BYOD has become a mission-critical operation for many CIOs, but what's the best way to protect sensitive company data and employees? Part 1 explores the technology.
Bring Your Own Device (BYOD) is a user-led as well as user-centric phenomenon that is being embraced by CIOs in droves. They understand the new workplace reality is that the knowledge worker is now mobile; therefore, CIOs are mandating IT to make information available on external mobile devices. According to research firm Gartner, in 2013 mobile phones overtook PCs as the most common Web access device worldwide.
As employees ever-more mobile, they increasingly are relying on their mobile devices to meet a wide spectrum of interests and needs. And their ability to utilize smartphones and tablets to do their jobs anywhere is resulting not just in increased employee productivity but also greater organizational agility. The ability for employees to access corporate information anytime, anwhere enables them to make better, quicker and more-informed decisions. As a result, insightful CIOs have elevated the support of mobile device on the corporate network to mission-critical status.
However, the IT adoption of BYOD has brought to light myriad issues, including security, liability and regulatory compliance risks. New technologies including mobile device management (MDM), mobile application management (MAM), mobile content management (MCM) and enterprise mobility management (EMM) solutions can help keep company data more secure on mobile devices.
Vendors recognize the importance of mobile management solutions: VMware is purchasing AirWatch for $1.54 billion; SAP acquired Sybase in 2010 Citrix snapped up Zenprise in 2012; IBM purchased Fiberlink Communications last year; and Oracle acquired Bitzer Mobile, also in 2013. All these moves are validation that EMM/MDM/MAM/MCM are critical components for enterprise IT.
Such technologies don't alleviate employee privacy concerns, however. A vast majority of employees worldwide are accessing corporate information using their personal devices. As such, employee ownership issues and isolation of personal and business-related content on the mobile device should be addressed by corporate IT. Yet some employees are sensitive to allowing IT access to their personal mobile devices because they fear the "Big Brother is Watching" syndrome, especially in light of Edward Snowden’s recent revelations about the National Security Agency (NSA). Employees are very concerned about the IT department’s ability to access their personal information and applications. As such, they are reluctant to on-board their personal mobile device to the organization’s identity and network access system.
Gartner predicts that 20 percent of MDM policies will fail within the next two years because of employee privacy concerns. Human beings are easily spooked by far-stretched rumors that “make sense” to them, such as hackers utilizing the built-in camera of a mobile device to view device owner’s private surroundings. To help alleviate concerns, the table below lists what the It department can or cannot see/read/access on the personal or corporate owned, personally nabled (COPE) mobile device.
What about other issues surrounding EMM, such as employee access expectations, greater security and control, lack of standardization for device platforms and lack of consistency of interfaces? I will address those issues in Part II of this column next week.
Ashar Baig is president and principal analyst and consultant at Analyst Connection, an analyst firm focused on cloud computing, IT products and services and managed service providers. He has more than 18 years of high-tech industry experience. Baig also is founder and manager of the LinkedIn Cloud Backup group.