IT managers who grapple with Bring Your Own Device (BYOD) policies can expect to see an explosion of different smartphones and tablets used by their workers in the next few years.
As a result, IT shops won't be able to keep up with the support demands needed to protect company data used on the various devices, said Gartner analyst Ken Dulaney in a recent interview.
"The number of devices coming in the next few years will outstrip IT's ability to keep the enterprise secure," he said. "IT can't handle all these devices. They're going crazy. They get into fights on whether users should get upgrades or not."
And because IT shops won't be able to keep up, software vendors will be forced to innovate and create what Dulaney called "beneficial viruses" -- software that will be embedded in sensitive corporate data, such as financial or patient information, that's carried on a smartphone or other mobile device. These beneficial viruses would work like Digital Rights Management (DRM) software seen on music and video files, which require a license to play the file, Dulaney explained.
In his conception, however, the beneficial viruses would take things a step further: sensitive data "would be smart enough to delete itself...," Dulaney said.
"It's time for the SAPs and Oracles to begin thinking about doing that, and it's a lot harder than we think," Dulaney said. "Inside every piece of [corporate] data there would be a beneficial virus that whenever the data found itself in the wrong place [such as on an unauthorized device], it would say, 'I don't see a license to be here and I will delete myself.'"
Today, companies rely on different Mobile Device Management (MDM) software companies to monitor which users with smartphones or tablets are authorized to access certain applications and whether they can use the data offline, or outside of the corporate cloud. But Dulaney said that's not a secure enough approach, and he predicted that MDM -- a "tactical invention" won't be viable for more than three years.
"We have to be smarter about security on mobile devices," he said. "Right now, the data relies on protection from the environment that it's in. But there's leakage of data outside the enterprise with too many entry points to the enterprise [often from mobile devices that can undermine enterprise security].
"Buying MDM is a good idea today, but I can't see that the mobile computing industry is ever going to stabilize so that we can do the things we've done with laptops and desktops for years," he said. "People are being driven by fashion to bring in so many new devices."
Dulaney said he's advised thousands of IT managers and CIOs on BYOD policies for years, urging them to give users some choice in smartphones beyond the classic BlackBerry with its BlackBerry Enterprise Server security.
Dulaney's approach is partly designed to keep IT shops from battling with users who want to choose their own smartphone, or more recently, a tablet. "IT shops instill security requirements about devices and to IT, that's value to the end user, but the end user sees it as taking away freedom," he said.
Gartner's current advice to IT shops in managing mobile devices is to consider setting up all or some of three different tiers of support -- platform, appliance and concierge. In platform support, IT offers full PC-like support for a device and the device is chosen by IT, and will be used typically in vertical applications.
With appliance-level support, IT supports a narrow set of applications on a mobile device, including server-based and Web-based application support on a wider set of pre-approved devices. Local applications are not supported.
With concierge-level support, IT provides hands-on support, mainly to knowledge workers, for non-supported devices or non-supported apps on a supported device. The costs for support, which can be generous, are charged back to the users under this approach.
"With the decline of RIM, the rise of Apple and iPads [has] caused BYOD to be top of mind for IT," Dulaney said. "Many companies still use RIM as a cornerstone of their mobile practice, but permit users to buy Android and Apple with restricted apps, sometimes requiring them only to be browser-based apps."
One example of the browser-based approach is at American National Insurance Company (ANICO), which announced Tuesday that it has worked with IBM and IBM partner Streebo to extend ANICO'S existing PC-based customer information to mobile devices including iPhones, iPads and BlackBerry and Android devices. Thousands of agents can use the mobile capability to search existing insurance policies and help customers sign up for insurance, Deanna Walton, assistant vice president of field systems for ANICO, said in an interview.
Using a Web-based approach was "the easier, quicker and right thing to do, and we didn't need to tap into the native device" to add a new application, Walton said. Down the road, she said ANICO might find the need to deploy native mobile apps used in the field by agents who handle sensitive data.
"If we go that way, we'd definitely need to look at the security aspect," she said. "Most agents are independent and we'd have to figure out how to handle the loss of a device."
From Dulaney's point-of-view, ANICO's mobile success is an exception in the current world of BYOD.
Matt Hamblen covers mobile and wireless, smartphones and other handhelds, and wireless networking for Computerworld. Follow Matt on Twitter at @matthamblen or subscribe to Matt's RSS feed. His email address is firstname.lastname@example.org.
Read more about mobile apps and services in Computerworld's Mobile Apps and Services Topic Center.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.