The BYOD movement is a change for the way many enterprises operate. It requires businesses and employees to accommodate one another's needs and expectations.
Smartphones and tablets in the enterprise
Part 1: It’s a business smartphone!
Part 2: BYOD policy basics: Defining and enforcing a successful policy
Part 3: Enterprise apps help consumer devices go corporate
Part 4: Personal devices on enterprise networks change IT’s role
When this accommodation is done well, both parties benefit. Let's look at the bring your own device (BYOD) era in terms of the changing nature of IT control over personal devices along with its benefits and risks, plus tips on creating BYOD policies and practices.
Changing nature of IT control
A common scenario is for the business to own the infrastructure, end-user devices and applications used for business operations. These systems are used almost exclusively for business purposes with occasional and generally insignificant personal use, such as email messages about social events. Organizations set acceptable-use and security policies according to their best interests.
Today, these same organizations face an emerging management model that must account for more contracted resources, such as public clouds and other service providers, as well as more use of employee-owned personal devices. The result is a mixture of business-owned, business-contracted and employee-owned devices that requires more consensus on policies and practices than in the past. At first, it might seem as though businesses are losing control, but that’s hardly the case.
Businesses may have less direct control over personal devices, but they have not lost control over what matters most: data and applications. If a server were stolen, it might cost a business several thousand dollars; if a server with confidential data or intellectual property were stolen, it might cost the same company hundreds of thousands or millions of dollars.
The advent of cloud computing and BYOD highlights the fact that the most valuable IT assets are not personal devices but the data and applications that are stored and run on them. Businesses should implement BYOD policies and practices that protect those valued assets.
Benefits and risks of BYOD
Both employees and businesses can benefit from BYOD. Employees can consolidate hardware, have improved connectivity, and work with more user-friendly personal devices and functional interfaces than were available with some corporate applications. Enterprises can benefit from potentially lower hardware and support costs as well as improved employee productivity.
Risks include security breaches, unanticipated legal liabilities arising from questions of data security and control, and potentially higher support costs. The details of implementing personal devices, will affect these support costs.
Will you be supporting multiple platforms? Will the company’s security controls interfere with user apps? How do enterprise applications function on personal devices? Are cellular data speeds sufficient for the apps? Testing and small pilot programs can help answer these questions.
Tips on accommodating personal devices
To minimize potential drawbacks and manage employee expectations, focus on three tasks prior to widespread BYOD adoption: defining policies, implementing a policy enforcement mechanism, and evaluating mobile device apps and enterprise applications that you intend to support.
Define policies, including those that address acceptable use of business applications and assets on personal devices. You should also specify the minimal security controls that must be in place to use a mobile device with business systems and the rights of the business to alter mobile devices, such as remotely wiping them if needed.
It is important to enforce policies. Existing IT systems may be able to support some levels of compliance; for example, some policies can be enforced through Microsoft Exchange ActiveSync. More comprehensive policy enforcement will likely require a mobile device management (MDM) system. An MDM system should support provisioning, monitoring, policy enforcement and, if required, some degree of device controls such as disabling Bluetooth.
Evaluate the enterprise applications you expect to support on mobile devices. Identify the minimal form-factor requirements, such as screen size, resolution and data transfer speeds.
Also, consider if the Web applications will be delivered to personal devices through an existing Web interface or through a specialized app. Software vendors may have apps for their products. In the case of popular enterprise applications, such as Microsoft SharePoint, third-party software developers may be able to meet your needs.
One way to minimize risks during evaluation is to begin with testing in the IT lab, followed by small pilots. If these tests are successful, you can roll out support incrementally. This approach can reduce the risk of scalability problems adversely affecting a large number of users.
The goal of IT support for BYOD is to integrate employee-owned personal devices into the business in a way that complements the existing IT infrastructure and applications without compromising the security or functionality of corporate resources.
About the author
Dan Sullivan, M.S., is an author, systems architect and consultant with over 20 years of IT experience with engagements in advanced analytics, systems architecture, database design, enterprise security and business intelligence.
This was first published in April 2012