If given the choice between using some crappy piece of hardware your company hands out or your own personal computer or mobile device, which would you choose? It’s pretty much a no-brainer, especially if you’re an Apple fan working in a Windows world. Apparently Big Blue (IBM) is finally catching up with the Bring Your Own Device (BYOD) movement, and allowing their employees to bring their own preferred devices to work. But, that doesn’t mean that it’s easy sailing for its employees who are looking to take advantage of software or services they prefer over the IBMified devices. Nope, corporate IT policy is still pretty heavy-handed, and your iPhone will still get Big Blued.
IBM’s chief information officer Jeanette Horan offers a brief look at how BYOD works at IBM with MIT’s Technology Review:
Before an employee’s own device can be used to access IBM networks, the IT department configures it so that its memory can be erased remotely if it is lost or stolen. The IT crew also disables public file-transfer programs like Apple’s iCloud; instead, employees use an IBM-hosted version called MyMobileHub. IBM even turns off Siri, the voice-activated personal assistant, on employees’ iPhones. The company worries that the spoken queries might be stored somewhere.
Horan goes on to highlight how “conservative” the company is, and bemoans the lack of basic “awareness as to what constitutes a risk” among her employees. I’d like to suggest that if she really meant it, she’d take a moment and have her IT department explain to employees why using iCloud or Siri could be a security risk instead of disabling it on employees’ mobile devices. A simple, “people can steal our trade secrets if these services are breached” email should be sufficient and still give people the ability to ask Siri where the closest taco stand is in the area.
The best security policy is one that actually educates employees to help them make smart security decisions, not one that removes access or limits their functionality to certain applications without a basic discussion about the risks. Then again, having a smarter, more secure workforce would likely mean less IT jobs, so… there’s that.
