Bring Your Own Device

At BIDMC, I oversee 10,600 desktops and 2000 laptops. They are all locked down with System Center Configuration Manager 2007 and McAfee ePolicy Orchestrator.

Given that most of our applications are thin client and web-based, we can stretch the lifetimes of our desktops to 5-6 years and our laptops to 3-4 years. Capital funding puts limits on how much hardware we can buy and how long we keep it.

Like many IT departments, we have to balance many priorities - security, cost, software compatibility, performance and the user experience.

This balance means that the locked down, image managed, economical device provided by the IT department will almost always be older, lower powered, and less capable than the device in your home.

The same is true of mobile devices like Blackberries which are a one time purchase and are only replaced when they stop functioning.

Consumer devices are more than just technology, they've become lifestyle accessories. Are you an iPad2 or a Macbook Air 11 person? Does Android tickle your fancy or are you holding out for the Samsung tablet with Windows 8?

The cost of these devices is low enough that consumers can buy them on their own and may upgrade yearly as new models are released.

All of this has led to the BYOD movement - Bring Your Own Device to work.

One of my passions as a CIO has been to create web-based applications that run anywhere on anything. That approach has enabled our applications to run on every version of the iPad, iPhone and iPod touch as well as Android and Blackberry devices like the Playbook.

However, I'm also accountable for the privacy and security of each byte of person identified data and we have over 1.5 petabytes to protect.

The internet is an increasingly hostile place. Clicking on a picture of Heidi Klum results in a 1 in 10 chance that your device will become infected.

Online apps distributed via social networks are filled will malware.

Hacked websites can bring malware onto our device. A CIO at the recent Information Week 500 conference described that hackers inserted malware, which was only one pixel by one pixel, into a public-facing website his lab supported. All internal users who browsed to the website and did not have the latest version of Adobe Flash were infected. Once infected, their workstations scanned for other vulnerabilities on the network.