Vendor Audit Risk Implications of BYOD

Governance IT Asset Management Risk & Audit | 0 comments

by | November 4, 2014

BYOD (bring your own device) is the latest challenge in the already challenging world of software and licence management. As the use of tablets and smart phones has exploded, so too has the use and application of them in the workplace. Work-based apps make life easier for employees and help to automate and significantly contribute to a working day’s output, but are the apps and all the mobile devices employees operate properly licensed for the workplace? Software that may be freely licensed for home use could attract a licence fee if used in the office. Who knew this? Who’s tracking mobile device software use? Welcome to BYOD, the latest test in software asset management!

Tracking software on mobile device, its use and knowing whether the appropriate licence has been purchased is a very tricky undertaking requiring experience and a deft hand. However, with sensible forward planning there are solutions to this vexatious situation.

The first is a user-based; the theory – users often switch between mobile devices and licensing one device only to discover that it has been replaced by another, unlicensed device, swiftly leads to big problem – instead the solution could be to licence a user. The licence would attach to each device the user chooses to use and solves the problem of having to keep track of each device, rather, tracking the user. In large organisations this approach would be very tricky to apply universally as the needs of many employees in a variety of locations would never be universal.

An alternative suggestion is virtualisation or the virtual desktop infrastructure (VDI): a central repository of applications shared amongst users within an organisation. Accessed from any device at any time it allows simplified monitoring and management of BYOD licences. This is a great alternative to the user-based model and a sensible approach to the issue, however, to correctly manage a VDI system, one must fully understand VDA (virtual desktop access) licensing – comprehending and managing the software rights of users. Think of it like this:

VDI: applications

VDA: rights to use applications

The rights assigned for roaming use (e.g. using a work laptop outside the work environment), companion licenses for personal mobile devices used inside the office (roaming licences would apply for use of personal mobile devices outside the office) and other variables have to be taken into consideration with VDI use and VDA rights.

The key to any approach to BYOD is reliable, clean and contemporary data, coupled with a comprehensive understanding of how usage should be monitored, devices tracked and processes automated with the most appropriate tools.

The use of BYOD has certainly exploded, but the uptake of organisations to meet compliance needs has been a bit of a trickle. It is estimated that fewer than 10% of companies have an adequate policy in place to address BYOD. That is a shocking percentage and means that over 90% of companies have ticking licensing time bombs waiting to explode, scattering heavy fines liberally around the organisation. Software vendors are eagerly awaiting audits that highlight under-licensed or never-licensed software on employees’ mobile devices. Are you ready for your vendors?


Submit a Comment

Subscribe To Our Newsletter

Subscribe To Our Newsletter

ITAM Channel brings the best news and views from the ITAM industry. Sign up for the newsletter and get them straight to your inbox

You have Successfully Subscribed!