Will Kelly gets some insights from mobile security and cloud experts about how contractors may or may not impact your BYOD policies and security.
Some statistics claim 40% of America’s workforce will be a freelancer by 2020. This spurs questions about how the use of W2 and 1099 contractors may or may not impact Bring Your Own Device (BYOD) security and policies set to protect an enterprise.
Contractors may or may not be part of an overall BYOD initiative according to Alan Murray, senior vice president of products for Apperian, a developer of mobile application management (MAM) solutions. It was an earlier discussion with Murray while writing EMM vs. MAM: Are we doing mobile security all wrong? that got me thinking how the growing contingent workforce might impact BYOD security and related policies.
You don’t own that device
Murray had some interesting things to say how device ownership issues change when a BYOD device belongs to a contractor versus an employee.
He recommends brings the management domain up to the app when you need to secure a contractor’s mobile access to your enterprise.
“If I have to manage an application on a contractors phone well then I can do that with a MAM solution,” he said. “I may or may not be able to do that with an MDM solution. It’s not my phone. It doesn’t matter if it’s his phone. Or it doesn’t matter if it’s the company he works for phone.”
“Therefore you can’t manage it directly. Whether that asset is owned by an individual or by a company is really not as important as it isn’t yours,” he said.
BYOD policy changes, alternatives and the contractor workforce
Brian Dye, group vice president and general manager of the Mobile Platforms group at Citrix, said Citrix foresees a macro shift in the number of workers who are going to be single job dedicated employees versus folks who are freelancing multi-company employees.
“The contractor BYOD scenario you are looking at is going to become increasingly common over the next few years,” Dye said. “In fact, you do want to change around your policy for a couple of reasons.”
“Number one, from a control standpoint,” he advised. “Contractors have more specific areas of work they need to be authorized for within a company. You wouldn’t come in and give them broadly permissioned access.”
“Second, you want to minimize the expense and dedicated hardware associated with those contractors. Whether they are bringing in a phone, tablet, laptop, whatever it is you want to minimize the amount of dedicated endpoint management expense and time,” Dye said.
“Not just for the IT organization but the hassle for that end user coming on board,” he said. “You do want to have something that’s fairly specific for your contractor workforce and there’s a couple of interesting things I’ve seen so far in how customers are tackling this.”
“One of them from a BYOD program standpoint you often have to have alternatives right?, Dye emphasized.
“For example, something I’ve seen companies do is say look you can have this BYOD program which is we are going to install software on your device we are going to create a corporate section on that device separate from your personal device,” Dye said. “But if you don’t want to do that we can give you a company issued phone. Typically a lower end phone than what the person would typically use.”
The reason that companies have had to go that route in some areas around the world the court systems view a BYOD program with lack of choice as forcing an employee or contractor to accept your terms for a BYOD program.” This choice covers you on data privacy issues.
He said, “The second part is that companies are starting to understand their ability to motivate a contractor to use a set of technologies is really a function of whether a contractor sees value in that technology.”
Your EMM and contractor workforce
“It’s definitely at the EMM/MDM level there’s no question about that,” according to Dye. “We find that its really an all in end user view of the world though because there are some scenarios where you have people who can do everything they need to do off a mobile device but there are also folks who at some point during their day or week need a traditional endpoint.”
“We find that really it’s taking the contractor view of the world and especially in the case thinking about all the tools that contractor needs to be successful. It extends from the laptop to the tablet to the phone. The technical implementation might be somewhat different,” Dye advised.
Dye is a proponent for virtualization as a method for enabling contractor BYOD. He further added, “We really think that to get the BYOD program to work you need to look at all the points of access that a contractor needs into an environment not just a phone from that traditional perspective.”
Cloud ecosystems, contractors, and BYOD
With so many businesses and governments migrating backend systems to the cloud, I spoke with Alastair Mitchell, president and CMO of Huddle, a software as a service collaboration vendor that competes against SharePoint, to get his take on the role that the cloud can play with contractors and BYOD. Mitchell sees that contractors are one of the most poorly served parts of the enterprise ecosystem.
Looking ahead, he sees, “The enterprise is becoming more permeable, more virtual and this idea of internal and external employees who work inside and outside the firewall is changing completely.”
“It’s quite incredible to me. In some sectors like government but also whole industries like consulting for instance,” said Mitchell pointing to two industries where contractors comprise a bulk of the workforce.
“Typically, the way you thought of IT on a network, behind a firewall, wall being the main word anybody outside of that would find it very hard to connect. If you were working for anybody for less than a year where you went through the hassle of getting single sign on, accreditation, and the license for a corporate intranet or SharePoint site.” Mitchell offered.
“You have an ecosystem of employees, customers, partners, suppliers and everyone needs to be connected to information. The idea of a firewall is redundant and ludicrous,” Mitchell pointed out.
Mitchell evangelized the role of the cloud to maintain security beyond the firewall for contractor BYOD devices. He referred to it as building the biggest possible ecosystem.
According to Mitchell having the cloud outside the firewall, lets IT and business owners to manage information security in the same way they would have done through the firewall.
“Your IT overhead to bring people into and out of the firewall, open up access to internal apps, risk and cost and time are dramatically reduced,” Mitchell advised.
Retaining key information is another point that Mitchell stressed about using a cloud platform. He offered, “Another thing you see if when you do this stuff is that contractors bring in their own kit, their own systems into the enterprise. They work together on this project and leave and the information leaves with them rather than being stored usefully on this platform where the information is owned by the organization themselves.”
To off board contractor devices from the cloud, Mitchell recommended, “First of all the platform has to be connected up to a single sign on or accreditation system. You can revoke access to all the different access points in one go.” He also recommended cloud systems that wipe content wherever it sits across devices.
Resolving your BYOD and contractor conundrum is going to come down of knowing your boundaries for device and data ownership through effective use of MAM and MDM solutions. Knowing how contractors may change such boundaries may lead to adjustments for your current information security, mobile, and BYOD policies. We also now have the technologies available to permit collaboration between contractor and client and contractor to contractor in the cloud outside the traditional firewall saving on time and overhead costs.
Originally published on CNET TechRepublic on May 26, 2015