In March 2013, ZDNet reported that the size of the 2013 bring-your-own-device (BYOD) market would be double that of 2012, making BYOD truly mainstream.
Sixty eight percent of respondents in the same research report said that getting buy-in from staff presents no challenge to a BYOD workplace program (no surprise, given how much we all love our own phones and tablets), but of the aspects reported as “a very big challenge”, most responses were for “devising a security policy” and “implementing appropriate mobile device management [MDM] software”.
A more recent study by Greyhound research confirms how many enterprise IT departments are getting on board, and also how many seem ill equipped to do so. Seventy percent of respondents have plans for BYOD, but 30 percent of those have no concrete security or policy plans in place.
All of this means that BYOD is here to stay, but is the enterprise world ready for it?
The challenges of BYOD
Before you even talk about malware or the Apple Store, the first hurdle is making BYOD work financially. You have to buy fewer devices, but one little security incident could be catastrophic. According to CompTIA, the top reason given for BYOD is to increase out-of-office productivity, but research by TEKsystems said the main payback is employee satisfaction, with little monetary effect on customers or IT budgets.
Assuming you jump in, the scariest threat is security. The thought of company data on a device that’s dripping with malware is scary enough, but an employee posting “about to take the bag full of cash profits down to the bank — LOL!” on their mobile Facebook app or losing their device (accounting for almost half of all mobile security incidents) might cripple the business just as thoroughly. The 160,000 phones lost across the US every day, according to the CompTIA report, cost the economy $30 billion per year.
“Data classification is a huge focal point of action,” said Australian National University (ANU) CIO Peter Nikoletatos. In an environment where he says users, particularly students, have always bought their own devices, data access and protection levels undergo strict implementation procedures.
“Users have to be informed about the various mobile and cloud solutions, but, more importantly, how to leverage them in a way that minimises risk to our IP and protects both users’ privacy and the university’s reputation.”
But even legitimate data or usage presents a grey area. Usually, it’s easy to determine what belongs to you and your employer (Angry Birds versus a spreadsheet with company finances), but Nerds On Call founder Andrea Eldridge said not everything on your device is so cut and dried.
“Communicating with clients can lead to muddy waters when they begin to call you directly on your mobile,” she said. Once a client calls you, she thinks your employer effectively has some claim to your phone number — but do they have the right to ask you to give it up if you leave?
To sandbox of not
Mobile device management (MDM) is a set of protocols and policies used by IT departments to minimise risks, but if the figures above are to be believed, it’s not as mature or widespread as it should be.
A popular alternative is giving users a cloud-based work environment that’s locked off from the rest of their system. Still in academia, University of Missouri-Columbia assistant professor Prasad Calyam said MDM forces the IT department to accept liability for managing the whole device. “A solution like VMware Horizon Workspace is attractive, because it lets us only manage the assets on the phone for services like virtual classroom labs,” he said.
Of course, some might argue that this flies somewhat in the face of BYOD’s very spirit, because you’re forcing users to use your applications and/or workspace, rather than the ones they want. BYOD, after all, is about the user experience.
But giving your users full access to the tool in question means facing the perilous world of operating systems fragmentation. Several — like Windows Mobile and iOS — are strictly managed, secured, and deployed by their respective owners, but when Android devices overtook the iPhone as Australia’s most popular mobile device last December, it opened it up to a very fractious field.
We can look to coding standards to save us to some extent; they’ve helped Dish Network, one of the biggest satellite TV providers in the US.
“We were excited about a solution that leverages the potential of HTML 5,” said Dish CIO Mike McClaskey. “That means we have a standard application that can run on a lot of different operating systems and devices, and render accurately and consistently.”
Building apps and tools for operating systems also isn’t as much of a problem as we think it is, according to LANDesk director of product Mike Temple. “People think of it as an application development challenge, but there’s a whole industry popping up to outsource application development when the real issue is the management platform,” he said.
But the field is still fraught with technical and policy challenges. ANU’s MDM solution has a remote wipe function, but Peter Nikoletatos said an efficient and secure cloud solution is still being resolved.
The university provides guidelines on data management and responsible use, but, as Nikoletatos said, “as users shift more to mobile devices, real-time access to data anywhere, anytime is becoming an increasing challenge”.