June 24, 2012
By Khali Henderson
Not since the Casual Friday Rebellion of the ’70s have corporate policies been flouted with such fervor as with the recent Bring Your Own Device Revolution. Employees want their iPhones and iPads. (Yes, there other devices like Android, but most accounts lay blame for the revolt at the feet of Jobs, et al, whose groundbreaking designs incited a level of fanaticism not experienced by electronic appliances in the past.) And, if that weren’t enough, their ballsy insurrection has spread beyond consumer devices to use of unsanctioned consumer apps.
“As devices come in, apps inevitably follow,” said Ojas Rege, vice president of strategy for MobileIron, a provider of mobile device management solutions. “We are seeing an explosion of apps in the workplace that we call the ‘Enterprise AppStorm’ and in the next 12-18 months every [Global 200] company is going to have hundreds of apps being used by thousands of users. The challenge for IT is having visibility into what non-corporate sanctioned apps are doing.”
They also want unfettered use of SMS, high-speed data and location-based services, said Josh Liption CTO of Advantix Solutions Group, a provider of managed wireless services. “They want no restriction on what they are doing. They want to use that phone however they want,” he said, adding that they also want “immediate access to support and problem resolution.”
Unlike the threat of an offending T-shirt or wardrobe malfunction, the risks from BYOD and, now, BYOA are significant. Exposing the corporate network to malware, losing control of sensitive company data, taxing corporate bandwidth and burdening understaffed IT departments are a few of the big ones. The knee-jerk reaction is to just say no. Businesses, after all, are rarely democracies. In fact, that is not what’s happening.
A study published in mid-May by Cisco said 95 percent of businesses permit employee devices on their network to some level or another. InformationWeek said it’s 90 percent. ZK Research said it’s 82 percent. Either way, it’s a lot. All of the tenacious (or clueless) road warriors and cubicle rebels out there can take credit for the success of “Operation: Going Rogue.” Realistically, it’s hard to stop employees from bringing their own devices and applications en masse, so companies realizing there are some potential upsides are looking for ways to manage its downsides. This involves a lot of policies and processes and a few technologies. That’s where channel partners come in.
“Channel partners can help organizations define BYOD policies and implement a workflow for enabling and managing employee-owned devices,” said Robert Fenstermacher, director of product and solutions marketing for Aruba Networks. “Then a channel partner can help with implementing technology to onboard new devices and finally enforce policy on those devices.”
Christopher Jones, executive director – marketing management for AT&T Small Business and Alternate Channels, agreed. “The most resourceful solutions providers and VARs have realized the trend and are making themselves experts in it,” he said. “In the lower end of the small business space, companies many not have a dedicated IT staff that can handle the implementation of a BYOD strategy across the organization. This is a great place for solutions providers and VARs to deploy a professional services model to help these businesses implement successfully.”
UPSIDES OF BYOD/A
Clearly, the option to choose their devices and applications gives employees a sense of empowerment over how they work. The spillover effect from this tolerant approach is believed to be improved productivity. A May 2012 survey of 2,000 IT users and IT managers commissioned by BT found that 64 percent of IT managers think BYOD will enable employees to be more productive; 42 percent of employees said the same.
Research from Cisco, also issued in May 2012, found similar results: 76 percent of IT leaders found BYOD somewhat or extremely positive for their companies, with the top two perceived benefits being improved employee productivity and greater job satisfaction.
“Recent research has found that companies who allow BYOD have a higher employee satisfaction and retention rate,” said AT&T’s Jones. “One poll even found that 45 percent of employees would accept a lower paying job if they could have the device of their choice.”
“There is a strong feel-good cultural factor,” said Fenstermacher. “Allowing people to use their own device is the equivalent of letting people bring their dog to work. Except a dog can’t video conference on the fly, provide immediate access to relevant business data and deliver email to the employee in the train.”
Employees’ priorities in the Cisco survey were “device choice,” followed by the ability to perform personal activities as work and work activities during personal time. Significantly, 69 percent of respondents want to bring their own apps, especially social media, cloud email and IM. And, workers are willing to pay for the privilege. Cisco employees, for example, spend $600 more on average to use their own device(s) at work.
That brings us to the subject of cost. The assumption that implementing a formal BYOD policy is going to eliminate costs and save the company money is appealing but inaccurate. The costs are merely shifted away from buying the devices and service plans to buying and supporting the management solutions. Plus there’s an expanded help desk requirement and reimbursement for corporate usage, but not at the discounted rates typical of corporate-liable high-volume service plans. “Unless you can get away with paying nothing for everything, you are going to end up spending money,” said Advantix’s Lipton. A study by Aberdeen put the total cost of BYOD plans at $100 per device vs. $80 for corporate-liable due to managing reimbursement.
Still, some contend it can be less costly. “[BYOD] is a much cheaper option for businesses rather than purchasing devices and service plans for their employees,” said Geoff Yearack, vice president of operations for master agency Telecom Brokerage Inc. (TBI) “It is likely that employees already have personal devices with services plans, which when coupled with the right [mobile device management] program can be appropriately managed for a small fee per month.”
DOWNSIDES OF BYOD/A
As alluded to earlier, the downsides of employees bringing their own devices and applications to the workplace are many, but perhaps the most disconcerting (and illustrative of the challenge) is that employees are clueless about them. One in three sees “no risk” in using their own devices at work and only one in four recognize the significant threat they pose to the company, according to BT’s survey.
If businesses were to educate employees about their concerns, the major ones would be:
Security. Each wireless device brings with it the risk of malware and viruses that could damage or disrupt the corporate network.
Data Privacy. The risks of exposing sensitive company data or violating regulatory rules about customer data privacy are increased when employees access databases from a mobile device or copy that data to non-corporate applications they’ve downloaded to their device or use in the cloud. “Protecting valuable corporate data stored in cloud-based consumer apps is as much a challenge for IT chiefs as securing data on consumer devices,” said TBI’s Yearack.
IT Support. As employees bring in their own devices and applications, the number of platforms (BlackBerry, iOS, Android variants, Windows Mobile, etc.)and models as well as applications that the IT department must support can grow exponentially and dynamically. ZK Research found of the 82 percent of companies allowing consumer devices on their network, only 20 percent provided full IT support and 39 percent provided limited support (see graph, “Company Attitudes on Use of Consumer Technologies”).
Network Capacity. Cisco’s study found the average knowledge worker today carriers 2.8 devices. Many of these are capable of processing high-quality, real-time applications such as high-definition video, which require QoS standards most enterprise networks were not designed to handle.
Cost control. Tracking business usage on employees’ personal devices is a challenge. Plus SMS, overages on data plans and international calling can be costly.
POLICIES FOR BYOD/A
To address the myriad downsides and, hopefully, realize the upsides of a BYOD/A, it is critical to establish a formal policy. This literally is a document that spells out company and employee responsibilities as they relate to the mobile work environment and should be agreed to by the employee before their personal devices are given access to corporate networks/data. The policy statement will vary somewhat by business based on their industry/tolerances and possibly by employee based on their role/title, but it should address a few key areas:
Device Selection. Particularly given the hundreds of Android OS variants, it is unrealistic for a business to be able to support every device, so policies usually will specify a range of supported devices. “BYOD is actually becoming CYOD, or choose your own device,” said MobileIron’s Rege. Giving employees a selection of devices to choose from makes them “feel part of the solution yet the company IT department isn’t overwhelmed with too many platforms to proactively manage,” added Todd Fritz, president of Intelligent Wireless Management, dba InteleConnect.
Support Access. Companies should define the scope of their help desk support, e.g., they will not support problems with personal use applications, such as games and music.
Application Access. Businesses need to specify what corporate applications, e.g.. email, word processing, spreadsheets, and how the company will treat non-corporate applications that the employees download to their personal devices. If restrictions on applications are made, the reasons should be clearly stated. “When it comes to BYOA, IT needs to keep the bad apps out,” said Rege. “That means that they need to know what apps are on a device and what permissions they have in terms of their ability to access corporate data.”
Device Security. The policy should describe the security requirements, e.g., personal firewall or encryption, required to be used on personal devices accessing the corporate network or data.
Network Access. Companies must specify the means by which a personal device can access the corporate network, e.g., a secure VPN, as well as permissions for different roles, e.g., employees, contractors and guests.
Privacy. Companies need to inform employees of what data/activity, e.g., usage, location, they will monitor on employee devices. For example, MobileIron noted, IT might need to track app inventory on the personal device in order to protect against rogue apps that might compromise enterprise data.
Reimbursement. Typically users are reimbursed for corporate use of their devices. This may be a fixed monthly stipend or it might be usage-based. What about SMS, data plan overages and international calling? What happens if the device is broken or lost who picks up with cost of replacement or repairs? Those policies need to be defined and shared with employees.
Enforcement. Companies need to explain what will happen when policies are compromised and how employees will be notified that their actions are out of compliance. For example, if a device is lost or stolen, a company may initiate a remote wipe/lock.
Read more about:Agents
You May Also Like
AWS re:Invent Partner, Vendor News: Cisco, Salesforce, MoreDec 01, 2023
People on the Move: Comcast, Cisco, NICE, TPx, Barracuda, MoreNov 29, 2023
AWS re:Invent 2023 Partner News: Marketplace, Salesforce, Certs, MoreNov 29, 2023
AWS re:Invent Expo: VMware, Snyk, HPE, More Showcase Cloud, Security, AINov 28, 2023