Feature

Create a mobile policy employees can trust

A year or two ago, you could have been forgiven for safely assuming that bring your own device (BYOD) would be the champion of all corporate mobile strategies. However, fast-forward to 2014 and there is an undeniable shadow hanging over the proposition.

Gartner recently predicted a fifth of all enterprise BYOD projects would fail by 2016. But why has the market watcher painted such a pessimistic outlook? Well, it claims IT departments are adopting heavy-handed approaches to enterprise mobility management.

byod-mdm.jpg

While employees first seemed exuberant at the prospect of ditching the corporate brick in favour of their shiny flagship device, they are now wising up to the fact mobile device management (MDM) solutions make no distinction between personal and corporate data. Follow this line of thought and it becomes obvious that some BYOD deployments are destined for early retirement.

Don’t ignore BYOD

Striking a balance between the privacy of the individual and the security of the business can seem such an insurmountable task that an employer may well be tempted to abandon BYOD. However, the concept cannot simply be swept under the rug.

BYOD was borne out of the consumerisation of IT and, try as one might, paradigm shifts cannot be ignored. Doing so will usher in a wave of shadow technology. Any CIO will tell you that every employee is an expert at circumventing corporate policy and will happily do so if they do not have access to the tools they need to effectively carry out their job.

Don’t ignore security

Just as it is unfeasible to keep a lid on BYOD, ignoring the security ramifications is also untenable. The US, UK, Japan, Australia, France, Germany, Ireland and Spain – to name just a few – all have stringent data privacy laws in place. Employers are ultimately responsible for the data that resides or passes through their ecosystem and failure to protect it can result in crippling fines.

From senior management’s perspective, it may well seem a case of damned if you do, damned if you don’t. So, is it possible to balance the needs of the business with the needs of the employee, all the while maintaining a respect for privacy?

A fresh way of thinking

The answer is yes, but in order to get there, it is necessary to challenge some of the assumptions made about BYOD and MDM.

The truth is the concept of mobile device management is built on a legacy security ethos. It stems from the days when corporate PCs needed to be fully managed in order to maintain a secure network. When the corporate mobile came along, the same strategy was understandably applied. Blackberry Enterprise Server (BES) was the ideal solution for businesses, allowing administrators to have unfettered control of the mobile estate.

MDM platforms offer IT professionals the ability to maintain the same cast-iron grip on mobile devices to which they had grown accustomed in the eras of the PC and the Blackberry. The fact is that BYOD demands a different way of thinking.

Ripping up the rulebook

MDM has become a catch-all term for the management of mobile devices in the enterprise. The problem with condensing all the potential issues and solutions involved into one term is that it is easy to lose focus on what is important.

The correct terminology decision makers should be familiarising themselves with is ‘enterprise mobility management’ (EMM). While this might seem like a semantic argument, by moving away from the notion the device must be managed, enterprises can adopt much more dynamic approaches to securing their infrastructure and data.

Back to the drawing board

Start by considering what it is that is driving this shifting paradigm. Why do employees want to use their own devices for work purposes? When one thinks about it, the notion is almost counter-intuitive. After all, an employee would hardly volunteer his or her own printer ink or coffee grounds for office use.

Is it possible to balance the needs of the business with the needs of the employee, all the while maintaining a respect for privacy?

The answer lies in the phenomenon that has driven BYOD - the consumerisation of IT. CoIT, and therefore BYOD, have nothing to do with where ownership lies - nobody genuinely cares. Employees want to use the same well-designed and elegant tools they have grown accustomed to in the consumer market.

With this in mind, it may well be that BYOD is not the most suitable strategy for all enterprises looking to evolve their enterprise mobility policy.

Consider alternative approaches such as corporate-owned, personally enabled (COPE). This strategy fundamentally changes the dynamic between the employer and the employee. The IT department is no longer the enemy, but the enabler. Perhaps, most importantly, the onus of security is shared between the organisation and the individual.

The high Capex involved with COPE or similar strategies puts off many companies. However, the reality is that operating expenditures are the principle factor when calculating total cost of ownership (TCO). Businesses that are expecting BYOD to act as a silver bullet when it comes to Opex are chasing a pipedream.

For organisations that choose to embrace BYOD in its purest form, by allowing employee-owned devices into the corporate ecosystem, a question remains: how do you secure corporate data while respecting the privacy of employees?

The answer is actually hidden within the question. The emphasis should be on the securing of the data, rather than the device itself. 

Mobile application management (MAM) and application virtualisation technologies allow administrators to silo the private from the personal. MAM allows administrators access to specific applications, leaving the rest of the phone unaffected.

On paper, both MAM and virtualised environments provide an ideal solution to the quandary enterprises have found themselves in. However, when choosing a vendor or platform, it is worth remembering it is CoIT driving this shift.

It could be argued a solution that does not mirror the usability found at the consumer end of the market is not a solution at all.

On the other hand, containing corporate data and applications remains the most effective approach to balancing employee privacy with corporate responsibility in a BYOD environment.

Many MDM vendors have recognised the changing attitude towards mobile security and have started to incorporate MAM or virtualised environments into their offerings.

A mobile policy employees can believe in

Don’t listen to the naysayers proclaiming the death of BYOD and MDM; certainly don’t let them influence your plans to modernise your approach to enterprise mobility – both BYOD and MDM are here to stay – but rather than becoming fixated on device management, take a step back and address the bigger picture.

Entering into BYOD under the pretence you might save money is a mistake. BYOD is the by-product of a shifting attitude towards IT. Without getting out in front of this shift, employers will be opening the gates to the murky underworld of shadow IT. It is therefore crucial to address the issue head-on.

Instead of focusing on the total lockdown of devices (as with MDM), it is essential to adopt a more holistic mobile-management strategy, whether that is through containerisation methods, such as mobile application management, virtualised technologies or adopting an alternative approach such as COPE.

Regardless of which technology is used, the key is to develop a robust enterprise mobility policy that employees can believe in and trust. Gaining employee endorsement is by far the single largest challenge and, by creating a transparent policy that caters to both the individual and the business, the chances of successfully deploying BYOD are infinitely improved.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in February 2014

 

COMMENTS powered by Disqus  //  Commenting policy