As we are well on our way into the year of 2012, I can almost hear bandwidth come to a screeching halt in organizations around the world. That's mainly because a good many of those tablets and smart phones everyone got as holiday gifts have already started coming into the workplace. Some organizations will choose to prohibit these, while others will welcome them with open arms. In either case, IT Managers are scrambling to find ways to detect the devices, and manage them. In some instances, a few pioneers, the most adventurous of the bunch, are attempting to keep track of BYOD configurations, and even so crazy as to treat them like typical company assets, managing them via their CMDB. Is that so wrong?
It most definitely is not wrong, and is, in fact, the direction more modern IT Service Management teams are headed. This is mainly due to the personal appeal of mobile devices such as tablets and smart phones in combination with their full-featured functionality close, if not equal to, laptops and PCs. In a sense, not letting them into the workplace can set an organization back - likening it to preventing someone from wherein a watch because the company already had plenty of clocks on the wall. Now, while I realize that isn't a 1:1 comparison today, it will be sooner rather than later. The scary part is that while watches could only stand to make a more productive worker, BYOD devices can pose a potential drain on resources and productivity.
So, to combat the potential harm BYOD could introduce, your team needs to be as diligent as ever, making sure BYOD devices are treated like any other on your network, and in turn managed using your all aspects of your ITSM solution, perhaps most importantly, your CMDB. This means making sure your team understand their native configuration, and how to manage any necessary changes.
Taking this a step further, and since we like to think of ITSM as an ever-evolving practice, we not only want to see you embrace these changes, we'd also like to offer you some tips on how to accommodate and manage them. Of course, the alternative is that you ignore them, and revert back to archaic, draconian IT tactics imposed by the past popularity of dumb terminals. So, instead of sending someone to The Rack for bringing a virus onto your network via their personal computing device, follow the steps below. They will help ensure you can identify devices on your network, prevent potential dangers, and keep your workforce running smoothly.
[Editor Note: After taking a look at the steps below, be sure to download the Free CMDB checklist. For those of you that haven't implemented a CMDB yet, this guide takes you through 25 Key Criteria your CMDB must have.]
1. Evaluate BYOD Processes
Take a good look at what devices you already support. Consider asking questions like, "How often do we receive requests to allow Internet access for a tablet or smart phone?" and "Which employees benefit most from BYOD?" Finally, be sure to include a process for indentifying or discovering new devices. Don't wait around for someone to tell you've they've started bring their own device. You should know the moment they do.
2. Implement Automatic Discovery
Most modern CMDB solutions will provide an automatic discovery tool. These can be configured to detect and notify you when a device has attached to your network for the first time. Be proactive and aware of how these devices are configured, the impact the pose to your organization, such as Internet bandwidth.
3. Monitor Potential Threats
While in the beginning mobile device were free from the potential for viruses and malware, this is starting to change. Latest research shows Android devices as the biggest target, but any OS can have security vulnerabilities. Given Step 1 and 2, make sure you have a procedure in place for making sure devices that come onto your network are up-to-date, and free of any unsupported software.
4. Conduct Regular Audits
Your CMDB will show you a historical record of devices that have attached to your network, as well as any changes that may have been made. Make it a point to regularly review this information.
Communicate your policies to your customers (the users / employees). They should have an understanding that BYOD does not create a free-for-all situation where Internet Use Policies are thrown out the window. In addition it is fair that they understand what liabilities they have when using their own device for work related activities.