Some thoughts on another form of the Bring Your Own trend that you may have missed and how to take it one step too far (although this is probably already happening). A mobile hotspot, a strict web filter and an a social networker inadvertently crack a hole in IT policy.
Last week I was doing a tour of the UK seeing friends and generally having fun. I met a friend of mine who happens to be a gadget geek, he has everything for the latest TV to a thin tablet device. We got to talking about how his wife uses the tablet and where and she said that she’d love to use it more at work, but her company ban anyone from attaching devices to the network. Incidentally they also ban Facebook, YouTube and other “fun”, non-work stuff.
She still takes this device to work though, and just occasionally takes work home on it – I found how fascinating.
My friends company aren’t entirely stuck in the dark ages, so they give her a laptop (it’s black and boring but solid) but it gets locked in her desk drawer over night because it’s too heavy to bother taking home. They do let her take it home and to enable that she can connect to WiFi networks of her choosing.
When she does take it home it works just fine on their home network (which by the way is 50mb fibre and faster than the office).
She wasn’t overly impressed by the idea of the tablet when they first got it, so to save money she insisted her husband only got the WiFi version, which he did. A couple of days later they realised it was a bit limited when they went away with the kids for a few days camping so they got a MiFi adapter and were happy campers again.
A few days later she took the tablet to work, along with the MiFi adapter and was using it at her desk to check Facebook etc. So that policy of stopping access to Facebook because it distracts employees just shot out of the window. Nothing new there, she’d had a smart phone for a while and had been doing that anyway.
Then it happened. A brain wave. She connected her work laptop to the MiFi and got on Facebook. You see the company does require everyone to go through a proxy to control access when they’re on the work network – very sensible for security and stopping dropped productivity of employees. The proxy was set to autodetect because people with laptops go mobile. Then she worked out that she could get to her web based email too, so she emailed over some work documents and received them on her tablet.
I found this interesting because rather than just taking her own device to work, my friend took her own network.
It’s worth pointing out that this is no different to her going into a coffee shop or using her laptop at home. She can still get to “fun” sites in both of those cases too and she can still email documents home, the difference being that it’s now easier for her to do, she doesn’t need to lug a heavy laptop home.
What could IT do differently: they could manually (group policy) set the proxy and force everyone through the VPN, but what would that achieve…no access to “fun” sites, yes. It would also mean the end to their mobile working policy since so many coffee shops and hotels require you to sign into a webpage to gain access to the Internet.
Really what IT need to do is review their mobile working policy and their web access policies and make them congruent. IT rules have gotten in the way of the user, who found an easy way around the policy.
I wonder what else you could do by taking your own network to work…
Ok if this was was me I’d do one thing more than my friend, I’d go into the network adapter order and make sure the wireless NIC is of higher priority than the wired NIC, then I’d plug the laptop into the wired network. What would happen? My internet traffic would route through the MiFi and my local network traffic would route through the wired NIC, I’d have free reign to get to anything on the internet and my work network.
Things would get seriously hinkey if I bridged the two networks, but I might not bother to do that.
So if you’re blocking “fun” sites, are you really blocking them or making users more “creative”?