BYOI (Bring Your Own Identity): The “Dropbox Effect” and the who owns what dilemma.

0 Flares Twitter 0 Facebook 0 LinkedIn 0 Buffer 0 Email -- 0 Flares ×

BYOI is a series I’ve decided to create to “talk” about #identitymanagement so it is about #security, #governance, #management and many other aspects of the #IAM realm.

This morning I was reading two of incredible posts (oh gods of the bloggers why I’m not able to write so well…oh yeah ‘cause it’s me!) on two apparently different topics: the dropbox effect and the unicorn poop.

I’ve been lucky enough to be part of the twitter discussion to which the second posts refer and I agree that often, wrongly, people refer to BYOD mainly as an ownership problem. As well said by Brian Katz:

The whole point though is, who cares who owns the device. The goal is to enable the people to be productive. You build it around mobile, not BYOD or COPE (Corporate owned personally enabled).

Brian Katz – A screw’s lose “just ramblings of a nutter”

So the first question to myself has been:

If ownership is not the point when it comes to mobility and make people more productive why everybody still talk about “the ownership dilemma” so much?

Let me use Marcus Aurelius :

Everything we hear is an opinion, not a fact. Everything we see is a perspective, not the truth.

What we have here: companies allow BYOD (Bring your own devices) or decide to go for a COPE (Corporate Owned Personally Enable) Policy so the ownership problem is quite clear here and, as before mentioned, it’s not the point.  But so why people seems to be so worried about the ownership things? what makes them thrive when it come to decide if use personal owned device or  build a policy who allow use to the  company owned device for a personal use?

The second post (actually the first in the list) describe the so-called “Dropbox effect”. Here’s a short extract from it:

The Dropbox Effect does not mean that IT must acquiesce  to the inevitability of accepting any IT product that users find themselves; quite the opposite in fact. It means that IT departments must be better at discerning which consumer products contain unacceptable risks, analyzing what individuals use and how to determine what they really need, and nudging users towards tools that make sense.

Jeffery Mann – Gartner Blog

The dropbox effect is basically the idea that if I, as a BYOD/COPE user, find an application that suit perfectly my need and this application will suit the needs of my colleagues too, the IT will end up to allow the use of it question less. It’s like to say that the IT merely accept or should evaluate everything proposed by the “owners” of the devices not because of it’s real value but just because the end-users find it “useful” in that specific point in time.

This lead me to the second question:

Is there an ownership dilemma? In other terms to what the term “ownership” refer when it comes to BYOD or COPE policy devices. What must be considered as personal and what as company owned.

So my answer is, yes there’s and ownership dilemma and every time a company decide to embrace the BYOD path or to build a  COPE policy clearly write down an “ownership definition” that for some.

Looking at both question now I may see the connection:

First of all I need to define what is the “ownership” and what I own exactly as a user or as a company.

The ownership BYOD definition:

I own the device and all the “personal” applications in it. With personal application I  mean every application that my company will not “allow” and consequently “manage”.

So I am  free to propose every “top trend” kind of application but this will  not entitle me to use it  for my work since the possess of it does not mean I own the right to use it in my company environment.

The  ownership COPE definition:

I own the applications I download on “my” company device but again the ownership of them does not entitle me to use them in a company environment neither give me the right to claim their use for my work.

Again the ownership of an application means only I make any use of it if inside the perimeter of “personal” use, that means that if I use it for my job as employee I am fully responsible of what I am doing.

The ownership dilemma is like that old game where one decide a phrase and then whisper the phrase to the friend near him changing the phrase a little bit…friend after friend the entire phrase is changed and what we ended up is a distort  version of the original phrase.

Beside the funny side of the game what we see is that exactly as in the game the misunderstanding in the “ownership” dilemma of the persona devices is just related to a simple definition of who owns  and consequently how the “consumerization” of the message can easily become a “dropbox effect” .