BYOD and the hidden risk of IT security

When employees use personal devices for business purposes, too much security can create more risk than it prevents

1 2 3 Page 3
Page 3 of 3

Even without BYOD, most companies that plan to deploy VDI ought to make this their default approach, for a very simple reason: Offline VDI takes a fraction of the server capacity required by traditional VDI because you're using the server to only administer the virtual machine image, not to run it. That means buying smaller servers and using less electricity.

Even if you don't care about having a green data center, saving cold hard cash (the other green) with few or no trade-offs is something every CIO should want.

Add BYOD to the discussion and offline VDI becomes even more compelling because it eliminates the biggest concern information security has about employees using their personal device for business purposes. That way, you can erect a clean, high wall to separate the personal environment, which runs directly on the hardware, from the corporate environment, which runs on the virtual machine.

In turn, this leaves employees able to innovate and experiment to their hearts' content in their own environment, while you're able to control the extent to which their experiments make use of corporate information assets. And when they travel, they can bring a single physical machine, on which they can answer both their personal and business email, with no commingling. If they're dedicated or on deadline, they can even work in flight, without having to pay for in-air Wi-Fi.

The risk to revenue

The larger point is this: Risk comes in two forms. Some risks are possibilities of increased costs; the remainder are risks of decreased revenue. The former gets the most attention because those are the ones that happen in big bites -- and are the most visible.

But risks that lead to less revenue are arguably more important. They come in such forms as customer dissatisfaction, reduced innovation, poor collaboration among employees and with business partners and customers, and employee apathy.

Information security has, for the most part, focused its attention on the pitfalls of increased cost, which has led to its being one of the biggest sources of revenue risk. It doesn't have to be that way, but it will be unless and until business leaders insist on alternatives to the traditional lock-'em-down-and tie-'em-up so-called best practices -- and the standards bodies that have until now taken such one-dimensional stances on what constitutes a best practice start to recognize the need for more balance.

They need, that is, to insist on inserting at least some liberty into the liberty/safety balance. As Ben Franklin recognized more than 250 years ago, it's an uphill battle, and one that has to be fought every day.

This story, "BYOD and the hidden risk of IT security," was originally published at Read more of Bob Lewis' Advice Line blog on For the latest business technology news, follow on Twitter.

1 2 3 Page 3
Page 3 of 3