Enterprise IT Watch Blog

December 20, 2012  12:27 PM

The dark side of BYOD: Privacy, personal data loss and device seizure

Michael Tidmarsh Michael Tidmarsh Profile: Michael Tidmarsh

By Cesare Garlati (@CesareGarlati)

Many employees don’t understand the implications of using their personal devices for work. Many companies don’t understand that they are in fact liable for the consequences. This post covers the things you always wanted to know about BYOD but were too afraid to ask.

Good News: Your company offers a BYOD program. You can finally stop carrying that boring corporate phone and use your own shiny new iPhone for work. Even better, you can now check your corporate email from home while streaming YouTube videos on your Galaxy tablet. Your company picks up part of the bill and even provides enterprise-grade help desk support to help you with your gadgets. It looks like an offer you can’t refuse.

Bad News:  You joined your company’s BYOD program. One morning you wake up, reach for your iPad to check the email but it doesn’t turn on. Your iPad is dead. Totally bricked. After a quick family investigation you realize that the little one tried to guess your password to play Angry Birds before you would wake up. Too bad the security policy enforced by the corporate email account triggered your iPad self-destruction to prevent sensitive corporate data from unauthorized access. Think you’re angrier than those famous birds? Wait until you realize that the device itself can be brought back to life and your corporate data restored. But your pictures, videos and songs are gone. Forever. Note: the case above is based on a true story. My son’s name is Luca.

Don’t read the rest if you are scared enough already. This is not the worst it can happen to your data, to your privacy or to your device. Many employees who use their personal devices for work are shocked to find out that their smartphones, tablets and laptops may be subject to discovery request in the context of a litigation involving their company. Employees may be asked to surrender their personal devices – in which they have browser history, personal information and documents they created – as they may be subject to review by 3rd parties in connection with litigation.

If you were too impatient to read all through the Acceptable Use Policy that you signed when you joined your company’s BYOD program, or if you simply were not too eager to know what you were really getting into, this may be a good time to go back to that document or to contact your IT or HR department for clarification. Here are the things you should know about your company’s BYOD program and that you shouldn’t be afraid to ask.

  • Personal Data Loss. When your personal smartphone, laptop or tablet is used for work related activities, such as access to corporate email, calendar or corporate directory, there is a good chance that your company relies on built in features and additional software tools to secure and manage the data in your device. As a first line of defense, many organizations enforce ActiveSync policies, preinstalled in most consumer mobile devices, to enforce password protection and remote wipe and lock. More sophisticated IT departments may request the installation of additional Mobile Device Management software agents to extend corporate IT reach into any application and functionality of your device. While security and manageability are legitimate concerns for the company, most BYOD programs rely on IT tools that don’t make a clear separation between personal and corporate data and applications. As a result, in case of unauthorized access – real or presumed – the whole content of the device is more or less automatically deleted and the device itself made unusable.

What you should ask if you are not too afraid of the answer: Is the data in my device susceptible to automatic or remote deletion? What events trigger the automatic deletion? Is remote deletion part of the standard employee termination process?  Is my approval sought or required for the remote deletion? Is my personal data retained in case of automatic or remote wipe?  Does the company provide a mean to recover the personal data deleted? Am I entitled to any reimbursement for the loss of personal content such as songs, videos or applications?

  • Privacy.  From a legal standpoint, the fact that you own the device is irrelevant in case of litigation. To discover and preserve evidence, the court may require forensic review of all devices in connection with the litigation. Employees participating in the BYOD program may be asked to produce their personal devices for 3rd party examination. You will have to make any personal information stored in your devices accessible. This includes the history of the websites visited, songs and movies downloaded and played, copy of financial transactions or statements, the list of your personal contacts and your electronic communications with them including personal emails, personal phone call, text messages and various social media activities including Facebook, Twitter and VoIP services such as Skype and similar. This extends to the personal information of any other family member or third party who may share the use of that device. Personal data stored in the device is not the only privacy concern. Your location and your online activity may be exposed to your employer too. A main feature of Mobile Device Management software is the ability to track in real time the location of the device. The feature is intended to help determine whether a device is lost rather than stolen before initiating a remote lock or remote wipe.  It can also be used to selectively disable camera and microphone when the device enters restricted company areas to prevent sensitive data loss. Modern devices can get quite accurate at pinpointing location even when inside buildings where GPS technology is typically complemented with Wi-Fi access point detection. Although not intended for this use, your IT department may be able to track your whereabouts anywhere and anytime, deliberately or accidentally, and you may not even be aware of this. In addition, when your personal device connects on-campus to the corporate Wi-Fi network, there is a good chance that your online activity is monitored and filtered to comply with various regulation and to protect the company from any liability arising from an improper use of corporate resources.

What you should ask if you are not too afraid of the answer: Could I be required to produce my personal devices for forensic analysis? Does this apply to devices shared with other family members? Who will then get access to the personal information stored in my device? Is my company able to track my location? Under what circumstances can this happen? Is my approval sought and required to track my location? Do I get notified? Are these systems active outside regular work hours? Is my personal online activity on-campus monitored and logged? Is this information retained when I leave the company?

  • Device seizure and loss of use. Mobile devices are small and you take them with you everywhere. No surprise they are the most likely to get lost or stolen. But when you use your gadgets for work related activities, you have a couple more reasons to worry about. Your device may become unusable as a result of a company initiated remote lock or wipe. Or you may be asked to surrender your inseparable smartphone for legal examination in conjunction with litigation. Either case you could lose the use of your device for some time and likely find yourself in need for a temporary or permanent replacement.

What you should ask if you are not too afraid of the answer: Under what circumstances may I be asked to surrender my personal device? Is the company going to provide a replacement? Who is responsible for backing up and restoring personal data and applications if the device is seized? Under what circumstances can the company initiate a remote lock of the device? Is my approval sought and required? What is the process to regain use of my device?

In this post I covered the less known and less user-friendly aspects of BYOD programs. In a next post I am going to share best practices and legal advice for IT managers to build sound BYOD policies that minimize the impact of these issues to fully unlock the business benefits of Consumerization

December 19, 2012  10:59 AM

YouTube IT video of the week: 2012 in review

Michael Tidmarsh Michael Tidmarsh Profile: Michael Tidmarsh

As 2012 comes to a close, take a look back some of the biggest technology stories from the year including: Apple vs. Samsung, the Surface, and Facebook’s IPO.

Tell us what you think was the biggest technology story of 2012.

Disclaimer: All videos presented in the “YouTube IT Video of the Week” series are subjectively selected by ITKnowledgeExchange.com community managers and staff for entertainment purposes only. They are not sponsored or influenced by outside sources.

December 13, 2012  4:26 PM

YouTube IT video of the week: BlackBerry 10

Michael Tidmarsh Michael Tidmarsh Profile: Michael Tidmarsh

Next month, RIM will release its most anticipated smartphone to date: The BlackBerry 10. The company gave users a sneak preview of its new product during the Jam Americas 2012 event in September.

Let us know if you think the BlackBerry 10 will be able to revive the struggling company.

Disclaimer: All videos presented in the “YouTube IT Video of the Week” series are subjectively selected by ITKnowledgeExchange.com community managers and staff for entertainment purposes only. They are not sponsored or influenced by outside sources.

December 11, 2012  3:26 PM

Top 10 Twitter users to follow on cloud computing

Michael Tidmarsh Michael Tidmarsh Profile: Michael Tidmarsh

Twitter image via Shutterstock

Are you looking for the latest news and updates on cloud computing? We’ve compiled a list of top experts and pros from across the Twitter universe who regularly share and discuss their cloud knowledge. Ten of our favorites are listed below; follow many more through our handy Twitter list.

  • Marc Benioff (@Benioff): CEO of Salesforce.com
  • Adrian Cockcroft (@adrianco): Cloud Architect at Netflix
  • Simon Crosby (@simoncrosby): Co-founder and CTO of Bromium, Inc
  • Brian Gracely (@bgracely): Director of Tech Marketing at EMC & Cloud blogger
  • Scott Guthrie (@scottgu): Vice President of Microsoft’s Server and Tools Business Division
  • Chris Kemp (@Kemp): Founder & CEO of Nebula
  • David Linthicum (@davidlinthicum): Founder of Blue Mountain Labs
  • Marten Mickos (@martenmickos): CEO of Eucalyptus
  • Krishnan Subramanian (@Krishnan): Principal Analyst, Rishidot Research LLC
  • Werner Vogels (@Werner): CTO at Amazon.com

Who’d we miss? Let us know in the comments about the cloud computing experts you follow on Twitter.

December 7, 2012  3:26 PM

IT infographic: How big data is changing everything

Michael Tidmarsh Michael Tidmarsh Profile: Michael Tidmarsh

All across the world, more and more data is being generated during day-to-day activities. This infographic from OnlineBusinessDegree.org takes a look at several ways this “Big Data” will impact us in the future on a social, political and economic level.

Tell us in the comments below on how you think big data will evolve in the future.

Please Include Attribution to OnlineBusinessDegree.org with this Graphic
The Future of Big Data

December 6, 2012  12:36 PM

Governance is the missing piece of the big-data puzzle

Michael Tidmarsh Michael Tidmarsh Profile: Michael Tidmarsh

Big Data image via Shutterstock

By James Kobielus (@jameskobielus)

Big data is a complex, tricky thing to govern. Often, it’s an unholy siloed mess of disparate databases under various business units, on various data platforms, and managed by various “stewards” with various tools and workflows.

Consolidation of your big-data assets must be an ongoing initiative, both to reduce overhead and to free up the insights that come from correlating disparate data sets. But you can scarcely consolidate such a mission-critical resource without addressing the administrative issue of big-data governance head-on. Presumably, you already have some level of governance–aka data stewardship or master data management–in your data warehousing and business intelligence practices.

Smart big-data consolidation demands the following double-barreled approach to governing the assets that matter:

  • Governing analytic data: Keeping your big data under control means, among other things, determining what small subset of it should be managed with tight stewardship. Usually, those are the system-of-record relational data you’ve long managed within the master tables of your enterprise data warehouse. In other words, your official records on customer, finances, human resources, the supply chain will still be governed tightly in the era of big data, and probably on your scaled-up enterprise data warehouse. But the larger volume of unstructured data–such as social marketing intelligence, real-time sensor data feeds, browser clickstream sessions, and IT system logs–can remain outside your governance practice until such time as it is linked to systems of record.
  • Governing analytic models: Big-data applications ride on a never-ending stream of new statistical, predictive, segmentation, behavioral, and other advanced analytic models. As you ramp up your data scientist teams and give them more powerful modeling tools, you will soon be swamped with models. Big data analytics demands governance of analytic models, if they’re to be deployed into production business applications. Key governance features include check in/check-out, change tracking, version control, and collaborative development and validation. Your big-data sandboxing platforms and modeling tools should ensure consistent governance automation, and managed collaboration across multidisciplinary teams working on your most challenging big data analytics initiatives.

No, governance is not the sexy side of big data. It’s often an afterthought in big-data projects. But it’s absolutely essential if you wish to keep your data clean, your models fit, and your big-data applications delivering reliable insights throughout the business.

James Kobielus is an IBM Big Data evangelist.

December 5, 2012  1:26 PM

YouTube IT video of the week: Amazon AWS re:Invent

Michael Tidmarsh Michael Tidmarsh Profile: Michael Tidmarsh

Last week, Amazon hosted AWS re:Invent, its first global and partner conference. It featured several sessions on different ways to prosper in the AWS cloud including cloud migration best practices and new AWS services. Check out this user video featuring CTO Dr. Werner Vogels and CEO Jeff Bezos during their ‘fireside chat’.

Disclaimer: All videos presented in the “YouTube IT Video of the Week” series are subjectively selected by ITKnowledgeExchange.com community managers and staff for entertainment purposes only. They are not sponsored or influenced by outside sources.

November 30, 2012  2:02 PM

IT infographic: Black Friday online shopping

Michael Tidmarsh Michael Tidmarsh Profile: Michael Tidmarsh

Though many people still head to the big box stores at 3 a.m. on Black Friday, online shopping continues to rise. Online sales were up 20.7 percent over last year; this infographic from IBM shows all topics related to Black Friday including mobile and tablet sales.

Check out Ron Miller’s post to see which platform was the big winner on Black Friday.

IBM Holiday Benchmark Infographic BF2012

November 30, 2012  10:30 AM

Events hit the West Coast in December 2012

Michael Tidmarsh Michael Tidmarsh Profile: Michael Tidmarsh

Event image via Shutterstock

The West Coast will be the hot spot in December as several IT events will be hosted in Los Angeles, San Francisco and Las Vegas. Try to get some time off to enjoy these great events!

1.  Gartner Identity & Access Management Summit (December 3-5, Las Vegas, Nevada)

2. 7th Annual LNG Tech Global Summit 2012 ( December 3-5, Rotterdam, Netherlands)

3. Gartner Data Center Conference (December 3-6, Las Vegas, Nevada)

4. TechTarget: Storage for Virtual Servers and Desktops (December 4, Boston, Massachusetts)

5. Content and Apps for Automotive USA 2012 (December 4-5, San Diego California)

6. AnDevCon IV: Android Developer Conference (December 4-7, San Francisco, California)

7. INTERFACE – Seattle (December 6, Seattle, Washington)

8. Cloud World Forum North America (December 6, New York, New York)

9. 26th Large Installation System Administration Conference: LISA ’12 (December 9-14, San Diego, California)

10. ClearEdge Apache Hadoop for Programmers (December 10-12, Jessup, Maryland)

11. Vision 2013 (December 11, Los Angeles, California)

12. TechTarget: The Consumerization of IT (December 11, San Francisco, California)

12. Third Annual  UP 2012 Cloud Computing Conference (December 12, San Francisc0, California)

13. Social Media & PR New York Training (December 13, New York, New York)

14. Practical Experience with Apache Pig (December 13, Jessup, Maryland)

15. TechTarget: Desktop Virtualization 2012 (December 13, Los Angeles, California)

16. TechTarget: Big Data Insights (December 18, New York, New York)

17. Dell SonicWALL: Security Threats in Modern Times, Why Traditional Firewalls are No Longer Relevant (December 20, Los Angeles, California)

We’ll be sharing IT events each month here on the Enterprise IT Watch blog. Got an event to add to our list? Let us know via Twitter (@ITKE) or email. Going to one of these events? Share your takeaways (and photos) with us!

November 29, 2012  1:02 PM


Michael Tidmarsh Michael Tidmarsh Profile: Michael Tidmarsh

Software image via Shutterstock

By Steve Poling (@stevepoling)

JIRA is a great tool to keep track of issues in a software project, be they requirements or bug-reports. You can create a JIRA issue, attach a description of what you want, and assign it to someone. Or to yourself. The tool generates charts and graphs that will impress your boss.

But there’s a problem I call JIRA-mandering and it’s as bad a thing as wickedly-drawn political districts.

The people who are defining a system under development, or reporting problems in an existing system may not have a clear notion of what they want or what’s wrong. This vagueness isn’t a bad thing because we need to capture issues and give them visibility. It’s better than nothing! But the vagueness can lead to JIRA-mandering as we learn what we want and as one thing leads to another.

Suppose you’ve got a vague requirement to publish something, but when you get into the implementation, you learn of constraints and considerations you were unaware of at the outset. It’s easy to tack these considerations onto the original JIRA issue.

Another possibility is that when you originally formulate a JIRA issue you want X and Y and Z. Only trouble is that at the time you didn’t realize that X and Y are as easy as getting milk and cigarettes from the corner store, while Z is like flying to the moon to get rocks. I can hear my boss saying, “I appreciate the milk and smokes, Steve, but you’re not closing the issue.”

Perhaps you’ve heard of SMART criteria (Specific, Measurable, Attainable, Relevant, and Timely). “Hey, boss, did you realize you were asking for the moon?” Or “Hey boss, what do you really need moonrocks for?”

I think JIRA issues should be as SMART as you know how to make them. And you’ve got to have an understanding with your stakeholders that JIRA issues are subject to change as we learn and work through what the software needs. I propose a continuous process of refining JIRA issues to make them SMARTer.

Whenever someone gives me work, we both want to know when it’ll be done. I know I’m done writing software when it passes an Acceptance Test. (Every test should have one reason to fail, but that’s another story.) Let’s suppose a stakeholder creates a JIRA-mandered issue and assigns it to you. The first thing you should do is determine what the Acceptance Test will be. It’s one of those good habits: start with the end in mind.

When you do this to a JIRA-mandered issue, you’ll discover that either you cannot articulate an Acceptance Test, or you’ll find you’re talking about a collection of tangentially-related tests. Most likely, it’ll be a mix of the two: a fog-ball nestled in amidst a number of better-understood, disparate matters.

If you can’t articulate an Acceptance Test for a JIRA issue, you’ve got to negotiate with your stakeholder. Try to get the issue split into parts that clearly identify the parts you understand and the rest. And I suppose that when you see parts of two different JIRA-mandered issues that naturally belong together, try to recombine them into their own JIRA issue.

Just as gerrymandering undermines the integrity of democratic governance, a haphazard coverage of the requirements and issues in a software system undermines visibility into its development or maintenance.

Steve Poling was born, raised and lives in West Michigan with his wife and kids. He uses his training in Applied Mathematics and Computer Science as a C++/C# poet by day while writing Subversive Fiction by night. Steve has an abiding interest in philosophy and potato cannons. He writes SF, crime fiction, an occasional fractured fairy tale, and steampunk. His current writing project is a steampunk novel, Steamship to Kashmir provided he isn’t distracted by something new & shiny.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: