While the bring-your-own-device (BYOD) trend has gained momentum among enterprises, it has also plagued CIOs with a range of technical as well as cultural issues making the execution of BYOD concepts somewhat complicated.
As users become more technology savvy, they start telling IT what devices they want to use, and not only expect IT to provide these, but to support them as well. The advent of social media into the enterprise and employees expecting applications of a particular standard at work has resulted in the emergence of a new trend called the consumerisation of IT.
According to IDC’s Worldwide Mobile Worker Population Forecast 2011-2015, 838.7 million employees in Asia/Pacific excluding Japan will be mobile workers by 2015 and majority of these mobile workers will be office-based.
BYOD is both a technical and organisational challenge for any enterprise IT department. In order for BYOD to work effectively and successfully, there are three key areas that CIOs need to address:
1. Technology: Security and compliance
There can be some costs benefits when users purchase their own device, as the company does not have to fork out for the hardware. However, with as much as 70 per cent of the company’s intellectual property (IP) living on email alone, that means a huge percentage of data assets are “out there” on somebody’s smartphone or tablet. Does IT know who has access to what? Can they control that access?
To make matters worse, the volume of data you need to protect is proliferating as fast as the devices themselves.
In order to address data security concerns, you’ll need to examine your employees’ devices in greater detail and implement a Mobile Device Management (MDM) solution to effectively manage this concern. Look for a MDM solution that has features such as being able to enforce device passwords (minimum length, complexity, expiration and history) and device locking, wipe and selective wipe (remove only corporate data), control Wi-Fi and VPN settings. Ensure that the device or its operating system can support data encryption.
You should also ensure that these devices meet a certain standard of compliance before allowing them access to your corporate network. It’s important to ensure that the device hasn’t been jailbroken, rooted and meets the necessary security policy.
An integrated approach to these solutions would give enterprise IT full control over the business part of the device should the device get lost or an employee leaves the company. At the same time, these solutions protect the employee’s privacy by blocking any access of IT administrators to non-work related areas on the device.
2. IT support: Whose device is it anyway?
A more difficult question to be answered by any enterprise is the aspect of IT support. When IT provisions the hardware, there is no question about the company owning what goes on that device. But when employees start bringing in their own hardware, the ownership of everything else becomes more tenuous, bringing with it legal, compliance, and security issues.
When a user working on their own device leaves the company, does that person have any legal right to take corporate data that is on that device?
CIOs have to take into account that the BYOD trend means that they now have to deliver support for a variety of device types by different manufacturers with different operating systems. Bear in mind that IT departments are not being given extra money to support the mobile device choices that they’re expected to manage, much less the structural and legal support they would need to make BYOD safe and productive for the enterprise.
<i>CIO’s</i> Tom Kaneshige wrote, “A CIO simply cannot expect executives to run to the Apple Genius Bar whenever their iPad or iPhone is malfunctioning, especially when there’s a mission-critical task on the BYO device that needs to get done.”
3. Enterprise culture: So go ahead, give users what they want
Trying to give users the freedom of choice, while covering your corporate assets to protect sensitive data, competitive IP and client contacts, can be a tricky balance.
Beyond just securing devices, you also need to prove that you’ve secured the data floating around on them. Auditing and compliance regulations apply just as much to smartphones and tablets as they do to office-anchored desktops. Whether a breach occurs, or you’re simply audited by a trade or governmental regulatory body, you need to be able to prove compliance in an immediate, automated way.
BYOD calls for a close examination of the organisation’s culture as well as clear guidance for staff. An integration of technology, IT support and enterprise culture including having a good security policy in place can ensure a smoother running of BYOD within the organisation.
Finding the right balance between integrating the technical and security aspects of BYOD, while effectively managing the social aspects of this trend, can be tricky. But once the processes are set in place, managing them on a day-to-day basis will ensure a secure, cohesive and balanced BYOD policy for the enterprise.
Chris Gacesa is a technology specialist at Novell.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.