When the iPhone hit store shelves it did more than displace Nokia and BlackBerry; it turned mobile phones into desirable devices that people wanted to own and treated as much as a fashion accessory as a computing device. It seemed only natural, then, that businesses would support staff to bring their own devices to the workplace.
Android and Surface devices followed, and soon this was a revolution in the making. At the time, corporate networks were locked down, with alien devices viewed with suspicion. IT was centrally provisioned, in both senses, and workers worked with what they were issued. New device ecosystems were effectively forced on IT teams, but few wanted to pay for them, and fewer still to learn how to integrate them into traditional environments.
Bring your own device (BYOD), which meant smartphones, tablets and even laptops owned by staff, would gain access to corporate networks, becoming work devices. That was the idea, anyway, but it never really happened.
“BYOD never really caught on. For one thing, individuals wanted to separate work from their personal device,” said Finbarr O’Riordan, sales director at managed IT services specialists Typetec. Instead, businesses are increasingly moving to a device as a service (DaaS) model, as it is both usable and secure.
It is also cost effective, and still allows businesses to deploy devices that people want to use. Instead of spending thousands in capital expenditure, the DaaS subscription model can spread out costs, and means the devices arrive already set up and fully licensed for whatever software the business uses.
“It’s very similar to your Sky TV deal: you can choose what you want and need, tailored to fit your own needs and requirements. A brand-new Microsoft surface device could cost as little as €15 a month,” said O’Riordan.
Typetec then offers support, consultancy, deployment and life cycle management. In fact, the actual device is a small part of the draw of DaaS. Instead, ensuring that staff can get on with their work is key, particularly if working from home.
“It brings full flexibility around hybrid working. You can use it at home, on the train, or at work and it’s always the same experience.”
At the outset of the pandemic, businesses scrambled to get devices out to staff in order to support remote work, but it was often done ina panic. Now was the time, said O’Riordan, to solidify things, particularly around security.
“With hybrid working, what we need to see is: are devices fit for purpose and are they managed properly. They need to be fully patched and updated. We have the tools to make sure they are managed, updated and reported properly.”
Reporting has become particularly important, driven by compliance rules and legislation. “A lot of organisations require compliance and reporting is vital. This means you need regular reporting of the assets: up-to-date patching reports, anti-virus scan reports and so on. It’s not a Big Brother thing, it’s about ensuring that the environment is at the peak of its health.”
With security a key concern, threat prevention goes well beyond the device. While the device does need to remain secure, data is typically not held locally but in a data centre or cloud service, with the device used as a gateway. “The device is like the wardrobe door to Narnia,” said O’Riordan.
All sizes of organisations, from small and medium businesses right up to large enterprises, need to think about data security and integrity, but the threat landscape is also evolving.
“They’re all talking security seriously but our experience is that the profile of hacking has changed in the last 12 months. They’re going after bigger wins. The average ransomware was €10 to €20,000. Now €40,000 is entry level.”
The bigger bounties reflect the fact that hacking is itself a growing enterprise. DaaS helps counter this through not only countermeasures, but also its consultative nature, which means solutions are tailored to actual use cases.
“Rushing to throw products and toolsets into place without understanding where the vulnerabilities are is a real mistake,” said O’Riordan. “Another thing businesses need to do strongly is educate their users.
“Hacking is a really sophisticated business, with serious organisations making millions a month. It’s not kids in bedrooms anymore.”