com/pdf/the_smartphone_and_its_risks.pdf

    Saying yes to allowing a personal smart phone on the network can cause just as much stress/work as saying no if you do it properly. To say IT is lazy for saying no to something like this shows a lack of understanding in today's security threats, and what goes into properly mitigating unauthorized access to the network (and this includes the development of security policies).

    It also doesn't take in effect that most organization are supporting organizationally owned smart phones officially now... just not personal smart phones. The end result is if you do it properly saying "No" may even cause you more work (and isn't the lazy way out). However, to enforce the "Just say no to personal devices" saying you'll have to develop a policy to disallow personal equipment on the network and enforcing that policy in addition to properly installing countermeasures to the organizationally owned smart phones. At that point what's easier? Developing the policies/countermeasures and enforcing them, or installing iTunes multiple computers and supporting lame/mundane requests like helping them connect to the iStore?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    mdspatsy, Jan 22nd, 2010 @ 2:01am

    In A World Of Bottom Up

    This is a very good and informative article from this author.
    World is changing day by day.
    We can not live without any latest,modern communication devices.
    All these new technological,communication devices has brought many usages among various sections of society.
    There may be business rivalry between top companies on market share,competition,applications and pushing their sales from top to bottom levels.
    iPhone,black berry will be with us for many more years.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    chris Fleck, Jan 22nd, 2010 @ 7:49pm

    Safe way to support iPhones

    There are some safe options to enable iPhone access to company email and apps. Keep the data and apps on Citrix XenApp Servers and remote the UI to the iPhone or other device. http://community.citrix.com/x/AoCTBg ( Disclaimer: I work for Citrix )

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Shaun Flaherty, Jan 24th, 2010 @ 8:48pm

    Who owes who?

    After working for a mobile middleware solution provider I can attest to the difficulty that vendors and corporate IT are faced with in this technology-driven market. Apple shot themselves in the foot by not taking the steps necessary from the very beginning to validate the iPhone as an enterprise-ready device. Their go-to-market strategy has always been to market and sell to the consumer. Blackberry has, and will continue to be, the industry standard for enterprise mobility because they chose their marketing efforts to target businesses first and consumers second. In my experience, a flexible and enforceable model for mobile technology standards set by IT has been: 1) choose the operating systems that they will support, 2) work with carriers to select a small variety of devices that will be supported and 3) refuse to support any solutions that don’t include full security and remote wipe. Employees are always going to request new device support from IT, but if the core functionality of a device (extension of PIM (email, contacts, and calendar)) is the biggest concern, new devices aren’t going to offer much more advanced technology than the already IT-supported devices. Companies don’t owe their employees the support of the newest device. Rather, employees owe their companies the right to choose the devices that will most securely contain proprietary information.

    Companies have to adapt to give themselves the competitive edge, but that doesn’t mean investing in supporting the newest devices.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    IT Support London, Mar 31st, 2010 @ 10:17am

    iPhone Support

    With iPhone being a very popular handset your IT support should definately cater for it. If you do not offer support your employees may choose to use an unsupported phone anyway. There are numerous online support forums that give excellent free advice that can help your employees to set up their phone to be able to access business server information.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This