Finding The Hidden InfoSec Story

Bring your own device (BYOD) is like the Balkans

wuestenigel Flickr via Compfight cc

Running an IT policy takes a lot of political skill. Sometimes you have to be a diplomat, sometimes you must be a tyrant, and most often you have to be like a benign dictator. If you are too liberal, users will ignore you; too oppressive, and you will inspire resentment and resistance.

 This is especially true when it comes to deciding what devices can be used in the organisation. Bring your own device (BYOD) – the concept of allowing employees to use their personal mobile devices for work purposes – is hotly debated and frequently hated among IT staff.

 BYOD comes with a number of dangers and pitfalls: Company data is at risk when the device is stolen or lent to a third person; malware infections can enter the company network easily; and employee privacy can be compromised by mobile device management software used by the employer to control these two issues. Furthermore, it can push up the cost of IT support.

 Set against those disadvantages is one major advantage: Having a BYOD policy in place gives the employer a chance to control “wild west” BYOD behaviour, in which employees just use their private devices at work, regardless of whether they are allowed to do so or not.

 To take a stark example from recent history, the BYOD landscape seems like Yugoslavia prior to the Balkan wars, where Marshall Tito kept a firm grip on the various ethnic tensions in his country. 

 In order to have different and divergent people (or devices and systems) live together in a reasonably peaceful way, much effort is required by a strong central administration to ensure that everyone feels treated in at least a remotely equal manner. And even if peace is kept on the outside by this strong central authority, conflicts within never completely cease. Once the central authority is weakened – as happened when Tito died (or there is a budget cut or personnel change in IT administration), those small conflicts are in danger of blowing up.

 However, a central authority that single-mindedly suppresses individual preferences and behaviour will not be successful either, as people will find ways to subvert restrictive policies and do as they please. Hence, the key to successful BYOD implementation is giving users enough freedom to make it sufficiently attractive for them to go along with the administration; just as the key to former and current relative peace in the Balkans prior to the Balkan wars was relative freedom and balance of power between diverse ethnicities under a central government that left much of the power to its individual regions.

Share This Post On