Choose Your Own Device

Providing users with flexibility in the devices they use for work is one of the most discussed topics in technology.

Bring Your Own Device (BYOD) provides the greatest flexibility for users.  With so many variations available to the end users, BYOD also brings significant complexity from a management perspective.  Addressing all of the complexity is considered best practices regardless of the program, BYOD, CYOD, or employer provided devices.  Some organizations are still just not ready.

Where BYOD is meant to allow users to use whatever client device they want to work, CYOD allows users to choose from a list of employer approved and deployed devices.

There are many large organizations that offer CYOD to their employees to provide users with a more comfortable work environment while retaining administrative control.  We have already rolled out a BYOD program with some levels of success.  Now the organization I work with is rolling out a CYOD program to determine if it is a better fit.

The program works like this;

  1. Users are being selected based on their role and work activities.  The goal is to figure out which type of users will appreciate and embrace the program most.
  2. The devices are all Ultra Books and tablets that will run Windows 8. The goal is to focus on portability.
  3. The devices will be deployed by I.T. with a corporate image of Windows 8.  The image will be connected to the domain.  From an access perspective it will be like using any other corporate deployed system other than the form factor.  The goal is to make I.T. feel like this is the same as deploying the corporate standard laptop.  One of the only challenges I foresee is what to do about hardware failures.  My guess is that the users will have to live with a loaner a little bit longer than normal because we won’t be able to stock all of the variations of devices.

The administrative, and inherently security, benefits of CYOD to organizations investigating these programs are significant when compared to BYOD.

  • The hardware can be certified by the I.T. team.  This means that they have certain levels of assurance as to how the device will perform in their environment.  It also means that spare parts can be kept around.
  • The Operating System image can be standardized.  This means the hardening guidelines can be implemented and all of the required software can be pre-installed and configured including security software.
  • Network based authentication like 802.1x can be enabled to ensure only authenticated users are connecting to the network as described here.

Deciding to join the program is a choice given to the users at this point and was an easy decision.  The list of devices is definitely restricted but you still get to choose something, and unlike BYOD you still get the full support of I.T.

More to come on the devices and more perspective on the program.

*** This is a Security Bloggers Network syndicated blog from Insecurity authored by asdfasdfasdfasdf. Read the original post at: