Navigating the Legal and Audit Implications of BYOD Initiatives

While the consumerization of IT marches on, in its footsteps lurks the specter of unknown risk. We live in a world of zero-sum games of litigation where suffocating regulations are the norm, and failure to comply can draw millions in fines and lawsuits. Technology diversity multiplies the challenge of maintaining compliance — it’s no wonder so many IT shops take a one-size-fits-all approach to workforce computing and forbid bring-your-own-device (BYOD). But it doesn't have to be this way. It’s possible to craft an approach that brilliantly achieves the conflicting goals of embracing BYOD and consumerization while slashing the risks and costs at the same time. Our recent research on the topic comes from working with lawyers and auditors who specialize in technology law and compliance reveals that it can indeed be done.

You Still Have to Act But the Cure is Often Worse Than the Disease
The technology attorneys we interviewed for this research agree — once you learn that BYOD is happening in your organization, you have a legal obligation to do something about it, whether you have established industry guidance to draw on or not. The answer is seemingly simple: Take action to stamp out the risk. However, the answer isn't that straightforward because: 

  • The more restrictions you put in place, the more incentive people will have to work around them and the more sophisticated and clandestine their efforts will be.
  • There is no data leak prevention tool for the human brain, so arguably the most valuable and sensitive information walks around on two legs and leaves the building every night. Accepting this is important for keeping a healthy perspective about information risk on employee-owned devices.
Read more

Citrix Acquires Framehawk, Bolsters Enterprise and DaaS Portfolios

This morning Citrix announced the acquisition application mobilization vendor Framehawk for an undisclosed sum as the battle for high performance for corporate Windows apps on mobile devices rages on. Here’s my take:

It's a good acquisition for Citrix and in turn for I&O pros for 3 reasons:

  • Some of Framehawk's technology will be additive to Citrix's enterprise portfolio. Specifically, Framehawk's framebuffering protocol - called Lightweight Framebuffer Protocol, or LFP - is designed for mobile carrier networks like 4G/LTE where there is often highly variable latency, loss, and jitter. Citrix will add it to their arsenal alongside HDX to improve the end user experience of server-hosted Windows applications on mobile devices for XenDeskop App Edition and XenDesktop.
  • It will be a boon for DaaS providers' customer experience. Citrix is in the business of building a Desktops-as-a-Service (DaaS) platforms for service providers. One of the barriers to the success of DaaS in the enterprise, and a potential source of value for service providers, is the user experience on mobile devices over mobile networks. Another player to watch the remote desktop/app protocol space for mobile networks is RapidScale.
  • It's a competitive take-out play as well. Delivering Windows apps from the datacenter to both corporate and employee-owned desktops, laptops and mobile devices is what Citrix does - it's their place in the technology universe. Framehawk's technology approach, while expensive, has some advantages. Citrix was probably starting to see them in more deals as competition.
Read more