Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BYOD and ITSM: What you need to know

Gerard Norsa | May 6, 2013
Highly functional personal devices are increasingly being adopted as technology tools in enterprise IT environments. This represents yet another challenge for CIOs and senior IT managers trying to use standards and frameworks-based IT service management (ITSM) processes for better governance and business benefits.

"Issues around security are valid concerns," Ferris said. "The biggest fear of CIOs is security particularly in regards to access to sensitive information and the chance of that information leaving the organisation.

"However, neither of these should be new concerns raised only by the advent of BYOD philosophies. Employees have had access to sensitive information for decades and the availability of CDs, USBs, email forwarding, phone cameras, photocopiers, pen and paper etc., has allowed this information to leave the organisation in the past. We have developed systems and processes to mitigate the risks and so it will be with BYOD.

"It is time to calm down about security and embrace the future. The technologies are now available to manage the risk. There is of course a cost but the cost of not embracing BYOD has to be evaluated against the cost and benefits of doing it."

So where do you start?

Step one in formalising and taking control of BYOD adoption within an organisation is to define the boundaries of how and when personal devices can be used. Commonsense insists that any policy statement needs to be as short as possible and easy to understand so that it gets read and adhered to.

Macanta's Ferris feels that the most important aspect of a BYOD policy is to ensure it is "clear and unambiguous".

"It should outline the responsibility of the employee to have suitable technology available for work purposes at all times they are expected to work," Ferris said. "It should define minimum specifications for hardware and operating systems and it should clarify who will pay for support of BYOD devices -- the organisation or the employee.

"Any compensation for using your own device for work purposes should be specified along with what is and what isn't supported. Meanwhile, security policies, levels of permissible data access, details about what will happen if a device is lost or stolen and what happens when an employee leaves the organisation also need to be covered."

When drafting its BYOD policy, Dimension Data's CIO said his organisation found it helpful to try and keep things "generic wherever possible".

"People can be incredibly passionate about a particular device," Jansen said. "Ensuring that you don't have to re-write the policy each time a new piece of technology comes along is helpful. Our policy contains minimum generic requirements for smart phones, tablets and computers.

"We are mindful that the minimum requirements are a combination of the device type, model and OS version. It is the combination of these three aspects that determine the device meeting minimum corporate requirements.

What are the benefits?

Andrew Talbot, an ITSM specialist with enterprise software vendor, BMC Software believes the increases in productivity from BYOD are significant and obvious for organisations with mature ITSM programs.

 

Previous Page  1  2  3  4  5  6  Next Page 

Sign up for CIO Asia eNewsletters.