The BYOD Revolution
Channel partners can turn the battle over enterprise mobile devices and apps into a win-win for employees and enterprises.
June 24, 2012
By Khali Henderson
Not since the Casual Friday Rebellion of the ’70s have corporate policies been flouted with such fervor as with the recent Bring Your Own Device Revolution. Employees want their iPhones and iPads. (Yes, there other devices like Android, but most accounts lay blame for the revolt at the feet of Jobs, et al, whose groundbreaking designs incited a level of fanaticism not experienced by electronic appliances in the past.) And, if that weren’t enough, their ballsy insurrection has spread beyond consumer devices to use of unsanctioned consumer apps.
“As devices come in, apps inevitably follow,” said Ojas Rege, vice president of strategy for MobileIron, a provider of mobile device management solutions. “We are seeing an explosion of apps in the workplace that we call the ‘Enterprise AppStorm’ and in the next 12-18 months every [Global 200] company is going to have hundreds of apps being used by thousands of users. The challenge for IT is having visibility into what non-corporate sanctioned apps are doing.”
They also want unfettered use of SMS, high-speed data and location-based services, said Josh Liption CTO of Advantix Solutions Group, a provider of managed wireless services. “They want no restriction on what they are doing. They want to use that phone however they want,” he said, adding that they also want “immediate access to support and problem resolution.”
Unlike the threat of an offending T-shirt or wardrobe malfunction, the risks from BYOD and, now, BYOA are significant. Exposing the corporate network to malware, losing control of sensitive company data, taxing corporate bandwidth and burdening understaffed IT departments are a few of the big ones. The knee-jerk reaction is to just say no. Businesses, after all, are rarely democracies. In fact, that is not what’s happening.
A study published in mid-May by Cisco said 95 percent of businesses permit employee devices on their network to some level or another. InformationWeek said it’s 90 percent. ZK Research said it’s 82 percent. Either way, it’s a lot. All of the tenacious (or clueless) road warriors and cubicle rebels out there can take credit for the success of “Operation: Going Rogue.” Realistically, it’s hard to stop employees from bringing their own devices and applications en masse, so companies realizing there are some potential upsides are looking for ways to manage its downsides. This involves a lot of policies and processes and a few technologies. That’s where channel partners come in.
“Channel partners can help organizations define BYOD policies and implement a workflow for enabling and managing employee-owned devices,” said Robert Fenstermacher, director of product and solutions marketing for Aruba Networks. “Then a channel partner can help with implementing technology to onboard new devices and finally enforce policy on those devices.”
Christopher Jones, executive director – marketing management for AT&T Small Business and Alternate Channels, agreed. “The most resourceful solutions providers and VARs have realized the trend and are making themselves experts in it,” he said. “In the lower end of the small business space, companies many not have a dedicated IT staff that can handle the implementation of a BYOD strategy across the organization. This is a great place for solutions providers and VARs to deploy a professional services model to help these businesses implement successfully.”
UPSIDES OF BYOD/A
Clearly, the option to choose their devices and applications gives employees a sense of empowerment over how they work. The spillover effect from this tolerant approach is believed to be improved productivity. A May 2012 survey of 2,000 IT users and IT managers commissioned by BT found that 64 percent of IT managers think BYOD will enable employees to be more productive; 42 percent of employees said the same.
Research from Cisco, also issued in May 2012, found similar results: 76 percent of IT leaders found BYOD somewhat or extremely positive for their companies, with the top two perceived benefits being improved employee productivity and greater job satisfaction.
“Recent research has found that companies who allow BYOD have a higher employee satisfaction and retention rate,” said AT&T’s Jones. “One poll even found that 45 percent of employees would accept a lower paying job if they could have the device of their choice.”
“There is a strong feel-good cultural factor,” said Fenstermacher. “Allowing people to use their own device is the equivalent of letting people bring their dog to work. Except a dog can’t video conference on the fly, provide immediate access to relevant business data and deliver email to the employee in the train.”
Employees’ priorities in the Cisco survey were “device choice,” followed by the ability to perform personal activities as work and work activities during personal time. Significantly, 69 percent of respondents want to bring their own apps, especially social media, cloud email and IM. And, workers are willing to pay for the privilege. Cisco employees, for example, spend $600 more on average to use their own device(s) at work.
That brings us to the subject of cost. The assumption that implementing a formal BYOD policy is going to eliminate costs and save the company money is appealing but inaccurate. The costs are merely shifted away from buying the devices and service plans to buying and supporting the management solutions. Plus there’s an expanded help desk requirement and reimbursement for corporate usage, but not at the discounted rates typical of corporate-liable high-volume service plans. “Unless you can get away with paying nothing for everything, you are going to end up spending money,” said Advantix’s Lipton. A study by Aberdeen put the total cost of BYOD plans at $100 per device vs. $80 for corporate-liable due to managing reimbursement.
Still, some contend it can be less costly. “[BYOD] is a much cheaper option for businesses rather than purchasing devices and service plans for their employees,” said Geoff Yearack, vice president of operations for master agency Telecom Brokerage Inc. (TBI) “It is likely that employees already have personal devices with services plans, which when coupled with the right [mobile device management] program can be appropriately managed for a small fee per month.”
DOWNSIDES OF BYOD/A
As alluded to earlier, the downsides of employees bringing their own devices and applications to the workplace are many, but perhaps the most disconcerting (and illustrative of the challenge) is that employees are clueless about them. One in three sees “no risk” in using their own devices at work and only one in four recognize the significant threat they pose to the company, according to BT’s survey.
If businesses were to educate employees about their concerns, the major ones would be:
Security. Each wireless device brings with it the risk of malware and viruses that could damage or disrupt the corporate network.
Data Privacy. The risks of exposing sensitive company data or violating regulatory rules about customer data privacy are increased when employees access databases from a mobile device or copy that data to non-corporate applications they’ve downloaded to their device or use in the cloud. “Protecting valuable corporate data stored in cloud-based consumer apps is as much a challenge for IT chiefs as securing data on consumer devices,” said TBI’s Yearack.
IT Support. As employees bring in their own devices and applications, the number of platforms (BlackBerry, iOS, Android variants, Windows Mobile, etc.)and models as well as applications that the IT department must support can grow exponentially and dynamically. ZK Research found of the 82 percent of companies allowing consumer devices on their network, only 20 percent provided full IT support and 39 percent provided limited support (see graph, “Company Attitudes on Use of Consumer Technologies”).
Network Capacity. Cisco’s study found the average knowledge worker today carriers 2.8 devices. Many of these are capable of processing high-quality, real-time applications such as high-definition video, which require QoS standards most enterprise networks were not designed to handle.
Cost control. Tracking business usage on employees’ personal devices is a challenge. Plus SMS, overages on data plans and international calling can be costly.
POLICIES FOR BYOD/A
To address the myriad downsides and, hopefully, realize the upsides of a BYOD/A, it is critical to establish a formal policy. This literally is a document that spells out company and employee responsibilities as they relate to the mobile work environment and should be agreed to by the employee before their personal devices are given access to corporate networks/data. The policy statement will vary somewhat by business based on their industry/tolerances and possibly by employee based on their role/title, but it should address a few key areas:
Device Selection. Particularly given the hundreds of Android OS variants, it is unrealistic for a business to be able to support every device, so policies usually will specify a range of supported devices. “BYOD is actually becoming CYOD, or choose your own device,” said MobileIron’s Rege. Giving employees a selection of devices to choose from makes them “feel part of the solution yet the company IT department isn’t overwhelmed with too many platforms to proactively manage,” added Todd Fritz, president of Intelligent Wireless Management, dba InteleConnect.
Support Access. Companies should define the scope of their help desk support, e.g., they will not support problems with personal use applications, such as games and music.
Application Access. Businesses need to specify what corporate applications, e.g.. email, word processing, spreadsheets, and how the company will treat non-corporate applications that the employees download to their personal devices. If restrictions on applications are made, the reasons should be clearly stated. “When it comes to BYOA, IT needs to keep the bad apps out,” said Rege. “That means that they need to know what apps are on a device and what permissions they have in terms of their ability to access corporate data.”
Device Security. The policy should describe the security requirements, e.g., personal firewall or encryption, required to be used on personal devices accessing the corporate network or data.
Network Access. Companies must specify the means by which a personal device can access the corporate network, e.g., a secure VPN, as well as permissions for different roles, e.g., employees, contractors and guests.
Privacy. Companies need to inform employees of what data/activity, e.g., usage, location, they will monitor on employee devices. For example, MobileIron noted, IT might need to track app inventory on the personal device in order to protect against rogue apps that might compromise enterprise data.
Reimbursement. Typically users are reimbursed for corporate use of their devices. This may be a fixed monthly stipend or it might be usage-based. What about SMS, data plan overages and international calling? What happens if the device is broken or lost who picks up with cost of replacement or repairs? Those policies need to be defined and shared with employees.
Enforcement. Companies need to explain what will happen when policies are compromised and how employees will be notified that their actions are out of compliance. For example, if a device is lost or stolen, a company may initiate a remote wipe/lock.
Check with your MDM vendor for sample policies or you can buy a BYOD Access and Use Policy template from Janco Associates. It addresses the issues associated with sensitive data on personal devices, how they are backed up, secured and destroyed when needed. In addition the policy addresses what to do when an employee leaves, either voluntarily or involuntarily. An added feature is an electronic Access and Use Agreement that addresses all of the legal issues that arise out of the access of employee data by an employer. The template costs $185, but Channel Partners readers can get 10 percent off with this code: vpico. The discount is available until Aug. 31, 2012.
PROCESS FOR BYOD/A
Organizations need to establish workflow for supporting their BYOD/A environment. Aruba’s Fenstermacher said that involves four steps, preferably without the involvement of IT staff:
Getting devices onto the network securely
Invoking security and access policies based on user device and location
Controlling apps when a user connects to the corporate network
Enforcing policies over wired, wireless and remote networks
Mobile Device Management and Mobile Application Management solutions are emerging to automate some of these functions, but they are not a panacea.
“MDM has a powerful place in the stack of managing mobile devices,” said Advantix’s Lipton. “But, all MDM is is technology. It doesn’t give you time. It doesn’t give you expertise. It doesn’t give you resources.” It also doesn’t provide help desk services for mobile devices and apps.
All of those things require people. This presents an opportunity for channel partners to offer professional and/or managed services to fill the gaps left by technology alone. Partners who are not skilled in these areas also can look to outsourcers like Advantix for these services.
TECHNOLOGIES FOR BYOD/A
There are several technologies that channel partners can use to assist customers in implementing an effective BYOD/A environment. Here are a few of the primary ones:
Access Management. These solutions provide several key functions, including self-service onboarding, authentication and revocation of access, device identification, and controlled access and remediation for compromised devices. A solution also should provide consistent management and enforcement across multivendor wireless, wired and virtual private networks as well as reporting. Examples include Aruba Network’s ClearPass and Entrasys’ Identity and Access Manager.
Mobile Device Management. MDM describes solutions for managing mobile devices as well as a range of operating systems and their respective applications. In addition to access management, the primary functions include:
Software Distribution managing and supporting mobile applications, including deployment, installation, updating, deletion and blocking
Policy Management controlling and operating an enterprise mobile policy
Inventory Management accounting for all devices on the network plus provisioning and support
Security Management enforcing standard device security, authentication and encryption
Most MDM solutions rely on server-side software, which acts as a central hub for mobile device communication with other services within the corporate network. There are a number of MDM software vendors, including MobileIron, AirWatch, Good Technology and more.
According to Gartner, the costs for an MDM solution can run $8 to $10 per device per month.
Enterprise App Store. An alternative to MDM for managing and deploying third-party as well as enterprise applications is the Enterprise App Store. Not unlike a consumer app store, this closed environment includes a catalog and rating of applications employees can use, the ability to download to devices with supported operating systems and the ability to push over-the-air updates. It also can inventory applications on a device and block or wipe unapproved apps.
According to Ovum, there are two defining aspects of the enterprise app store the process of finding the right app must be easy and the range of apps available must make it likely that the most appropriate app will be available. “If the enterprise app store is not easy and convenient, the employ or the departmental manager will inevitably go back to procuring software with the corporate credit card,” noted analyst Somak Roy, senior analyst with Ovum IT.
Productivity, contact management, salesforce automation, collaboration, file storage, expense management, time tracking and project management are the most likely software for employees to source on their own, Ovum said.
According to Gartner, the costs for an enterprise app store are lower than MDM at $2 to $3 per month, but do not include all the management features. While Gartner said MDM vendors like MobileIron and Tangoe are adding app store functions, some of the standalone suppliers include AppCentral, Nukona and PartnerPedia.
Virtual Desktop. Another way of addressing the applications issue is by implementing virtual desktops, where all programs and data remain on a centralized virtual server and are accessed remotely from a smart device.This allows users to run an operating system and execute applications from a smartphone or thin client which exceeds the user hardware’s ability to run. Examples include Cisco’s VXI Smart Solution and Citrix VDI-in-a-Box.
Cloud Services. While employees sharing documents in the public cloud via Dropbox or Good Docs represents a security risk, an enterprise private cloud can provide the centralized security needed for mobile access to corporate applications. In a similar fashion to VDI, a third-party provider can host users’ desktops for remote access to applications.
MORE INFORMATION
Hear more about strategies for BYOD in the two-hour session, “Gearing Up for the BYOD/BYOA Revolution,” at the Channel Partners Conference & Expo, Sept. 12-14, in Orlando.
Read more about:
AgentsYou May Also Like