BYOD Acceptance Allowing IT Managers to Control Security, Data Access

By Michelle Maisto  |  Posted 2012-12-27

BYOD Acceptance Allowing IT Managers to Control Security, Data Access

Enterprise IT managers are discovering that it makes more sense to embrace the bring-your-own-device trend rather than try to keep it out of their organizations.

But with this acceptance IT managers and employees have to agree to a tradeoff. If employees want the freedom to use their favorite smartphones and tablets at the office they are going to have to cooperate by accepting some controls and adhering to security policies.

Corporate BYOD acceptance is increasing because pragmatic IT executives realize there is no effective way from preventing employees from using their mobile devices at work.

In mid 2012, Research and Markets forecast that 65 percent of businesses would have some type of BYOD solution in place by year's end.

"It's not just about employers making people productive, but an employee-driven thing, like, where there's a will, there's a way," Andrew Conway, director of Microsoft's Enterprise Client team, told eWEEK. "If they're not getting what they need from IT, they're going to go get it themselves."

Conway's point is made clear as even regulated industries, with once set-in-stone mobile policies, are wobbling under pressure from employees, who are bringing a diverse array of mobile devices into the workplace. In October, the U.S. Department of Defense—which maintains the highest security standards and would seem to be the ultimate Research In Motion stronghold—announced that it was expanding its device support beyond BlackBerry to include Apple iPhones and Android smartphones.

The BlackBerry had long been the choice for enterprises because it supported data encryption and allowed them to maintain strong security policies.

But with enterprises literally unable to keep out unsanctioned devices, the IT managers are embracing the use of a wider range of mobile devices while imposing at least some controls for secure data access.

"IT has been saying this is the way, but in today's world the dictator is being overthrown," Gartner vice president Ken Dulaney told eWEEK. "I've been told by organizations that they're BlackBerry only, but then I walk down the hall and see iPads. IT is coming to grips with the fact that they're lost control."

To hear Dulaney speak of BYOD in broad terms, his advice could be mistaken for toddler parenting advice: Give warnings. Set boundaries. Be clear about consequences.

"We tell our clients that winning in IT is a lot about setting up expectations," he continued. "If you surprise [workers], they get angry."

With PCs no longer the only devices delivering content, Dulaney believes that managing devices now also calls for structural changes in organizations.

"We want our clients to manage security by looking at all of the endpoint devices, and the only way to get consistency in policies is to manage them in a single department."

Understanding that standardizing on a device is "impossible to achieve, much less maintain," Dulaney recommends a "managed diversity approach." In this model, responsibility is shared. The enterprise makes clear to users what their choices are, as well as the consequences of not holding up their end of the deal.

"You say, 'If you want this and then you do that. If you want to do more things on your phone, then you have to accept responsibility for what goes wrong,'" he said, in a no-nonsense tone.

BYOD Acceptance Allowing IT Managers to Control Security, Data Access

Gartner has spelled out a three-level approach. In the first, the firm owns the device and is 100 percent responsible for it; in the second, the employee owns the device, IT puts in place "isolation techniques," also referred to as containerizing—secure data resides in a special "container" on the device—and responsibility for the device is equally shared.

The third level is for special cases, what Dulaney calls "the crazy executive" who says, "I don't care what you say, I'm still going to use this device." That person takes full responsibility.

Gartner concedes that this approach doesn't guarantee the lowest total cost of ownership (TCO)—a carrot that IT usually chases. "But it does ensure choice and some degree of control."

BYOD, like the technologies it addresses, is changing and challenging enterprises.

Expanding Options to Boost Productivity

"You've got employees saying, 'I'm tired of looking like Batman, with three phones on my belt—I've got a BlackBerry, an iPhone, something for encrypted messages,'" says Ron Hassanwalia, VP of sales and marketing at SOTI. "But when you deploy a BYOD solution, the end user doesn't want to compromise on their device. They want freedom on their device."

SOTI calls itself the world leader in enterprise mobile device management (MDM) and BYOD solutions. It has more than 10,000 customers and offers systems for managing mixed environments of Windows, iOS, BlackBerry and Android devices. It also offers a choice of management approaches—the containerized approach, where secure information is segregated, or implementing a security policy that covers the entire device. The same fix isn't right for every company.

"It's getting more complicated [to manage devices], and frankly this is an area that companies didn't used to budget for," Hassanwalia told eWEEK.

"A year ago, IT departments were only concentrating on three operating systems— iOS, BlackBerry and Android. Today you've got Microsoft with Windows Phone 8, Intel has Tizen; WebOS is kind of saying they're going to make a comeback, BlackBerry 10 is coming. It really is getting more complicated," he continued. "Three years ago there wasn't even an iPad, and now tablets are taking over."

But while more mobile platforms are being supported, not every device is. Fragmentation is becoming a theme.

"From the organizational perspective, security is the foremost concern. From the end-user perspective, they're thinking about what can the enterprise support," said Jeff Holleran, senior director of Enterprise Product Management at Research In Motion. "This is a time of year when enterprises need to be particularly proactive about clearly telling employees what they can support."

Holleran explains that a worker, rightly believing that his company supports Android, could walk in Jan. 2 with the holiday gift he requested, only to find that the company actually supports, say, five specific Android smartphones and not the one in his pocket.

Hassanwalia points out that SOTI can support all but the most purely consumer devices and puts in a plug for Samsung's SAFE (Samsung Approved For Enterprise) devices. SOTI was the first MDM provider to pass Samsung's SAFE certification process. "The [security] difference between SAFE devices and other Android phones," says Hassanwalia, "is massive."

BYOD Acceptance Allowing IT Managers to Control Security, Data Access

Marking an evolution both within RIM and the businesses it serves, the company now offers BlackBerry Mobile Fusion, a product that extends BlackBerry-level security and classic RIM device management features to also iOS and Android-running devices.

In an additional departure from the old way of thinking about "work devices," Mobile Fusion includes BlackBerry Balance, a technology for BlackBerry devices that separates a user's work and personal content. While an IT manager can wipe corporate data from a BlackBerry in the instance that a device is lost, he or she has no view of a worker's personal emails or files.

Make BYOD acceptance work for you

When workers have everything they need in their hands and can work on the device they're most comfortable with, said Holleran, "It starts to transform how someone feels about their workday."

Microsoft's Conway agrees. "People are more productive if you give them a range of options about how to get their work done," he told eWEEK. "They can be happier about conducting work when it's on their own terms."

The cloud is central to Microsoft's business applications today and its answer, said Conway, to the question, "How do we help businesses and the IT pros who work for them to be super productive while making sure we keep the company and its assets secure?"

Conway says Microsoft's approach is "people-oriented" and that it works to put the user at the center of its solutions.

"We've looked at the numbers and users have between five and seven smart and connected devices and they're trying to get work done."

Microsoft's approach has three main components, said Conway. The first is creating a personalized experience. "They want their apps, their data ... we begin with that, and at the center of the solution is someone's identity."

The next piece is a decision about how to do things like deliver applications, manage applications and de-provision devices; and the final piece is about accessing technologies. With Microsoft's DirectAccess in its Windows Server OS, remote employees can work as though they're on the corporate network, even without connecting through a virtual private network (VPN).

Conway argues that people are already using cloud services and are comfortable with the cloud.

"[Workers] are more often connected to the cloud than to your corporate network ... so as you think about managing [enterprise] solutions, a cloud solution has a huge amount of utility."

While BYOD is challenging organizations, it's also offering them a chance to be more flexible, more efficient and gain business benefits by responding to the needs of employees. ("You bring in the most talented people you can—well, people are most productive when they can work in ways they're comfortable," said Microsoft's Conway.)

It's also offering IT a chance to catch up, evolve and put itself in a better position to succeed.

BYOD, says Gartner's Dulaney, is just one part of an overall mobile strategy.

"The challenge is to develop a mobile strategy, in that you're looking at each aspect of your business and figuring out how mobility affects it. Mobility means change is frequent and constant—and IT is terrible at reacting to change because they have too many baked-in bad assumptions," said Dulaney. "This is really about developing a mobile strategy."

Rocket Fuel