Security, Support Concerns
BYOD Trend Pressures Corporate Networks
Officials at Unisys started to sense the change about three years ago. It began when employees wanted to pare down the multiple mobile devices-from pagers to business handsets to laptops-that they carried with them for their jobs.
That desire morphed a couple of years ago-first with the rapid ascension of smartphones (particularly the launch of Apple's iPhone), and then with the release of Apple's iPad-into wanting to bring their personal devices to work in order to get onto the corporate network and gain access to business data and applications.
"We found that our employees wanted to use different products [than] what we were buying," said Patricia Titus, chief information security officer at Unisys. "It was a huge paradigm shift. ... They wanted to buy the devices they were most comfortable with."
That shift-commonly referred to as BYOD, or Bring Your Own Device-is hitting businesses worldwide. With the widespread adoption of myriad consumer mobile devices-including all flavors of smartphones and tablets-combined with a growing number of employees who are accustomed to using them, companies must figure out ways to accommodate them.
Businesses can save money by letting employees buy their own devices, but they must then find secure, efficient ways to let employees, contractors and guests gain access to the corporate network, while protecting data and applications.
"Companies have to deal [with employees] with all these devices walking in and wanting to connect to the corporate networks," said Chris DePuy, an analyst with The Dell'Oro Group, who added that BYOD is a key trend affecting the wireless LAN market. "I don't think the problem is going to go away. ... It's going to be a pain point for years to come because the devices are always changing."
15 Billion Network Devices
The ongoing consumerization of IT has been a focal point for several years of analysts and vendors alike, who say the adoption of personal mobile devices will continue to grow. According to Cisco Systems' annual Visual Networking Index Forecast released in June, by 2015, there will be almost 15 billion network-connected devices-including smartphones, notebooks, tablets and other smart machines-more than two for every person on the planet. By 2015, the average U.S. citizen will have seven connected devices.
That will translate into rapid growth in the wireless LAN (WLAN) and access-point markets. Dell'Oro predicts overall WLAN market revenues will exceed $8 billion in 2015, a 49 percent increase over 2010 revenues. At the same time, DePuy said units of enterprise 802.11n access points will show a 39 percent compound annual growth rate within the next five years, and that doesn't take the small-office/home-office space into account.
"IT is living up to the challenge, and, in some ways, it has no choice because of the proliferation of devices," IDC analyst Rohit Merha said.
Security, Support Concerns
A 2011 Unisys study conducted by IDC found that while a growing number of IT departments are committed to supporting the use of consumer devices in the business environment, they are concerned about security, support issues and growing workloads. However, the trend continues: The study, released in July, found that 40 percent of devices that information workers use to access business applications are personally owned, a 10-point jump from 2010.
Personal devices pose numerous challenges in the work environment, including securing the data, ensuring the quality of the service and setting the policies to determine the level of access the devices have to the network. Vendors are looking for ways to make it easier for businesses to identify and authenticate employee devices trying to access the network, and to ensure the proper level of access is applied.
According to Gartner, the Mobile Device Management space is just getting under way, though there are already more than 60 vendors in this market. Gartner estimates that in the next three years, revenue in the MDM space will grow 15 to 20 percent, from $150 million in 2010.
"The BYOD trend is here, and it's here to stay," said Paul Durzan, director of mobility at Cisco. "If you think about it, people want to be simply connected."
In April, Cisco unveiled its Identity Services Engine (ISE) for wired and wireless networks to help enterprises automatically track "visitors" to their corporate networks by enabling administrators to enforce policies that determine who is allowed on the network and what their access privileges are, all the while keeping the network secure.
In June, the networking giant unveiled a wireless-only version of ISE. It will identify the device trying to access the network, authenticate the user, set access levels and "make sure the endpoint doesn't become a threat vector," Durzan said, adding that it's all done in seconds.
Hewlett-Packard offers both wired and wireless access through its Mobile Access Solution portfolio-including the new E-Series Multi Service Mobility (MSM) 460 and 466 wireless access points-as well as wireless security offerings through its TippingPoint and RF Manager solutions. That combination of management and security is crucial for helping IT staffs meet the demands of employees while protecting the network, according to Jeff Schwartz, senior product manager of mobility and wireless for HP Networking.
Smaller vendors also are offering solutions. Meraki's Client Fingerprinting technology can identify devices that connect to the network; a device's operating system, make and model; and client information, such as the NetBIOS name and MAC address. The information is uploaded to Meraki's host network platform, called Cloud Controller, and made available to network administrators.
Another vendor, Kaseya, rolled out its Web-based Mobile Device Management module in August. It lets network administrators manage mobile endpoints and traditional devices from a single point.
A Wide-Ranging Policy
Unisys officials are crafting a wide-ranging BYOD policy that will encompass everything from data center architecture transformation to application modernization, according to Titus. As part of the policy, employees who want to use personal mobile devices need to sign an Acceptable Use Agreement (AUA).
The agreement comes with conditions, including that users let Unisys install a public key infrastructure (PKI) device certificate on the devices for authentication whenever they're used to access the network. Remote-wipe software also must be on the device.
By signing the AUA, users acknowledge that they understand that the device can be seized for an indeterminate amount of time if it-or the data on it-is part of a legal dispute.
Such precautions are important. "Smart devices are really WMDs [weapons of mass destruction]," Titus said, given the damage they can do to a company if used improperly.
Titus said that such an expansive approach to the BYOD trend is necessary given the growing number of mobile devices employees are using and the rapid pace of innovation.
"It's Android and iPad today, but it could be something different tomorrow," she said. "You want to ask yourself, -Are you solving the problem of the future, or just solving the problem of today?'"
eWEEK East Coast Managing Editor Jeffrey Burt can be reached at firstname.lastname@example.org.