BYOD Acceptance Allowing IT Managers to Control Security, Data Access

NEWS ANALYSIS: BYOD is a necessary evolution, and a good one. When employee demands trump company policy, BYOD lets you harness that drive.

Enterprise IT managers are discovering that it makes more sense to embrace the bring-your-own-device trend rather than try to keep it out of their organizations.

But with this acceptance IT managers and employees have to agree to a tradeoff. If employees want the freedom to use their favorite smartphones and tablets at the office they are going to have to cooperate by accepting some controls and adhering to security policies.

Corporate BYOD acceptance is increasing because pragmatic IT executives realize there is no effective way from preventing employees from using their mobile devices at work.

In mid 2012, Research and Markets forecast that 65 percent of businesses would have some type of BYOD solution in place by year's end.

"It's not just about employers making people productive, but an employee-driven thing, like, where there's a will, there's a way," Andrew Conway, director of Microsoft's Enterprise Client team, told eWEEK. "If they're not getting what they need from IT, they're going to go get it themselves."

Conway's point is made clear as even regulated industries, with once set-in-stone mobile policies, are wobbling under pressure from employees, who are bringing a diverse array of mobile devices into the workplace. In October, the U.S. Department of Defense—which maintains the highest security standards and would seem to be the ultimate Research In Motion stronghold—announced that it was expanding its device support beyond BlackBerry to include Apple iPhones and Android smartphones.

The BlackBerry had long been the choice for enterprises because it supported data encryption and allowed them to maintain strong security policies.

But with enterprises literally unable to keep out unsanctioned devices, the IT managers are embracing the use of a wider range of mobile devices while imposing at least some controls for secure data access.

"IT has been saying this is the way, but in today's world the dictator is being overthrown," Gartner vice president Ken Dulaney told eWEEK. "I've been told by organizations that they're BlackBerry only, but then I walk down the hall and see iPads. IT is coming to grips with the fact that they're lost control."

To hear Dulaney speak of BYOD in broad terms, his advice could be mistaken for toddler parenting advice: Give warnings. Set boundaries. Be clear about consequences.

"We tell our clients that winning in IT is a lot about setting up expectations," he continued. "If you surprise [workers], they get angry."

With PCs no longer the only devices delivering content, Dulaney believes that managing devices now also calls for structural changes in organizations.

"We want our clients to manage security by looking at all of the endpoint devices, and the only way to get consistency in policies is to manage them in a single department."

Understanding that standardizing on a device is "impossible to achieve, much less maintain," Dulaney recommends a "managed diversity approach." In this model, responsibility is shared. The enterprise makes clear to users what their choices are, as well as the consequences of not holding up their end of the deal.

"You say, 'If you want this and then you do that. If you want to do more things on your phone, then you have to accept responsibility for what goes wrong,'" he said, in a no-nonsense tone.