Bring-your-own-device: take a strategic view
Bring-your-own-device: take a strategic view
Employees don't always want what they are given, maybe because what they are offered may lack personality or functionality. This desire for something more personalized has fuelled the consumerization of IT. Most large companies have now embraced a bring-your-own-device (BYOD) policy which allows employees to use their own smartphones and other mobile devices at work.
The problem that some companies are now facing, warns analyst The Aberdeen Group, is that a poorly implemented BYOD policy can result in a significant rise in overall IT costs and security breaches. So how do you strike the right balance between what's good for the employee and what's good for the company?
Bring your own device really started to make an impact in 2008. In January 2008, the Aberdeen Group found that just 10% of organizations allowed their employees to use their own mobile device for work. By December 2008 this had increased to 40%. Although this trend started first in North America, by July 2011 a staggering 75% of large organizations had a BYOD policy.
The worldwide survey carried out by Aberdeen found that just 25% did not allow any personal mobile devices for business use, with 24% allowing approved devices only and 51% allowing any device. However, Aberdeen warns that a laissez-faire strategy will just store up problems for organizations in the future.
The Aberdeen Group defines three performance levels of organizations in the adoption of BYOD, namely best-in-class, average and laggard. Best-in-class organizations are the top 20% and laggards are the bottom 30%. It ranks them based on three factors:
- the proportion of employees that have secure remote mobile access to the company network
- the percentage of lost or stolen devices not recovered or wiped
- and the improvement in the organization's decision making
"The organizations allowing any device are displaying laggard behavior," said Andrew Borg, Senior Research Analyst, Wireless & mobility, Aberdeen Group. "They are looking at BYOD tactically rather than strategically and want to cut costs by moving hardware costs to the employees. However they are just deferring costs to the future by creating a incompliant, insecure corporate data environment."
Helpdesk costs can spiral upwards as the support team struggles to deal with a plethora of devices and configurations, while employees will want their telephony costs reimbursed through their expenses claim form. This creates a further burden on the back office while also depriving the organization from the benefits of group purchasing of airtime contracts.
By limiting the number of devices to an approved range, organizations are able to equip the helpdesk with the right information to offer support, which means that calls will be shorter. In addition because they are the employees' own device, they know how to use them, so there will actually be fewer calls to the helpdesk in the first place.
Email is the first application that organizations look to offer on employees' own devices. And for many laggard organizations, this will be as far as they go. Although email is reasonably easy to implement across the mobile estate, it can also create some serious security risks. "Even well managed corporate email comes with an explicit vulnerability in the form of attachments, which represent major potential for data loss," warns Aberdeen's Borg.
One of the most important tools at the IT department's disposal to prevent data loss is remote lock and wipe. The Aberdeen Group found that 69% of best-in-class organizations had this capability compared to 33% for laggards. This reflected directly on how many lost or stolen devices they recovered. Only 6% of devices remained lost for best-in-class, compared to an alarming 78% for laggards.
Interestingly, even best-in-class organizations were lax in their remote lock and wipe capabilities for their tablet estate, with only 37% offering this capability. Borg suggests that this could be a consequence of the staggeringly fast adoption of tablets in the enterprise. "The iPhone was considered quickly adopted in the enterprise. But it took three years for iPhone penetration to reach 50%," he explained. "The iPad reached the same penetration in less than six months!"
For organizations looking to adopt BYOD safely, the Aberdeen Group has the following five recommendations:
- start with mobile device management
This will allow organizations to centrally manage their entire mobile estate over the air (OTA), including employee owned devices. They will be able to configure, lock and wipe all of them. Aberdeen recommends that organizations then move from this capability to lifecycle-based enterprise mobile management (EMM) tools.
- don't forget to secure tablets
In many cases tablets will have even more confidential information on them that smartphones, so it is essential to incorporate them in the same strategy.
- place the IT department in charge
Mobile devices need to be managed under IT service management principles (ITSM) under the auspices of the IT department.
- design and enforce a policy
Having a policy on mobile devices - such as which mobile devices are banned from the network or preventing confidential attachments from being sent - is not enough, the IT department must be able to enforce its compliance. This will need to be automated for effective enforcement.
- create an inventory of all devices
Store fingerprints of the all devices on the network and allow users to have more than device.
Orange Business Services offers extensive managed mobile device management (MDM) and enterprise mobile management (EMM) capabilities. Go to http://www.orange-business.com/en/mnc2/themes/mobility/index.html for more information.