The Era of Unified Communications !

iPhoneThe Era of Unified Communications

There are varying definitions for unified communications (UC) and if you speak to just a handful of leaders from different industries, they will most likely have a different take on the topic. Put simply though, unified communications ties together the ways we communicate, allowing people to send a message on one device and receive the same communication on another.

Emerging in the 1980’s, UC quickly turned from a long-term trend to a key investment and opportunity, which played a role in the growth of enterprise. Over the past decade, CIOs and IT Directors have used UC to help companies improve efficiency and achieve growth. The need to communicate seamlessly across a variety of devices is paramount to surviving in today’s globalised economy. Now, according to a Frost and Sullivan report, more than 52% of employees surveyed used UC applications.

UC brings with it a number of benefits for companies and their employees. Connected information and teams allow for a collaborative working environment. Access to video on demand across mediums is simple and hassle free. Company productivity and output tends to increase as a result as mobile workers are always connected to the corporate network.

But what about the drawbacks to UC? This is where TEM plays a role. Although unified communications aims to ultimately improve productivity and increase efficiency, it can be costly to implement. This is identified as one of the main drawbacks – in fact 73% of companies, with more than 5,000 employees, cited cost as an obstacle to implementing UC.

One of the core challenges of unified communications is ‘cost displacement’. This occurs when calls are answered from an end point that is outside of the VoIP network. As a portion of the call must be established between the closest gateway on the network – this will ultimately be charged by the PSTN service provider and usually to the company implementing UC.

Today’s TEM solution’s addresses this challenge, complementing VoIP cost management by connecting to and collecting information from key network components. This information is then reconciled using smart algorithms, taking many complex factors into consideration and providing reports that visually represent the results. This solution provides many of our global clients with a clear graphical data visualisation and insight into where off-net calls are occurring across their VoIP network.

Although unified communications has been a key investment and opportunity for the past 10 years, the world and working environment is become increasingly mobile. Gartner is predicting that by 2018, more than 50% of users will use a mobile or tablet first for all online activities. Ultimately this means that although UC has received investment for more than a decade, it’s a constant work-in-progress.

What say you ?

Thanks to Ben Mendoza for the post !


Posted in Cloud | Tagged , , | Leave a comment

Mobile World Congress

The Shifting Mobile Landscape Combines Hardware, Software And Networks

Last week, many companies  attended the 2015 Mobile World Congress in Barcelona. As many market leader’s in Telecom Expense Management (TEM) and Market Data Management (MDM) solutions attended the event, they realize the importance  to attend significant exhibitions and conferences. It not only provides them with a chance to present their work to industry leaders and heavyweights, but also allows them to discuss new developments in the field. Much of the work crosses the mobile industry and the 2015 Mobile World Congress outlined some thought provoking future plans from some of the world’s biggest technology players.

One of the most noteworthy projects announced was Google’s ‘Project Nova’. The move will see Google transfer into the wireless carrier network industry and allow users to seamlessly switch between mobile networks and Wi-Fi. Similarly to Tesco Mobile, it will operate as a mobile virtual network operator (MVNO).

What’s interesting though is that Google state they’re not aiming to compete against traditional carriers such as AT&T, T-Mobile, Verizon or Sprint, but rather work with them and “help drive a set of a set of innovations which we think the ecosystem should adopt”. Google states that – similarly to the Google Nexus – it will be low cost, but high performance. It doesn’t aim to eradicate the competition, but show the market their capabilities and inspire carrier partners – if they’re of a high enough standard – to adopt them.

Project Nova appears to be part of a wider initiative from Google to combine the three-pronged approach of hardware, software and networks. Another Google project discussed at the 2015 Mobile World Congress was ‘Project Loon’, which started two years ago and is anticipated to launch commercially by 2016. The project plans a series of ‘balloons’ floating in the stratosphere, partnered with telecommunications companies to share mobile spectrum and ultimately enable end users to connect to the ‘balloon network’ from their phones and other smart devices.

It appears it’s not only Google who wish to get the offline population connected. Facebook is also looking to connect the 4 billion people who ‘live offline’. Partnering with telecoms companies including Samsung and Nokia, Facebook aim to bring more people online by providing free access to specific websites. This project has already launched in developing regions of the world including India, Africa and Colombia. Zuckerberg’s desire to connect developing countries is admirable, but offering Internet access for free can be worrying for telco’s such as Vodafone and Airtel, as you have to ask, who’s picking up the bill?

What’s exciting to see though is the connectivity and growing synergy between technology and telecoms. The technology giants of today see now as the prime opportunity to combine hardware, software and network capabilities and we’re all intrigued to learn more about the consequences and effects on the wireless industry.

It will be a heck of a ride !

Thanks to Ben Mendoza for the post !


Posted in Cloud | Tagged , , , | Leave a comment

Malware Attacks are on the rise !

Malware Attacks Are on the Rise – Is Your Business Ready?

With malware attacks on the rise in all parts of the industry, and the growth of enterprise mobility practices such as BYOD on the increase, it seems a good time to publish a primer on the subject, covering what threats to expect and how to guard against them.

Malware: The Basics

Malware is on the rise, with 28.4 million1 cyber attacks involving financial malware in 2013 alone. But what is it?

Malware is software code specifically designed to disrupt, damage or invade a computer system, most commonly for monetary profit or to access sensitive information. Some malware, such as viruses, infects all systems with which it comes into contact and spreads either by automatically installing and running itself on the host system or by actively transmitting itself over a network. Other malware, such as “Trojans”, includes software which is designed to remain concealed, monitoring and accessing your private data, such as bank details, etc.

The most obvious point of danger within a business is your server and the data it holds, and the risk of the dreaded “data breach”. Understanding how malware works and is used is the first step towards improving detection and preventing threats.

Attacks via the internet are increasing every year, and don’t discriminate between multinationals and small businesses. If a hacker can find a way to infiltrate malicious code into your server and access files or log information exchanges, they have ready access to sensitive information such as customer data, credit card information, passwords and more.

Exposing client or customer data in this way can lead not only to legal action and lost business with the customer themselves, but also significant impact on the organisation through reputational damage and loss of credibility with the market – and that’s apart from the direct costs of additional labour charges, compensation and hardware and software repairs.

While some malware can attack and disrupt your server, other code is designed to attack your customers directly via, for example, spam emails or pay-per-click advertising. Phishing attacks are becoming more effective through the use of social media, as hackers learn to customise their malware and target their victims more successfully.

More importantly for larger organisations, malware can be placed on your website which instantly downloads to a customer’s device whenever they visit your page, or redirects them to another site which contains a concealed infection.

Smartphones and tablets are increasingly being targeted by hackers, especially Android devices who attracted 98.05%2 of all detected infections in 2013. The growth of mobility within the enterprise in general, and BYOD in particular, is particularly significant, bringing with it a plethora of devices and operating systems which make it increasingly difficult for the IT Dept to monitor threats and take pre-emptive action. In the absence of central policies and enforceable procedures, users struggle to keep their anti-virus and security software up to date, while companies put off urgent patch upgrades in order to minimise disruption to the business. With so many new platforms and IT struggling to cope, hackers are constantly finding new openings.


Keeping your staff fully up to date on the risks of malware and phishing attacks is key, so they understand the company security policy and the importance of regularly scanning their devices for vulnerabilities and possible infection. Regular scans of the company and, where hosted internally, website servers are equally important, to detect concealed infections which are quietly stealing information in the background.

With such a playground for hackers to enjoy, guarding your personal device and/or those of your company can be extremely challenging. Security is paramount and the repercussions of neglecting device protection can have serious consequences for your business. Updating security software and running regular checks seems simple when it’s just a few people, but when the company is global or includes tens of thousands of employees, higher level protection solutions are required.


Malware’s purpose is to compromise the functionality of your IT and communication systems, and exploit or compromise the data held within those systems for the publisher’s – or, in some cases, the publisher’s own client’s – commercial or strategic gain.

Hackers are constantly evolving their code to slip past the barriers erected to keep them out. The only solution is constant vigilance, coupled with regular anti-malware updates and thorough checks of the business’ servers and the systems connected to them, either directly over the corporate network or remotely via the internet. With the growth of BYOD, the need is even greater for the organisation to have in place proper Enterprise Mobility Management (EMM) and Mobile Device Management (MDM) policies, together with adequate monitoring and enforcement procedures.

Anything less puts your business, your data and your customers at risk.

Thanks to Emma Griffin for the post !





Posted in Cloud | Tagged | Leave a comment

Apple Pay !

Apple Pay Technology and Enterprise

New technologies releases can have a profound impact on enterprise, as businesses adopt novel systems in order to improve efficiency. In terms of enterprise mobility management (EMM), the recent release of the iPhone 6 and 6Plus (and associated software to launch them into the enterprise market) may herald the start of a new era for working on the move – especially with the introduction of Apple Pay, which is due to be released in the US later this month.

Apple Pay is a new payment method which can be utilised by customers of the new iPhones or the Apple Watch. Rumoured to be the final step in merging online and off-line shopping, the new facility allows people to pay for goods using their mobile device whether out on the high street, buying from a website or from the app store. When in a participating bricks-and-mortar store, users can carry out transactions using Apple Pay simply by holding their phone to the appropriate reader with their finger on Touch ID. There is no need to open an app or even to unlock the phone to enable this, and the user is ‘informed’ of payment completion by the phone beeping and/or vibrating.

Using the Apple Watch, the payment will be enabled by holding the device near to the reader and double-clicking the appropriate button (although this facility will not be available until 2015). Making use of Near Field Communication (NFC), the new payment system is described by Apple as easy, secure and private.

Recent reports have suggested that Apple initially wished to join forces with well-known online payment provider PayPal, to start a service which would be considered more trustworthy by users – and which would also open doors when it came to working with numerous retailers. PayPal is generally ahead of the curve in terms of mobile payments, allowing the use of QR Codes and able to work with near field technologies of various kinds – making them the ideal bedfellow for the launch of Apple Pay. However, despite Apple’s early enthusiasm, the deal did not go ahead: rumour has it this was due to the fact that PayPal had already opted to work with arch-rival Samsung on their S5 fingerprint scanner.

Given that contactless card payments are now quite popular among shoppers and retailers, it’s likely that Apple Pay will gradually become more widely used and will pave the way for similar provisions by rival mobile brands. Individual users may find this allows them to keep tabs on their expenditure quickly and easily – but how will this influence the management of Bring Your Own Device (BYOD) or Corporate-Owned, Personally-Enabled (COPE) plans? With the limited information available so far, this is hard to determine, but we look below into some issues which will need to be addressed for Apple Pay to work in a mobile enterprise:

Multiple accounts – if a device is owned for both personal and business use, will users be able to use more than one account for payments? If so, how easy will it be to specify which to use (will the opening of an app be required, thus making Apple Pay less convenient?) and how easy will mistakes be to track and correct?

Payment information – If a device is used for business and personal use and detailed bills are provided, will these be made available to employers without user amendments? Many employees will not wish employers to have access to all their transaction details, and employers will not want information about business spending potentially hidden.

Security – if Apple Pay is to be used to make business payments, the company will need to reassure corporate clients that the security offered is effective and that, if a device is lost or stolen, the facility can be halted remotely with immediate effect.

Once these enterprise queries have been answered, more and more business users may begin to utilise Apple Pay. Some may have security fears – but how much more or less secure will this method prove to be when compared with contactless cards and the provision of cash? It remains to be seen.

Thanks to Anne Britton for the post !

Posted in apple | Tagged , | Leave a comment

The 5G Race is on !

WIFIThe 5G Race Is On

How will the fifth generation of mobile network change the world? Well the race is on to find out, but by recent estimations 5G will run much, much faster than its 3G and 4G counterparts.

Professor Rahim Tafazolli leads the UK’s multimillion-pound government-funded 5G Innovation Centre at the University of Surrey and says: “5G will be a dramatic overhaul and harmonisation of the radio spectrum.” In other words, 5G will be the solution to current problems with connection speeds and reliability.

3G was first introduced to the UK in 2003 and since then it has taken 10 years for the development and roll out of 4G. Despite 4G not being abundantly available in the UK, there is much excitement about the potential for 5G and its increased capacity. The much-discussed Internet of Things (IoT) is expected to flourish when 5G is actually able to support the expected 26 billion connected ‘things.’

Hand-in-hand with IoT comes developments in Machine-to-Machine (M2M). M2M communication has expanded vastly over the past 50 years and the amount of power and time needed for information to be communicated between machines has reduced dramatically. For the purposes of tracking assets and collecting data from equipment, a 5G connection just isn’t currently deemed necessary.

Primary applications for M2M networking do not require much capacity or speed to send small amounts of data. We deal with clients using SIM cards in elevators to text back diagnostic messages and vehicles to send their location information. It is when enhanced applications are developed that solutions will eventually require a transition to faster, higher capacity networks, ultimately leading to an increase in cost.

It is important to remember that many technologies are competing to dominate the Internet of Things market. Gartner analyst Nick Jones said to Techworld this month: “I expect that the overall IoT networking space will remain very confused for several years, and at least 10 different networking technologies will gain significant traction for IoT applications.” For example, the LoRa Alliance promotes the global standardisation of LPWAN (Low Power Wide Area Networks) protocol specifically to power M2M networking and IoT.

Although it will likely be years before the standard of 5G will be established, expectations are being set high. There are claims it will be ‘unbreakable’, ‘more energy efficient’ and ‘more cost effective’ than its predecessors. However, this level of ambition requires funding, innovation and importantly, government backing.

Practical considerations for M2M today are; how do I keep track of which SIM is in each device? Or should SIMs be activated on order and can they have a multi-state capability? The answers involve integrating network technology into these business processes and this is where a good partner can help !

More to come but it certainly will be exciting !

Thanks to Ben Mendoza for the post!


Posted in Cloud | Tagged , , , | Leave a comment

Network 2020

Fixed Mobile Convergence and Network 2020 – The Next Steps in Telecommunications?

As technologies adapt, so must their providers and users.

For a number of years communications options have been somewhat fragmented, with options for web-based video calls, mobile calls and traditional wired landline calls co-existing. While this provides choice and is important to avoid the complete absence of the ability to communicate if one system fails, there is a move amongst mobile providers to unite forms of communication on mobile phones and tablets to increase efficiency and reliability.


Encouraged by the GSMA, the concept of all IP mobile communications is addressed in their Network 2020 initiative. Started in 2010 with the ambition of encouraging and assisting mobile providers to adapt to a world increasingly reliant upon improving internet provision, Network 2020 marks a major change in telecommunications.


Underpinning Network 2020 is the fact that mobile providers need to change in order to remain competitive – consumers require reliability, and many of the legacy systems used by providers are outdated and require improvement. As time progresses, internet-based systems will allow what is referred to as a ‘mesh’ based system. This will provide the best in reliability as connections can be re-routed quickly and efficiently around any problematic network areas, increasing communication speed and quality. As bandwidth provision increases to meet demand, the quality of video conferencing will also improve, making such options more popular with organisations of all sizes.


Traditionally, internet communication has centred on Voice over IP (VoIP) and Voice over WiFi (VoWiFi) methods but, as connectivity improves with the introduction of faster broadband in the form of 4G (and because mobile communications such as SMS and voice calls need to remain a source of revenue for providers) attention is now focused on options including Voice over Long Term Evolution (VoLTE).


This will allow calls to occur via any of the given options – and provide the capability to switch between these options depending on availability and cost, enabling seamless, cost-effective services. Called Fixed Mobile Convergence (FMC), the technology is to some extent in use already, although its definition appears to vary between providers and the infrastructure and handset technology modifications required to allow it to function most effectively will take time and investment. The ability to provide users with the service they need, when they need it, is the holy grail of telecommunications and it appears that – if providers work together (and that’s a large “if”) – this will become a distinct possibility.


As with any method of mobile communication, the move to FMC with IP, LTE and WiFi services will have implications for Telecom Expense Management (TEM) – in particular, for Bring Your Own Device (BYOD) and Corporate Owned, Personally Enabled (COPE) plans. It can be a challenge to track business voice and video calls in order to ensure employee obligations are being met and the amounts paid for phone services are accurate, especially for organisations operating on an international level. As with any area of business, it’s important the best value for money service is sought in telecommunications expenses – another reason why TEM can prove invaluable.


As it stands, integrating the new communications infrastructure as outlined in Network 2020 could fully enable FMC and prove to be a great boon to business, with reliable, high quality communications available on the move. Although it may seem as though telecoms are increasingly costly, it is likely that improvements to services will see a significant increase in value for money, as users get more from their spend.

What say you ??

Thanks to Anne Britton for the post !
Posted in Uncategorized | Leave a comment

Network Security “Worst Practices “

Network Security 1Here’s a post from Andrew Lerner of Gartner !  Good Read

Network Security “Worst Practices”

by Andrew Lerner  |  January 15, 2015  |  Submit a Comment

Network security comes up in a lot of my client interactions, as there is a ton of overlap between networking technology (data center, wan, campus networks) and network security (firewalls, SWG, NAC, IPS etc.).

Sometimes, networking and security teams are very well-aligned, but often times – not so much. This got Jeremy D’Hoinne (Gartner colleague who covers Network Security) and myself thinking, and we decided to publish research on the 12 most common “worst practices” in network security. These dirty dozen include:

  • Shiny new object syndrome
  • Culture of no
  • Insufficient focus on users and business requirements
  • Defense with inadequate depth
  • Organizational misalignment
  • Suboptimal branch architecture
  • Security blind spots
  • Uncoordinated policy management
  • Noncompetitive vendor selections
  • Hazardous network segmentation
  • Inadequate end user education
  • Inadequate security event management

For each “worst practice”, we provide a definition and real-world examples, identify their impact, and provide specific guidance to avoid them. Here’s an example (a snippet from the research), which is one of my personal favorites:

Shiny New Object Syndrome (AKA “best of too many breeds” and “technology of the year”)

As technologists, IT personnel are encouraged to look for technical solutions to problems. This mentality is further encouraged by vendor hype and marketecture, with many vendors claiming “this is the last tool you’ll ever need,” or “this is the year of X.” However, in many instances, new technology products or services are not the ideal solution.

Instead, changes to policy/process, leveraging an existing technology and/or simply waiting will achieve a similar impact. In many instances, avoiding acquiring new products can simplify the technical environment and reduce operating expenditure/capital expenditure (OpEX/CapEX).

Action: Gartner recommends that CISOs foster an organizational culture that addresses the following questions before introducing any new technology:

  • Can the root issue be addressed via a policy or process change?
  • If we wait a year, will this become a commoditized capability from established providers (or my existing providers)?
  • Do we have existing network, security, or management capabilities that can address the bulk (i.e., 85%) of the technological requirements?
  • Do we have the right process and staff expertise to properly leverage the new technology?

You can check out the full research here:

Avoid These “Dirty Dozen” Network Security Worst Practices

Summary: This research identifies 12 commonly observed network security practices that reduce network availability, increase expenditure or risks, and alienate end users. CISOs should avoid these practices, and they can do so without sacrificing security posture or breaking the bank.

Thanks to Andrew for the post !

Posted in Cloud | Tagged , | Leave a comment

Happy New Year !

Times Square2015 has arrived !

By all accounts it’s looking like a year with much promise ! The economy is doing better, employment is up and in a few weeks we can start to think about baseball and our beloved New York Teams !

This is the year you need to continue to build your strategies for the future

Areas that we see getting a lot of attention are :

Security- are you protected ?

Cloud strategies- will it really reduce my cost ?

Managed Service- Op X vs Cap X

Trade Shows- Is it time to budget for a few

At Web Associates LLC we decided this is the year of Quality not Quantity ! We are putting more focus on less programs..

No matter what your game plan it looks like a good year to move the yardsticks forward !

Have a Happy and Healthy 2015 !


Posted in Uncategorized | Leave a comment

BYOD : Do’s and Don’ts a year later !

iPhoneBYOD: Dos and Don’ts

Executive Summary

Consumerization of enterprise IT promises to lower costs, increase agility and produce other benefits. Increasingly, consumer technology sets the agenda for the workplace. This trend is driving employees to demand Bring Your Own Device (BYOD), Choose Your Own Device (CYOD), Corporate Liable Employee Owned, (CLEO), and Corporate Owned Personally-Enabled or COPE programs.

Corporate Liable, BYOD, CYOD, CLEO, COPE Defined

Corporate Liable with this approach, the employer is responsible, or liable, for the expenses on the bills. While this paper focuses on BYOD and other approaches some employers are seeking to maintain the integrity of corporate liable strong programs. Upgrading an existing system would include call tagging so employees can identify their personal and corporate calls and contacts. This information can be used for employee payroll deductions and reimbursement. Call tagging is critical for Value Add Taxes (VAT). It is necessary for firms to show demonstrable auditing that personal use is not permitted and private calls must be accurately demonstrated so that they can be deducted from VAT reclaim. Another option is using a dual SIM device – one for personal and one for corporate, on the same device. A dual persona configuration can distinguish between corporate and personal use.

In the context of telecommunications, BYOD is any device (smartphone, cell phone, tablet, notebook or PC) or application (mobile app or cloud based application) that accesses corporate networks through the use of telecommunications services. The corporate network includes corporate internets, corporate intranets and carrier services purchased by the corporation, local networks, guest networks or core networks with SIP or VoIP services that are controlled by enterprise, ISDN or next generation MPLS services.

Choose Your Own Device or CYOD is similar to BYOD, but it implies that employees can only use devices and applications from a list that their employer has approved.

Corporate Liable Employee Owned or CLEO is an IT business strategy where employees own devices, which are paid for by the employer. Ultimately, the employer is responsible or liable to pay the contract for monthly services.

Corporate Owned Personally-Enabled or COPE is the opposite of BYOD. Instead of making corporate functions work on personal devices, COPE enables personal use of company devices for personal activities including social sites, e-mail, calls, etc. Employers provide employees with devices and applications and the company maintains ownership. It is able to leverage volume discounts for purchase of the devices, services and management. The employer also has more control to secure devices.

Of the four alternatives to corporate liable, BYOD is the most widespread and impossible to ignore. TEMIA members report that 48% of their clients have adopted it and another 20% are evaluating it. BYOD also presents a contradiction. It would appear to release employers from expenses providing and managing devices and applications, but it doesn’t. TEMIA members have found that for clients that implement a BYOD strategy, 69% report that costs are either rising or about the same.

Key Challenges

  • Internal politics create an environment where it is difficult to properly address BYOD challenges.
  • Most organizations will have more mobile devices that access their corporate network than PCs.
  • BYOD programs present new challenges for security, employee privacy, legal considerations and lost productivity as employees deal with technical problems and runaway expenses.


  • Control is still necessary, but an “all or nothing approach” is not possible.
  • Employers must update their mobile policy to specify: who is eligible, what devices and applications are permitted to access the network, when, where and what data employees can access with BYOD.
  • TEM, WEM and MDM programs can help manage BYOD programs by automating efforts to determine eligibility, program enrollment, tracking devices, applications that employees want to use and sign-off to abide by BYOD policies.
  • With constantly changing consumer technology, managing BYOD isn’t a one-time job. Companies need a combination of technology and resources to identify when employees fail to comply with BYOD rules.

This paper provides insights into the challenges of BYOD for telecommunications devices and applications with a prescription of dos and don’ts. Readers will gain knowledge of the specific recommendations for managing expenses, security, privacy, employee productivity, technical issues and more.

Don’t Ignore BYOD

Employee demand for BYOD is identified by 45% of respondents as one of the primary reasons for implementing it. The other key drivers reported in TEMIA’s survey include desire to reduce costs, with 43% of enterprises seeking to reduce hardware and service costs and 13% of enterprises seeking to reduce mobile support and staff hours. With employees demands, ignoring BYOD is not an option.

Employees may simply bypass official corporate policy and use “shadow” technology that has not been approved. Managers cannot ignore threats from security risks, theft of intellectual property and runaway expenses from BYOD. Everyone is an expert at thwarting corporate policy. So managers need to learn the ways which employees at different locations or divisions are circumventing corporate policy to use personal devices and applications at work.

In addition, employers are ultimately responsible for protecting intellectual property. The United States, Australia, Britain, France, Germany, Ireland and Spain either have or are developing stiffer enforcement and penalties for breaches resulting in exposure of personal information. Spain can impose fines up to €600,000. France’s cap on fines is €150,000 for a first offense, plus five years in prison. German data fines can reach €250,000 and in the United Kingdom, fines are unlimited. Japan imposes fines of 300,000 yen and up to six months in prison. Google and Facebook face fines up to $1.1 million and other sanctions for privacy lapses under Australian privacy laws.

BYOD programs raise new concerns for CEOs and CFOs of public companies that need to attest to the adequacy of their U.S. Sarbanes Oxley internal controls. Financial and medical records also have special safety protections. BYOD programs also raise issues for firms with employees that may have health care records on their devices. The Department of Health and Human Services is conducting audits for compliance to HIPAA and HITECH. Massachusetts General Hospital settled a patient-privacy complaint for $1 million after an employee left patient records on a subway car.

Violating data privacy law imposes costs beyond financial penalties. Firms face damage to their reputation and loss of business for data breaches.

Do Consider Legal Matters for BYOD

Legal Matters

Blurring of personal and private information on employee owned devices and applications raise new legal matters.

  • What happens if the IT staff needs to get corporate data from an employee’s personal device and they discover intellectual property employees should not have?
  • What if there is evidence of a crime or inappropriate photographs?
  • Does the IT team have permission to conduct e-discovery on personal data?
  • Are findings admissible in court? Is this a violation of employee’s privacy rights?

Is the company responsible if a terminated employee’s personal data is deleted when their device is remotely wiped?

Getting legal counsel involved in the planning stages of BYOD policy updates and throughout the roll-out address legal issues. The right approach balances risk and convenience with corporate culture and willingness of executives to support it. Mobile policy must define what employers are allowed and not allowed to do, and what happens if employee owned devices have inappropriate material.

BYOD policy should also clearly identify who is eligible, what devices and applications are permitted to access the network, where and when they can access it and what data employees can access. Managing BYOD programs requires technology and people to identify when employees fail to follow the rules and the consequences. This can range from ending employees’ BYOD eligibility to termination.

Don’t Think in Absolutes

BYOD does not have to be an all or nothing proposition in which all or no employees are eligible. TEMIA members report that for clients that implement a BYOD strategy, 88% have adopted a hybrid approach with some employees that continue to have a corporate liable program and some that are eligible to use their own device under an individual liable, CYOD or CLEO program. Only 12% of enterprises are transitioning all employees to a BYOD or CYOD program. There are three primary reasons for these hybrid programs. First, corporate ownership with a common platform and standardized applications provides better control for employers that need to protect critical intellectual property or sensitive customer material on employees’ devices or applications. Second, corporate ownership may also avoid the perceived blurring of personal and private data ownership with these employees. Finally, employers are also adopting hybrid programs because they want to offer flexibility to those employees who have not been eligible for corporate paid devices and are not likely to have sensitive material on their devices that may benefit from BYOD programs. At the same time, these employers are recognizing that BYOD, CYOD and COPE, CLEO programs may lead to higher costs.

Don’t Expect to Save Money

Justification for BYOD programs usually start with cost savings from shifting costs to employees for devices, carrier service charges, applications, management of security and help desk functions. These savings are proving to be elusive. TEMIA members find many enterprise clients are actually spending more after implementing BYOD programs.

First, in most organizations, only a select group of employees is eligible for corporate liable or employer paid services and devices. These are typically executives, field service personnel, sales people and other road warriors that need mobile devices to do their jobs. With BYOD, people who previously were not eligible to have a corporate paid device are receiving reimbursements or stipends for their expenses.

A second development is the shift of charges back to employers on expense reports. Since the monthly charge is small, no one questions when employees slip it into an expense report. Mobile expenses in BYOD programs do not have the oversight of a TEM or WEM program. Corporate managers that sign off on expense reports lack the tools, expertise and time that are needed to effectively scrutinize mobile expenses.

For enterprises that implement a BYOD strategy, TEMIA members report that only 5% of firms do not reimburse employees for their monthly service fee expense. The majority, 95% either provide a fixed stipend (63%) or allow employees to be reimbursed through an expense report (32%).

A third reason for rising costs with BYOD programs is an increase in the charge per employee. Many employees are selecting more expensive plans with unlimited or bigger allotments of voice and data services to avoid overage charges. These plans are more costly compared to corporate pooled plans and plans with smaller allotments, which are more appropriate for employees’ business needs. Employers are also likely to incur higher expenses when employees travel internationally because they may not proactively obtain the best service plans or they don’t have the knowledge to do it ahead of time.

Do Budget for Additional Complexity and Security Costs

Additional complexity from more devices, operating systems and security risks present new challenges that managers at all organizations need to plan for in their budgets. Malware and viruses on smartphones are increasing. Spyware can steal personal information and send it to third parties, malware dials premium 900 numbers and viruses plague devices. Costs to provide security and help desk support are higher than expected as more employees use a wider range of devices and applications. Trying to solve BYOD problems with endpoint protection software, policy enforcement, data leak prevention software and runaway expenses may work for most corporate IT, but it doesn’t work with telecommunications. BYOD programs for telecommunications present thousands of variations of smartphone operating systems and applications.

Do Consider What Capabilities You Need

Common misconceptions for BYOD mistakenly promote the belief that enterprises are free from managing expenses, security and policy enforcement. When employees use devices and applications for work, it is natural for them to charge the costs back to employers on expense reports. In addition, there are security risks when employees connect their own devices and applications to corporate data and access it anywhere.

Employers can try to mitigate security risk by limiting what employees may access and providing dedicated servers for BYOD e-mail. They may also try to limit the BYOD program to employees who are unlikely to access intellectual property or sensitive customer data. Ultimately, the old approach of creating a wall around corporate data is dead. Employers can also expect loss of employee productivity when employees’ BYOD devices or applications are exposed to security threats and they have technical problems.

The BYOD phenomenon creates problems which require consideration of new capabilities, which can be grouped into three main categories:

  • enrollment, program management and expense control
  • security
  • policy enforcement

Enrollment, Program Management and Expense Control

TEM, WEM and MDM programs can help manage the transition to a BYOD program and on-boarding of new employees. Deployment of new devices isn’t a one-time job. A web portal can automate the process for tracking employee eligibility, program enrollment, applications, devices, and sign-off that they will abide by BYOD policies.

Employers gain better visibility for all telecom expenses with stipend reporting when TEM WEM and MDM programs are integrated with BYOD programs. Interfaces with accounting systems can gather information from employees’ expenses to identify what is allowed and what cannot be expensed.

Employers may also wish to consider a system that alerts employees and telecom managers when consumption of a data or voice plan is close to its monthly allotment or other capabilities to manage international roaming charges. Finally, look for reporting that can identify when new devices are provisioned, apps which are out of compliance and devices that have not checked in after an extended period of time.

Smartphones and tablets like PCs, and data that resides on those devices, must be protected. There are a several areas of vulnerability. One is the physical loss of equipment, when an employee leaves it somewhere or it is stolen. The second security risk includes spyware, malware and viruses. This can result in a network of devices programmed for malicious activity such as stealing data (customer credit cards, patient records etc.) or crashing a corporate network.

Every device manufacturer supports encryption, but the levels differ. Some MDM providers have the ability to encrypt specific files, folders or company data. Also, providers can now place corporate data and applications in a secure environment or sandbox. Partitioning allows employees to separate work and personal items.

Some MDM providers are offering browser security. Mobile web browsing can be filtered to lower the risk of attack on a device. Web filtering tools can block access to potentially dangerous or non-work-related websites. Intrusion-prevention software tools can block network access for noncompliant devices. In addition, some security now helps screen devices for malicious apps.


Some apps every employee should have. Others must be banned. Application filtering with white lists and blacklists can control this process based on the device and operating system. Enterprises may want an application store for in-house custom apps and preferred apps, In addition, Apple’s and Google’s approval processes might take too long or there may be reasons to avoid releasing an app in a public app store that competitors can view. MDM support for installing custom apps and setting up a company app store experience will be important as well.

Policy Enforcement

Before managers update their mobile policies, it is necessary to learn the ways which employees at different locations or divisions are circumventing the program. An enforceable policy can help secure corporate data on personal devices. This may require a policy to lock devices after several failed attempts at a password and a “kill switch” that can remotely wipe the data if a device is lost. Some MDM providers are introducing data monitoring capabilities that provide reporting on what data is moving to and from the device.

Location capabilities with “Geofencing,” can detect when devices leave certain geographic areas and take action to secure them (such as locking or remotely wiping data on the device). In some cases, a camera can be locked when employees are in the office or other locations and released for personal use when they are home. Unfortunately, privacy laws add complexity for firms in some countries that prohibit location tracking and use of these features.

Next Steps

  • Decide how many forms of BYOD that you will support
  • Determine the device scope: Will the BYOD program support tablets, smartphones, PCs, applications or a combination of these items?
  • Will the BYOD program apply to a secondary device, or is it for users’ primary devices as well?
  • Consider the benefits of supporting a mix of enterprise-liable, bring-your-own and hybrid models.
  • Determine when, how, and how much you will subsidize business use of personal devices.
  • Working with HR, your legal department and your corporate risk organization, understand how tax, privacy, legal liability and labor relations impact the program.
  • Determine who qualifies for a usage subsidy and how it will be paid (allowance, stipend, voucher or reimbursement program).


Where does your company stand on BYOD today? If you do not define a BYOD policy, employees will bring their personal devices and applications to work. A SANS Institute IT Survey identified that 91% of respondents were not fully aware of mobile devices on their network. Tools are necessary to ensure that employees do not bypass official corporate policy and use “shadow” technology that has not been approved.

Mobile devices and PCs are often considered together for BYOD considerations, but the challenges and how they are used are quite different. PCs can function as stand-alone devices that are not networked, while mobile devices are part of a dynamic, real-time collaborative ecosystem. Nearly all of their value comes from connectivity.

The lifecycle for smartphones and tablets is a relatively short period of 12 to 18 months. With the flood of new consumer devices coming to market and short lifecycle, implementing BYOD is not a one-time job. Each new product needs to be tested to determine its security risks. Managers must define their security controls, management controls and provisioning and de-provisioning or retirement process.

It is easy to get distracted in reviewing new offerings, or other functionality that might be cool and interesting. Keep these in mind, but begin with your specific users because new features and offerings may solve completely different needs and goals for other users. Determine what problems or needs you need to solve. Invest in a sustainable user-centric approach.

Balance strategic and experience objectives. Also, consider the potential economic impact (both positive and negative) in adopting a BYOD policy. Consider the use case and how employees will use different devices, data and apps. As TEMIA’s survey found, most organizations are using a hybrid model for individual libel and corporate liable rather than an all or nothing approach.

Managers should also be sure to factor all the costs to support multiple platforms. Placing limits the number of devices and applications that employees can use will help limit the security risks and costs of the program. This is where a CYOD program that limits the number of approved devices and platforms may be more realistic compared to a free ranging BYOD program that allows employees to bring any device. The key is to find a balance between employee demands for choice, freedom and privacy with corporate concerns for control. Too much control will lead employees to circumvent the system and limit its effectiveness.

A smart BYOD program will find the right balance while addressing security, concerns for theft of intellectual property and runaway expenses. These risks may be lower for employees who are less likely to have valuable information on their device. The incremental costs of BYOD for these employees may be lower than it would for executives and other employees who require higher levels of security. This sort of calculation is the basis for determining which employees should be eligible to participate in a BYOD program. These considerations can also help determine standards for which personal devices and applications they can use.

Once these decisions are made, create a policy and determine the capabilities that are needed to manage the program. BYOD policies should not be overly restrictive. They must align with corporate culture. To address the challenges, include education, mobile policy, and technology that is backed by subject matter experts. In addition to understanding how it will work, employees need to recognize the consequences if they fail to comply with policies. They should also know that tools are in place to help enforce mobile policy and monitor compliance.

TEM, WEM and MDM programs can help manage BYOD programs by automating efforts to determine eligibility, program enrollment, tracking devices and applications employees want to use, and sign-off to abide by BYOD policies.

Financial executives need to see beyond the hype and recognize the true costs of supporting BYOD, managing compliance, security risks device and monthly service plan reimbursements and rogue expensing of charges. All of this may make a BYOD program more expensive. After BYOD is debunked as a cost saving initiative, managers may find that there are still compelling reasons to move forward with the program for some employees. Some organizations may want to give their employees more freedom and others may see increased worker productivity.

One of the biggest surprises is that organizations need to budget for BYOD programs. As these programs evolve, organizations are beginning to realize that they need to plan for the extra effort that BYOD, CYOD, and CLEO programs require.

Thanks to MDSL for the post !

Posted in apple, Cloud, Internet, iphone | Tagged , | Leave a comment

Is Cloud migration really best for your business ?

Photostogo-509807Is Cloud migration really best for your business?

Investment in cloud technology is expected to grow by more than 300% over the next three years as the amount of money dedicated to cloud spending in IT budgets increases. Cloud adoption is heavily discussed and researched, and that’s because the options are so varied and the consequences of choices have such a great impact on businesses.

Gartner recently identified from a survey that buyers of cloud applications are focusing on cost, innovation and agility as reasons for adoption, with 40% saying that overall cost reduction is the main driver. These stats were definitely reflected in a recent event hosted by AOTMP (click here to watch the webinar).

They discussed the enterprise drivers for implementing cloud services and the security and privacy concerns it presents.  “Should security be a concern for new installations?” and of course the answer is yes ! If you’re recording conversations in the cloud, the security of that data is sensitive. In our experience when deploying unified communications (UC), integrating real-time communication services in organizations, availability is often seen as an equally important concern. Security in the context of mobility is business critical for the organizations we work with and the loss of any data would be damaging.

Gartner’s research revealed a notable disparity between the thinking of senior IT leaders and non-IT business leaders. Those in IT roles were looking for a ‘modern, innovative IT environment with operational agility with business objectives as key outcomes’ from the cloud. Non-IT personnel on the other hand see cloud migration as a cost saving exercise.

VoIP and UC applications are becoming tied to the cloud and the telecom environment is becoming heavily IP based. This shift infers a responsibility to IT and telecom managers, who are still identified as the group responsible for owning cloud management in organizations. They need to focus on management and skills development to design a strategy capable of deploying a cloud solution effectively. It’s where the non-IT leaders need to gain a better understanding of UC and cloud technology, beyond the obvious cost savings.

Cost savings are usually significant when the correct solution is implemented globally. Most teams often leverage a hybrid solution, a mix of integration and migration, utilizing a private and cloud based approach. This avoids a rushed migration to a full cloud support and the potential complications it entails.

Deployment times are a serious influencer when it comes to deciding on the best solution. For smaller companies they can often jump straight into a UC hosted environment in the cloud as they have an enormous amount of flexibility and they benefit from the wide range of services and devices which such a migration offers. Our work with large multinationals has given us a first hand insight into how best to support organizations during this transition period from private networks to cloud services, understanding the business critical nature of the solutions we deliver.

Benefits beyond cost savings that  clients have experienced include tech advances they hadn’t anticipated such as; improved collaboration, better customer services, audio/ video conferencing made easier and a reduction in the amount of support and maintenance effort required from internal staff.

Another interesting discussion during the AOTMP webinar was around the next evolution of UC.  The Internet of Things and wearable devices are already expanding the world of UC.

Organizations are also looking for further benefits from the cloud, such as increased capability for employees working from locations away from the office or at home. They’re looking to expand existing capabilities and it’s all about enabling flexibility whilst maintaining security.

What are you doing with the Cloud ?

Thanks to Ben Mendossa and AOTMP for the post !


Posted in Uncategorized | Leave a comment