Everyone I speak to these days is asking me to talk to them about BYOD (Bring your Own Device) and how it impacts on corporate networks and CIO’s decision making processes.
What to me is the most interesting thing is that from any surfing around and looking for comments on the Internet, you’ll find two very distinct schools of thought have evolved and they seem to be pretty equally balanced.
The first school centres on the fact that BYOD introduces risk and complexity to organizations. This is because there is no common authentication, security and management across all devices and CIO’s feel they simply don’t have enough control.
The second looks rather to the positives that BYOD brings to the table. Things like allowing users to offset budget constraints through personal purchasing, enabling users to solve their own problems or simply taking advantage of all the additional options that BYOD brings.
The problem with technology choices like this is that they can be fairly emotional.
Emotional? In a corporate enterprise?
Yes, emotional. Most of us work in environments where there is an established status quo. Things have worked the way they have worked for some time and it is fairly rare that a new way of doing things makes its way into the corporate fabric wholesale. This is because we humans are change resistant; we avoid it like the plague. We don’t want to have anything impact on the predictability that we have managed to work into our daily routines.
Both BYOD schools of thought are (I believe) emotional responses to a technology headache/salve (depending on your view point) that has been around for a very long time and has vastly different ramifications in different geographies around the world.
Take for instance countries like South Africa, where it is not the norm to be provided with a company mobile. Sure, companies pay their staff for work related usage or they provide an allowance, but in most cases it is a system that relies on the user having a mobile device to begin with. In that economy, CIO’s and IT Managers have been dealing with user choices in device purchases for many years and they have simply been getting on with it because it is not a scary new thing for them to contemplate.
In the United Kingdom, a large number of people walk around with multiple devices, one for our personal use and one for work. We segregate our communications this way because we don’t want to tell everyone we know that our number has changed every time we move jobs - a problem that doesn’t exist for our South African counterparts as they take their numbers with them. Because workers have been provided with corporate communications as a standard for so many organizations for so long, CIO’s and IT managers have invested and understood how to best manage the risks and control the environment for their situation. Understandably they are now loath to change their stance and allow a whole new set of unknown challenges to enter their organizations.
Many folks are focussing their thoughts on BYOD on the influx of new devices into consumers hands. They believe because the new devices do more, expose more functionality, can carry more data, they are where the BYOD drive is coming from.
I don’t believe it is. Sure, it is an enabler, but if your users had nothing of yours that they wanted to connect to from these devices, there would be no real problem would there?
An interesting change has been introduced into this age old topic and that is the introduction of corporate sanctioned cloud-based services…
Where a company has placed trust in a cloud service provider, they have also opened up a world of possibility for their user base to interact DIRECTLY with that cloud service. Sure, we want our users to interact with the services that we provide to our organizations but we want them to do it on our terms.
Always a classic example for me is Salesforce, the poster child for SaaS. There are apps available for every mobile platform and all you need to install them is have an account. There is no permission necessary from your employer (caveat – I don’t know this to be true across all Salesforce related apps, this is an assumption based on what I have seen to date), you simply download and install, use your Salesforce credentials and start processing.
It is this lack of control over which devices and how (and indeed where) they authenticate that makes BYOD in the world of Cloud so much more interesting than bringing your own Parker pen to the office in 1989…
Take Microsoft Exchange and iPhone… If you connect your iPhone to the corporate Exchange server you are forced into having your phone have a pin lock so that you can’t let others view corporate sensitive data when you leave your phone at the bar when you take a well-earned comfort break.
Sure, remote wipe exists, but even that base level pin lock is enough to let corporates feel a little more comfortable that their security concerns are noted and at least partially actionable.
Cloud vendors will soon be following Mimecast’s example and writing their apps to ensure that not only are corporate applications locked down to centrally governed standards, but also that authentication mechanisms will not be run in isolation and will in fact be tightly integrated into existing active directory systems.
So with all of these thoughts bandying about inside my head, my talks about BYOD usually conclude with me saying that it actually impacts CIO’s far less than many would have them believe as there have been elements of this happening in corporate networks for a long time. The CIO’s decision making process is, however, being affected a little more because they are now being made aware early on about the potential to expose services through devices outside of their control.
How a vendor or service provider handles this could well be the point on which a choice between two vendors is made…