BYOD (bring your own device) is up there with ‘big data’ as a contender for the most used-to-death IT buzzword of the past two years. With good reason: the trend has been an unstoppable force on the crest of the consumerisation wave, and one that companies have simply had to roll with.
But in 2014, BYOD is being rapidly rebranded as ‘bring your own disaster,’ with IT departments desperately grappling for solutions that will allow them to take back some degree of control over the mobile environment, hastily assembling a raft of MDM (mobile device management) tools. It has become obvious that the utopian ideal of BYOD is more myth than a practical reality for most firms. So has the BYOD wave broken?
A recent report by analyst firm Gartner categorically declared the end of the era of BYOD, stating, ‘There is no way for IT to assume full responsibility of securing and managing devices without ownership.’
As a result of all these security and compliance issues, a rash of new acronyms has sprung up, all vying to be the next trendy buzzword. Some companies are attempting a complete U-turn by introducing schemes such as ‘corporate-owned personally enabled’, or COPE.
Instead of making corporate functions work on personal devices, COPE is the opposite. The idea is that it lets employees have both personal and professional use of company devices. It gives the employee a choice of device from a selection of models, from which they are allowed to access both work and personal information, but the device remains corporate-owned.
This yields advantages that are reminiscent of the pre-BYOD days, before everyone became plugged into the matrix of constant connectivity and on-demand personal cloud on every device, without having the old-school connotations of a company handout where staff are limited in what they can use their phone for.
Because it owns the device, the company can wipe it or disallow access to the corporate network at any point. And organisations could potentially leverage the model to negotiate great deals with wireless and data vendors, instead of providing stipends or reimbursements for employees’ own devices.
A variation on COPE, ‘choose your own device’ (CYOD) lets employees choose from a limited selection of approved, corporate-liable device models with the levels of security and control that IT needs, but with the slight difference that the employee pays for the upfront cost of the hardware.
Both are approaches that embrace the consumerisation of IT in a controlled manner, but in the endless balancing act between giving employees the tools they’re happiest using – and are therefore more productive on – and making sure that those tools are work-appropriate, compliant and secure (as well as cost-effective), CYOD seems to tick a lot of boxes.
As Christian Toon, head of information risk at information management firm Iron Mountain, explains, ‘Employees shouldn’t have to bring in their own devices, or anything else for that matter, to fulfil the organisation’s job requirements. If the technology isn’t fit for purpose, look at adopting a choose-your-own-device approach that allows the selection of best-in-class technology instead.
‘You are still able to control and own these corporate devices, but without the risk of unknown devices accessing the network.’
With CYOD, users tend to appreciate being allowed to choose the device that they are most comfortable with. Recent research by IT services company Logicalis UK of 1,000 13-17 year olds – the next-generation workforce – found that 51% said they expect their employer to provide the devices but ‘I want to choose which ones’.
Another major plus point of CYOD is that IT can focus on supporting a limited number of platforms and devices, rather than trying to support as many as possible.
But when implementing a CYOD scheme, organisations need to look at application control and whether CYOD should permit employees to run non-business-related applications. This is a discussion in itself when you start to look into controlling employees’ personal social media apps on corporate-owned devices.
‘While CYOD makes managing the device easier, because they are corporate-owned, there is always the concern regarding how “personally enabled” they should be,’ says Simon Townsend, chief technologist in Europe at AppSense. ‘Will employees be able to tweet, install games or use their own applications? This highlights the importance of auditing, logging and analytics over and above the “control” that MDM has offered in the past.’
The app trap
If a critical app upgrade is not installed, warns Townsend, ‘it could render the desired benefits from CYOD obsolete.’
Certainly, many would argue that there needs to be a shift in focus away from standard MDM solutions and towards managing data and security at the app level.
As Forrester analyst Tyler Shield advises in his latest report, securing the enterprise mobile environment is ‘significantly more than just determining what phones you will support and how to upgrade devices and operating systems.’
And it should involve more than a few application vetting policies – a growing number of companies are opting for MAM (mobile application management) instead of MDM, since it enables IT to protect enterprise apps and corporate data throughout the mobile application lifecycle, from deployment to app signing to inspection for security flaws and malware.
‘Instead of applying mobile device management to lock down an employee’s device and enforcing a command-and-control approach to mobile management, MAM can be used to wipe enterprise mobile apps and corporate data remotely from a lost or stolen device or when an employee no longer works for a company, while leaving their personal apps and data alone,’ explains David Bennet, proposition manager, communications and collaboration at Logicalis.
But MDM and app enablement are essentially two sides of the same coin. This year, advancements in MAM tools and a consolidation of the market may play an important role in applying contextual policy and security around apps.
Cathal McGloin, CEO of mobile application platform vendor FeedHenry, believes that enterprise mobility is entering a new phase whereby more agile mobile application platforms steal the spotlight.
‘What we are starting to see is that, rather than being managed separately, MDM, app development and app distribution are linked by a common thread of data security: securing apps and devices and managing user policies through the same platform,’ he says.
‘As a result of this emerging requirement for single platform delivery, MDM and MAM vendors need to partner with next-generation mobile application platform providers.
Ripe for consolidation
Analyst firm Yankee Group predicts that the enterprise mobility market will consolidate, as organisations broaden their requirement for enterprise app development, on-premise and cloud-based deployment, app and device management, and security – all delivered by a single platform vendor.
We have already seen the beginning of this trend with the acquisition of Antenna Software by Pegasystems in November 2013 and IBM’s purchase of Fiberlink Communications. Most recently, VMware acquired MDM provider AirWatch in a deal worth $1.54 billion.
In his latest blog post, former IDC analyst Steve Drake commented on this shift towards MDM and MAM vendors partnering with mobile app platform providers to gain the scalability, flexibility and extensibility that is demanded by enterprises.
Wrote Drake, ‘To date most of the largest EMM (enterprise mobility management) deployments have been independent of a similarly large mobile application platform deployment and a roll-out of mobile apps…Similarly large EMM deployments were often the first step for an organisation to manage devices and control applications.
‘However, in 2014, given the market maturity, education and the technology advancement of more tightly coupled/best-of-breed offerings…we expect to see larger combined deployments of EMM and more advanced mobile app enablement.’
Going forward, these tools should enable organisations to take a truly holistic view, and not just manage devices but manage users, data and applications in one fell swoop, with the ability to deliver cloud and on-premise deployments, and remain compliant in verticals with strict regulation such as finance and healthcare.
So in the end it will matter far less which device an employee chooses to use, as companies will be able to manage apps from development to deployment and management of the app lifecycle regardless of the device.
‘This removes the need to restrict employees to a “white list” of devices that have been pre-approved by their IT department,’ says McGloin.
CYOD may be the first small step in acknowledging the power of consumerisation trends and employee mobility, but as David Appelbaum, senior vice president of marketing for Moka5, deftly puts it, ‘IT must start looking outside the traditional vendors to find solutions that can enable secure mobility, device choice, data consistency and agile management.’