Monday, April 8, 2019

Solving the Byod Problem for the Enterprise Essay Example for Free

Solving the Byod Problem for the Enterprise Essay ledger entry Enterprise com shake offing, as we know it, is facing a dimensional shift with the widespread diffusion of the BYOD (Bring Your profess Device) phenomenon. BYOD is the latest trend hitting dutyes where employees argon bringing their own personal mobile thingamabobs. Some of these devices take on smartphones and tablets which be brought into their place of work, and utilisationd on the integrated web for purposes such as accessing files, email servers, and databases. everyplace the past few years, employees in many institutions are bringing their own personal devices to the work surroundings to handle avocation need. With employees using their own devices, CIOs and IT de distinguishments across the nation are frantically trying to nurse up with their employees by ensuring their ne cardinalrks are safe and secure. There is no doubting mobile devices moderate victorious over a big part of our lives. The se devices travel with us wherever we go while unendingly being within a short reach away. People are beginning to realize the service program of getting work done from their own mobile devices.With this trend efforts are in need of a constitution for employees bringing their own devices to work. Although a relaxed BYOD form _or_ system of government tooshie offer an physical composition many benefits, it tends to be a double edged sword. A lax insurance policy leaves sensitive data vulnerable an excessively strict one stifles employees trust relationship with their employer. A balance moldiness be struck surrounded by offering employees a pleasant and enjoyable work environment and maintaining the credential of enterprise data. As the expectations of workspace force evolve, nerve leaders must find ways to adapt and overcome the challenges that arise when corporate finish has a conflict with social standards and consumer trends. Management must consider the potential d etriment to the workforce team spirit and how this could ultimately result in productivity loss.This is evident in the current 90% of employers who urinate elect to allow personal devices at work with little or no precautions (Miller, Voas, and Hurlburt, 2012). Most workers consider themselves, not the bon ton, to be responsible for the personal devices they use for work purposes. This all begs the question, how should an organization go about implementing a BYOD policy? Which policy stack best suit a particular type of business? Should organization leaders place priority on protecting its data as ensnares, or must they protect the health of their workers? If the latter is chosen, what compromises must employees be expected to educate to underwrite a necessary, minimal level of security is in place?These are all the major questions IT departments are seeking answers for when providing a BYOD environment. This research news report get out provide a working outline with the c orrect steps needed for the development motion for a BYOD work environment. The paper impart touch upon bring up subjects addressing the careful decisions that must be do in order to set up the prim policies. An organizations main goal is make certain your business has both a safe and secure network while storage areaing the employees satisfied.II. profound Issues. The winder issues for the executing of BYOD involve five main areas. The main areas are people, protrudening, have it awayment of engineering science, assessment and execution. The offset printing main area, people, involves how charge must communicate with the enterprises employees, provide leadership and proper governance. The second base area, planning, management must provide a plan to implement BYOD into the enterprise that aligns with the business, communicates the IT strategy to the business and provides audio quality control. The third area, management of technology, IT management should provide a f lexible and standard BYOD policy for employees. The quaternary area, assessment, management should provide a way to measure risk, eliminate risk and provide a qualified audit of the BYOD policy. Lastly, execution of the BYOD policy should provide an implementation that coincides with the needs of the other key issues.III.Models and exemplars. Models and theoretical accounts provide the king to analyze, a structured set of essential components of an object for which clear expressions is necessary and perhaps even obligatory for creating, operate, and changing the object (Zachman, 2008). The object is the enterprise and the ability to implement any new business policy requires structure from models and models. The models and frameworks that relate to providing structure in implementing BYOD are the Zachman Framework, Rogers distribution of commute Theory, hazard IT framework and Val IT Framework. The Zachman Framework is the foundation for architecture of any kind and ente rprises that are growing in complexness stack be represented with the Zachman Framework. With bring your own device the enterprise architecture of an organization bequeath need to counterchange to fit with the architecture change that BYOD brings. The two newspaper columns from the Zachman Framework that BYOD bequeath affect is the Where and Who columns.The Where column involves the network and how the corpse of an enterprise allow change in regard to BYOD. The technology depart need to be provided by or to employees that will change the architecture of an enterprise. The system will be with employees everywhere which means the business will be with employees everywhere they go. Leaving the business in a more vulnerable show that may create the loss of important data, which will increase the need for employees to be more responsible. The Who column needs to interact with the Where column that provides a distributed system that will requireResponsibility from the organizatio ns employees. The business type of the employees device will need to have specifications, be defined and represented. The get up perspective will need to define for the devices role for both the device and employee. The architect perspective will need to define the potential locations for the system and where it can reach. With a intelligibly defined system role for the devices themselves the business management perspective should focus on how the devices are defined for the employees. To implement BYOD the enterprise will need to focus on those columns of the Zachman Framework. While the Zachman Framework provides the structure organizations will need the Rogers Diffusion of asylum Theory provides aspects of innovation that will help mold business policies that should increase the ability of BYOD to be implemented. Rogers Diffusion of Innovation Theory provides four theory cistrons.The four theory elements are the innovation, communication, time and social system. The innova tion does not need to be new in terms of being recently developed, it only needs to be new to the person or organization that is adopting and implementing it (Lundblad, 2003). The theory continues that in that respect are five move to the innovation that increase rate of implementation as each of these marks increase. The five typicals of the innovation are intercourse advantage, compatibility, complexity, trialability, and observability (Rogers, 1995) (Lundblad, 2003). Relative advantage is a perceived improvement over the current status.To implement BYOD their needs to be a perceived improvement according to the employees view. jutning the implementation of BYOD will help make sure the improvement is seen and the employees will accept the innovation. The characteristic, Compatibility measures how well the innovation aligns with organization. Implementing the system in line with the organization with good understanding of the business will increase the compatibility and make the implementation possible. The next characteristic is complexity which is the measure of ease of use. Knowing the end users of the implementation and what they want in a BYOD implementation will help them have a tyrannical user experience and increase the rate of adoption.Another characteristic is trialability. It is the measure of testing and more testing makes adoption faster. Providing good quality control when testing will make sure that the implementation will be in line with the implementation planning. The last characteristic is observability and it is the measure of visibility others have of the innovation and if more visible the faster the adoption. Providing end users with a positive visible experience will make employees more willing to go along with the innovation. The second element of Rogers diffusion of innovation theory is communication, or the do work by which people develop and share data with each other to achieve common understanding (Rogers, 1995) (Lundbla d, 2003). The need for IT managers to speak the businesss verbiage is very important. So an emphasis will need to be on communication for the IT department to batten all needs of the business are being met.Realizing value from business change requires rough-and-ready communication (IT Governance Institute, 2008). Time and social system are the last two theory elements. Time involves the contrasting adoption rates of innovation and social system involves members in group or organization with a common goal. Opinion leaders, change agents, and champions are the people within a social system who have the ability to influence the diffusion of innovation within a social system (Rogers, 1995) (Lundblad, 2003).Winning over the most influential employees of the business will help influence other employees and ensure the business wants the implementation of BYOD to succeed. The last two frameworks needed to be interpreted into account when implement BYOD is assay IT framework and Val IT Framework. The happen IT framework needs to be taken into account when implementing BYOD or any other system. There are six Risk IT principles that will help effectively assess risk. The Risk IT principles are connect to business objectives, align IT risk management with ERM, balance cost/benefit of IT risk, Promote fair and open communication, make tone at the top and accountability and function as part of daily activities.(ISACA, 2009) Effective enterprise governance of IT risk should have the potential amount of risk the enterprise is ready to take clearly defined with business objectives (ISACA, 2009). Effective enterprise governance of IT risk always connects to business objectives (ISACA, 2009). Controls should also be implemented to address risk. Controls are implemented to address a risk and based on a cost-benefit analysis. In other words, controls are not implemented for the sake of implementing controls (ISACA, 2009). IT risk should always be taken into account. Risk ma nagement practices are appropriately prioritized and embedded in enterprise decisionmaking process (ISACA, 2009).Val IT is another framework that should be assessed when implementing BYOD to ensure the presentation of value with the implementation. Val IT is used with CobIT, Val IT both complements CobIT and is supported by it (IT Governance Institute, 2008). CobIT processes manage all IT- related to activities within the enterprise (ISACA, 2009). Val IT and CobIT provide business and IT decision makers with a comprehensive framework for the creation of value from the speech of high-quality IT-based services (IT Governance Institute, 2008). Four questions can be asked to assess the enterprise and ensure value.(IT Governance Institute, 2008). All the frameworks of Risk IT, Val IT and CobIT can interconnect and provide an efficient management of IT.(ISACA, 2009)With both Val IT and CobIT, Risk IT can help enhance risk management and should be applied to an enterprise that is implemen ting a BYOD policy. IV. Plan of ActionPLANNING Planning should be considered a crucial part when creating a BYOD policy. Depending on how a policy is created will determine the success it has going forward. A lackadaisical approach during the development can cost a company immediate complications (Pendleton, 2012). The planning stage is where management will cover the concerns and questions related to creating a standard policy for the organization to administer. It is imperative the planning stage not be fetching lightly. Planning should never be rushed or thrown together in an ad-hoc like manner. oversight shown during planning can have devastating effects for the companys future (McKendrick, 2012).PEOPLE maturation a successful policy should promote an open collaboration between both the employees and the organization (AbsoluteSoftware 2012). grave details to include are the specifics for the guidelines set for users on the network. These areas of policy can become very wooly -minded for both organizations and their staff to deal with (Kaneshige, 2012). It is vital to outline details for what usages are allowed on the network, a users classification on the network, the user restrictions for specific classifications, and the disciplinary actions for abusing the use.Personal ownership must be directly associated to the users on the network. Violations to the end-user agreement develop for network usage must be outlined with explanations that are clear and concise. Management must set a good representative by following the regulations put into place just as any employees are expected to do. Realizing value from business change requires effective communication- a critical requirement difficult to achieve without widespread acceptance of a consistent set of terminology (IT Governance Institute, 2008).MANAGING TECHNOLOGYWhen initiating a policy into the business structure there are key subject matters to be addressed. It is important to designate the governanc e for the plan being implemented. So there will be an enterprise wide discipline for the policy. Each device that is allowed to have access to the network becomes a problem waiting to happen if lost or worse, stolen with malicious intent. There are key strategies to keep in mind when preparing a solution for defending against possible vulnerabilities on mobile devices. The components offering the most reliable solutions are focusing on access control and identity management (Chickowski, 2012). The capability to have both the control and visibility on events on the companys network is key for management. Lately, there has been various mobile security providers stating the solution is to control the data, rather than the device itself (Corbin, 2012). Personal owners are becalm strongly encouraged in taking preventive actions to securing their device. Nevertheless, IT departments can only do so a good deal software-wise when taking security precautions handling devices on the network .In the case of IT being the direct barrier of prevention, the use of devices and software the directed focus is more breeding-centric (Corbin, 2012). IT staff must direct attention towards securing data itself by blending the right amount of features to check authorizations and authentications. This layered approach centered at the information will provide more control over security wherever it should move or stop. The protection of corporate data is of utmost importance for a business. Any data obtained through lost or stolen devices would be a nightmare for an organization but, having data fall into the wrong hands could compromise a companys integrity to other competitors can be disastrous. Therefore, it is crucial that preventive measures are put in place to ensure the integrity of an organization and its data. A beneficial solution to security is to include proper hardware and software that facilitates automatic provisioning that can be administered by the IT department. The Identity Services Engine (IES) by lake herring is one great example to the controllability needed for security.This software offers an efficient way for enterprises to manage network connections through an identity and access control policy platform. With access to vital information in real-time, enterprises can make proactive governance decisions about access (Cisco, 2012). This is the type of authority organizations need to ensure a safer network for users while securing valuable data. In connection with the security policies established there are level-headed issues bound to arise from the control organizations place over data being transferred and stored on employee devices. This topic of rights can leave both sides feeling uneasy. Nonetheless, businesses must protect their data that accessed by users on the network.The development process of the BYOD policies is where organizations will want to include details pertaining to ownership. Such discussion must include the liabilit y for the information being used, how and when should a device-wipe be used, and exit strategies taken for employees leaving the business (Hassell, 2012). A great example of this problem would be defining the jurisdiction concerning who has authority and rights of the data located on an employees device if he or she should be terminated or leave the company. These are all big issues that must be addressed depending on the vulnerability of your corporate data otherwise, this going unstated that lead to get at litigation for management.EXECUTION/ASSESSMENTFinally, once the components of execution and governance have been covered it is necessary for the organization to assess its current transition. It is here management must audit the new BYOD strategy to determine their think on Investment (ROI). When reviewing the results of a recently implemented strategy there are two sets of key questions to measure the success of its use. The governance-related questions based from a Val IT ap proach include ar we doing the right things? (The strategic question) and Are we getting the benefits desired? (The value question). The last set of questions are COBIT focused taking on an IT view. These two are Are we doing them the right way? (The architecture question) and Are we getting them done well? (The delivery question) (IT Governance Institute, 2012). The combination of both the Val IT and COBIT frameworks create a synergistic relationship that will ensure a highquality IT-based service is creating value across the enterprise.V.Critical Success FactorsThe critical success factors for successful management of the BYOD policy are to plan, manage, assess, execute and communicate. Planning must be done first using Rogers Diffusion of Innovation Theory and Zachman Framework as a basis to planning to ensure the BYOD policy is going to be accepted by the enterprises employees and align with the business. Communication needs to be an important part of planning to understand the business objectives. Planning must include how BYOD will be managed, executed, communicated and assessed. The management of the technology needs to ensure data safety using authentication and governance. The BYOD policy needs to be assessed sooner execution. The risk that a large IT-enabled project will fail for lack of business change should be assessed by top management at the very conception of the project and by project management at key phases over the life of the project (Gibson, 2004).Other frameworks to assess the BYOD policy are Risk IT, Val IT and CobIT. These are needed to understand the business risk associated with the BYOD policy, ensure value and assess the IT processes involved in the IT strategy switch. To execute, management needs to implement the policy with good quality control aligning it with the plan and technology management of the BYOD policy. Management needs to also communicate the governance and rules of the BYOD policy to ensure discipline. definition of consequences is also needed so employees understand the consequences of their actions using their own devices as a part of the enterprise. Lastly, the BYOD policy will need to be audited continuously to guarantee the safety and integrity of information while operating properly to attain the enterprises goals and objectives. decease CitedAala Santhosh Reddy. (June 2012). Bring Your Own Device (BYOD) Making It Work For Your Organization. In Slideshare.com for Cognizant Research Center. Retrieved , from http//www.slideshare.net/cognizant/making-byod-work-for-your-organization 13450463. BYOD Policy Implementation Guide. London Absolute Software, 2012. PDF. Cisco Systems, Inc.. (2012). Cisco Identity Services Engine Software 1.1.1 (aka 1.1MR). In Cisco. Retrieved , from http//www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11637/ps11195/qa_ 67-658591.html. Ericka Chickowski. (June 19, 2012). profile and Control Still an Issue With BYOD Policies. I Network Computing For IT By I T.Retrieved , from http//www.networkcomputing.com/security/visibility-and-control-still-an-issue wi/240002308. Gibson, C. (2004). It-enabled business change An approach to understanding and managing risk. Retrieved from http//papers.ssrn.com/sol3/papers.cfm? ISACA. (2009). The risk it framework. Retrieved from http//www.isaca.org/Knowledge Center/Risk-IT-IT-Risk-Management/Pages/Risk-IT1.aspx IT Governance Institute. (2008). Enterprise value Governance of it investments. the val it framework 2.0. Retrieved from http//www.isaca.org/KnowledgeJoe McKendrick. (October 23, 2012). 10 steps for writing a secure BYOD policy. In ZDNet.com. Retrieved , from http//www.zdnet.com/10-steps-for-writing-a-secure-byod-policy 7000006170/ Jonathan Hassell. (May 17, 2012). 7 Tips for Establishing a Successful BYOD Policy. In CIO.com. Retrieved , fromhttp//www.cio.com/article/706560/7_Tips_for_Establishing_a_Successful_BYOD_Poli y. Kaneshige, T . (March 06, 2012). BYOD Making Sense of the Work-Personal Device Blur. In CIO.com. Retrieved , from http//www.cio.com/article/701545/BYOD_Making_Sense_of_the_Work_Personal_De ce_Blur. Kenneth Corbin. (August 23, 2012). BYOD Security Demands Mobile selective information Protection Strategy. In CIO.com. Retrieved , from http//www.cio.com/article/714550/BYOD_Security_Demands_Mobile_Data_Protecti n_Strategy. Lundblad, J. (2003). A review and critique of rogers diffusion of innovation theory as it applies to organizations.Organization Development Journal, 21(4), 50-64. Retrieved from http//search.proquest.com/docview/197971687?accountid=7113 Miller, K., Voas, J., Hurlburt, G. (2012). BYOD Security and Privacy Considerations. IT Professionals. 14 (5), 53-55. Retrieved from http//ieeexplore.ieee.org Mark Pendleton. (August 13, 2012). Top Concerns When Creating a BYOD Policy. In NEC confederation of America. Retrieved , from http//info.necunified.com/bid/153070/Top Concerns-When-Creating-a-BYOD-Policy. Rob Humphrey. (March 07, 2012). Manage Risks Reap Rewards BYOD. In Kensington Safe Zone with Rob Humphrey blog

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.