BYOD and Business Continuity

BYOD can be considered as a trend in the IT and is called to be developed during the following years, since this has a lot to do with mobility and telework. There has been users themselves, manly top management, who has introduced smartphones and tables into the offices when they realized that they were using their shabby professional mobiles more regularly than their brand new iphone and they began to invert this trend, forcing their CIOs to allow access to their email, agenda and other applications. This means that, instead of being the product of a marketing strategy or the conclusion of trends report by a high level consultancy company (surely they are going to include in it from now), is the result of an increasingly widespread practice.

From a technical point of view, BYOD is going to be a revolution in the workstation world that will require procedures update, new tools for manage the devices and new security policies. Security and legal issues will be probably most affected by this trend, with a lot of voices form security experts rising against it because of the violation of traditional security dogmas of access control al data loss prevention. That’s why there are a lot of comments in forums and a rising market about device protection tools to avoid happened situation like the one affected to the Spanish Homeland Security Department Minister, who loses his ipad. Most of this tool were available before and has been named with the fashion acronym (BYOD compliance…)

From Business Continuity perspective, BYOD doesn’t bring a great change, since will be very similar to remote access policies in which users usually take care of the expenses of Internet connection or even the computer they use to access to company’s intranet. In the same way they do to remote access, BC manager, usually with Human Resource department, should assure the following:

• Employee give consent to use their own resources to a professional use.
• Employee owns the required resources to carry out activities they have to do in a crisis or contingency situation. The better way to do this is involving the user when inventory of their own resources periodically.
• Employee resources comply with company security and feature politics and procedures.

Apart from that, as every BC resource, BC manager should assure the information in the inventory will be updated continuously. In order to do that, the best option is to automate the process with tools like Workforce Assessment by SunGards AS, in which inventory and update process are done with a web form and is stored in a relational database. This allows using this information later, when defining BC strategies and procedures. And of course these resources have to be included in the exercising program.